# Automate setting up and managing your transit networks with AWS Transit Gateway Solution overview The Network Orchestration for AWS Transit Gateway solution automates the process of setting up and managing transit networks in multi-account AWS environments. The solution creates a web user interface (UI) to help you control, audit, and approve or reject transit network changes. This solution supports both [AWS Organizations](https://aws.amazon.com/organizations/) and standalone AWS accounts, and you can use the solution to visualize your transit network across multiple AWS Regions. You can use this solution with the default deployment template or customize it to meet your specific use case. You can use [AWS Transit Gateway](https://aws.amazon.com/transit-gateway/) to attach [Amazon Virtual Private Clouds](https://aws.amazon.com/vpc/) (Amazon VPCs) in the same AWS Region, and to route traffic between them. With this solution, you can connect your VPCs across multiple accounts by tagging the VPCs. It also connects your transit gateway across multiple AWS Regions by tagging the transit gateway. You can set rules to automatically approve or reject, or manually approve, the network changes. This implementation guide provides an overview of the Network Orchestration for AWS Transit Gateway solution, its reference architecture and components, considerations for planning the deployment, and configuration steps for deploying the solution to the Amazon Web Services (AWS) Cloud. The intended audience for implementing this solution in their environment includes solution architects, networking professionals, business decision makers and cloud professionals. To deploy and use this solution, you should have an understanding of Amazon VPC, route tables, subnets, transit gateways, and network protocols. For additional training about these topics, see [AWS Networking Basics](https://explore.skillbuilder.aws/learn/course/external/view/elearning/12439/aws-networking-basics), [Understanding AWS Networking Gateways](https://explore.skillbuilder.aws/learn/course/internal/view/elearning/1377/understanding-aws-networking-gateways), and [Advanced Architecting on AWS](https://explore.skillbuilder.aws/learn/course/internal/view/elearning/3214/advanced-architecting-on-aws-amazon). Use this navigation table to quickly find answers to these questions: | If you want to …​ | Read …​ | | --- | --- | | Know the cost for running this solution. The estimated cost for running this solution in the US East (N. Virginia) Region is USD \$185.22 per month. | [Cost](cost.md) | | Understand the security considerations for this solution. | [Security](security.md) | | Know how to plan for quotas for this solution. | [Quotas](quotas.md) | | Know the supported AWS Regions for this solution. | [Supported AWS Regions](plan-your-deployment.md#supported-aws-regions) | | View or download the AWS CloudFormation template included in this solution to automatically deploy the infrastructure resources (the "stack") for this solution. | [AWS CloudFormation template](aws-cloudformation-templates.md) | | Access the source code and optionally use the AWS Cloud Development Kit (AWS CDK) to deploy the solution. | [GitHub repository](https://github.com/aws-solutions/network-orchestration-for-aws-transit-gateway) | # Features and benefits This solution provides the following features: **Cross-account and cross-Region integration** This solution helps you automate the management of your networks across multiple AWS accounts and AWS Regions (through inter-Region peering). This helps reduce the time that you need to configure connectivity through your AWS environment. **Change management** For critical and sensitive environments, you can enable manual approval workflows through the web UI to accept or reject connectivity requests between your environments. **Tracking and auditing** Use the web UI to track or audit changes to your network environment, and to review approved or rejected requests. **Compliance** Use rules to automatically accept or reject network changes based on the organizational unit. For more information about approvals, see the [Automated approval](automated-approval.md) and [Manual approval](manual-approval.md) workflows. # Use cases **Network connectivity** To meet your workloads' requirements, this solution helps you attach VPCs with Transit Gateway by tagging the VPCs and subnets across multiple accounts. Based on the VPC and subnet tags, the solution automatically updates the subnet’s associated route table with default routes to the transit gateway. It also creates association and enables propagation in the transit gateway route tables. To connect your network across AWS Regions, this solution can create inter-Region transit gateway peering attachments. # Concepts and definitions This section describes key concepts and defines terminology specific to this solution. **application** A logical group of AWS resources that you want to operate as a unit. **attachment** Connection from a resource to a transit gateway. For this solution, you can attach one or more VPCs to the transit gateway. **CloudFormation stack** Provisions the resources that are described in the templates. **CloudFormation template** Specifies the AWS resources included in this solution and their properties. **hub account** Central account where the solution is deployed and manages your central transit gateway. This is typically your network account. **network account** The networking account serves as the central hub for your network on AWS. You can manage your networking resources and route traffic between accounts in your environment, your on-premises, and egress/ingress traffic to the internet. **route table** A set of routing rules that controls the traffic leaving any subnet that’s associated with the route table. This includes dynamic and static routes that decide the next hop based on the destination IP address of the packet. **state machine** A workflow for [AWS Step Functions](https://aws.amazon.com/step-functions/). **Note** For a general reference of AWS terms, see the [AWS Glossary](https://docs.aws.amazon.com/general/latest/gr/glos-chap.html).