A Transit Gateway is a Network Gateway that can be used to significantly reduce Network Complexity. As the name suggests, it supports transitive routing thus overcoming the limitation and complexity of VPC Peering. It can also be connected to Site-to-Site VPN and Direct Connect as attachments.
Let's try to build a network Architecture with 4 VPC without the Transit Gateway. This will give us a glimpse of the complexity and admin overhead involved in this design, and then I will do a redesign of the same architecture with Transit Gateway.
Let's assume that you have 4 VPCs and you want all the VPCs to talk to each other. So you need 6 VPC Peering Connection, not 4, as Transitive routing is not supported in VPC Peering.
Now let's add a bit more Complexity to this architecture. Assume that You also have an On-Prem Location (Corporate Office) and you want to connect that to all the VPCs. To achieve this, we have to establish a VPN Site-to-Site Connection between On-Prem and AWS. Each VPC will get connected to the On-Prem by VPN Site-to-Site Connection with two tunnels from the AWS side for High Availability. Below is the architecture change with Corporate Office.
This Solution is highly available from the AWS side as we have two tunnels from each VPC connecting to On-Prem Location. But there is a single point of Failure at the On-Prem with only one Customer Router, and if that router fails, then the entire architecture will fail, to solve this we have to add one more Customer router at the On-Prem Location which will add more complexity to the existing architecture. Below is the architecture change with another Customer Router in place to avoid the single point of failure on the customer side.
Now think of the complexity when you have another Customer location or VPC to add to this architecture. It just gets too complicated and scales really badly. To Solve this, we have to use Transit Gateway. With Transit Gateway in place, each of the Site-to-Site VPN Connection doesn't have to end at individual VPC, rather it can terminate at the Transit Gateway itself reducing the no of VPN tunnels needed to achieve the same from 16 to 4, a significant reduction in overhead and complexity. Below is the Simplified Architecture with Transit Gateway in place. If you have more VPC to add, you can just attach it as an attachment to the Transit Gateway and it will take care of the Transitive Routing. Similarly, if you have more corporate offices in near future to add to this architecture, you can add easily by terminating the VPN Connection at the Transit Gateway itself, by doing so, even if you have created more VPCs at the AWS Side, your On-Prem location will still be able to communicate with the new VPCs without any need of creating any individual Site-to-Site VPN tunnels (to VPCs), as long as those VPCs are attached to the Transit Gateway.
We can even further enhance the Architecture by peering the Transit Gateway with another One, Cross Region Same/Different Account, allowing you to create some really highly available architecture. Transit Gateway is also capable to work with Direct Connect. Below is the final architecture reference.
Hope this blog will help you to get a brief idea about the Transit Gateway and the simplicity it brings to network architectures. You can read more about the Transit Gateway https://aws.amazon.com/transit-gateway/.
P.S: I have used the image from https://learn.cantrill.io. Do Check out his Courses on AWS.