Network Orchestration (Transit Gateway)¶
AWS Network Orchestration via Transit Gateway provides a hub-and-spoke architecture for connecting multiple VPCs and on-premises networks. The solution simplifies network management, enforces routing policies, and enables seamless connectivity across organizational boundaries.
Authoritative reference: Network Orchestration with AWS Transit Gateway
How runbooks Implements Network Orchestration¶
The runbooks vpc group provides Transit Gateway discovery, validation, and topology analysis:
vpc Command Group (Transit Gateway Focus)¶
| Command | Capability | Purpose |
|---|---|---|
runbooks vpc tgw-validate |
TGW attachment audit | Verify all Transit Gateway attachments (VPCs, VPNs) are configured correctly and monitored |
runbooks vpc tgw-optimizer |
Routing analysis | Analyze TGW route tables and suggest optimization (reduce overlapping routes, consolidate rules) |
runbooks vpc tgw-report |
Topology visualization | Generate Transit Gateway topology diagram showing all connected VPCs, subnets, and routing relationships |
runbooks vpc transit-gateway-manager |
TGW state management | Query Transit Gateway attachment state, CIDR compliance, and bandwidth utilization |
runbooks vpc orchestrator |
Multi-account setup | Provision Transit Gateway attachments across organization accounts with validation |
Code Paths¶
- TGW validator:
runbooks/src/runbooks/vpc/tgw_validator.py - Routing optimizer:
runbooks/src/runbooks/vpc/tgw_optimizer.py - Transit Gateway manager:
runbooks/src/runbooks/vpc/transit_gateway_manager.py - Orchestration engine:
runbooks/src/runbooks/vpc/tgw_orchestrator.py
See the vpc CLI Reference for complete command documentation.
Quality Gate¶
Transit Gateway topology discovery speed: <30 seconds for organizations with ≤50 accounts
Enumerating all Transit Gateway attachments, route tables, and VPC associations must complete within 30 seconds to support real-time CMDB synchronization and network compliance dashboards.
Measured via: runbooks vpc tgw-report --profile $AWS_OPERATIONS_PROFILE --time-limit 30s — generates full topology diagram for multi-account organization with timeout enforcement.
Related Solutions¶
- Landing Zone Accelerator — Transit Gateway is the recommended network fabric for LZA organizations (landing-zone-accelerator.md)
- Workload Discovery — VPC topology data enhances application-to-infrastructure mapping (workload-discovery.md)
- Account Assessment — account inventory provides the account list for TGW attachment enumeration (account-assessment.md)
Last checked¶
2026-05-21 — Network Orchestration URL verified live (HTTP 200)