VPC Peering or Transit Gateway?
There are two different approaches to connect multiple VPCs. One option is to use VPC Peering. Creating a peering connection is simple: the owner of VPC A creates a peering request, and the owner of VPC B accepts the peering request. After the virtual peering is in place, all you need to do is to update the routing tables.
However, you need to set up a VPC Peering between every VPC. Therefore, the number of VPC Peering grows exponentially with the number of VPCs that you need to connect.
Since 2018, there is a second option to enable communication between networks: AWS Transit Gateway. First and foremost, Transit Gateway acts as a gateway connecting up to 5.000 networks. After attaching a VPC to a Transit Gateway, you need to update the routing tables of your subnets as well. Additionally, defining custom route tables to configure the routing within the Transit Gateway is possible as well.
At first, it looks like choosing Transit Gateway over VPC Peering is always a good idea. But that’s no longer true when having a look at the pricing.
A pricing example:
- Connect 4 VPCs with each other
- 2 VPCs connected with the on-premises network via VPN
- 1,000 GB traffic between VPCs
- 500 GB outgoing traffic via VPN
So using Transit Gateway doubles monthly costs for your networking infrastructure. Let’s have a look at the pricing details.
- Attaching a VPC to a Transit Gateway costs $36.00 per month.
- A VPN connection costs $36.00 per month.
- Traffic costs are the same for VPC Peering and Transit Gateway.
The baseline costs for a Site-to-Site VPN connect are $36.00 per month. The same is valid for attaching a VPC to a Transit Gateway. As long as you don’t need more than one VPN connection per VPC, you are better off with VPC Peering from a pricing perspective. Keep in mind that I haven’t taken the complexity for managing VPN connections and providing the on-premises hardware into account here.