By using AWS re:Post, you agree to the Terms of Use
/Multi Account Connectivity using PrivateLink and/or Transit Gateway along with Direct Connect/

Multi Account Connectivity using PrivateLink and/or Transit Gateway along with Direct Connect

0

One of my customer want to connect with their customers in the following scenarios:-

Scenario with their Customer A

Their Customer A has a Direct Connect and they need to get connectivity to private APIs that are in their Customer A's on premise data center. I think they can use PrivateLink. Need confirmation/validation and also things to watch out for (things that might not be supported etc.). https://aws.amazon.com/blogs/aws/aws-privatelink-update-vpc-endpoints-for-your-own-applications-services/

Scenario with their Customer B

Their Customer B has a Direct Connect and wants to leverage Transit Gateway with multiple VPC to achieve something similar. Again need validation if this approach works and things to watch out for. https://aws.amazon.com/blogs/aws/use-aws-transit-gateway-direct-connect-to-centralize-and-streamline-your-network-connectivity/

Also, what should be our recommended option or pros and cons of the two solutions.

1 Answers
0
Accepted Answer

Both approaches are valid. Couple of things comes to mind:

  • Customer A should make sure they have redundancy in Direct Connect connections or at least have a backup path configured via VPN.
  • Direct Connect does not auto-scale in terms of bandwidth so it will be good if they keep "Acceptance Required" setting on the service so they know how much load may be coming from it's customers.
  • For Customer B, it should work as Transit Gateway is just a means to reach on-premises DC. You get additional benefit of using ECMP with VPN if you want to scale beyond 1.25Gbps (VGW limit). The idea of redundancy still holds good. Two different transit interfaces to different DX connections should be recommended.
  • Using TGW for accessing Private APIs use case is a overkill though. If the intent is only to access Private APIs in on-premises DC then PrivateLink is a better approach. There is more management overhead with TGW, attaching VPCs, routing, likewise.
EXPERT
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions