AdministrationNetworkingConnect to data servicesAWS Private Networking Options

AWS Networking: Transit Gateways

This connection option is only available for dedicated Astro clusters.

Use AWS Transit Gateway to connect one or more Astro clusters to other VPCs, AWS accounts, and on-premises networks supported by your organization.

AWS Transit Gateway is an alternative to VPC Peering on AWS. Instead of having to establish a direct connection between two VPCs, you can attach over 5,000 networks to a central transit gateway that has a single VPN connection to your corporate network.

While it can be more costly, AWS Transit Gateway requires less configuration and is often recommended for organizations connecting a larger number of VPCs. For more information, see AWS Transit Gateway.

AWS Transit Gateway doesn’t provide built-in support for DNS resolution. If you need DNS integration, Astronomer recommends that you use the Route 53 Resolver service. For assistance integrating the Route 53 Resolver service with your Astronomer VPC, contact Astronomer support.

If your transit gateway is in a different region than your Astro cluster, contact Astronomer support. Astronomer support can create a new transit gateway in your AWS account for Astro and set up a cross-region peering attachment with your existing transit gateway.

If Astronomer creates a new transit gateway in your AWS account for Astro, keep in mind that your organization will incur additional AWS charges for the new transit gateway as well as the inter-region transfer costs.

Prerequisites

  • An Astro cluster
  • An existing transit gateway in the same region as your Astro cluster
  • Permission to share resources using AWS Resource Access Manager (RAM)

Setup

  1. To retrieve your cluster’s AWS account ID on Astro, contact Astronomer support.

  2. In your AWS console, copy the ID of your existing transit gateway (TGW).

  3. Create a resource share in AWS RAM and share the TGW with your cluster’s Astro AWS account.

  4. Contact Astronomer support and provide the following information:

    • Your Astro cluster ID.
    • Your TGW ID from Step 2.
    • The CIDR block for the external VPC or on-premises network that you want to connect your Astro cluster with.

    Astronomer support approves the resource sharing request, attaches the Astro private subnets to your transit gateway, and creates routes in the Astro route tables to your transit gateway for each of the CIDR provided. Astronomer support notifies you about the process completion and provides you with the Astro CIDRs.

  5. After you receive the confirmation from Astronomer support, use the Astro CIDRs to create back routes from your transit gateway to the Astro VPC.

  6. Contact Astronomer support to confirm that you have created the static route. Astronomer support then tests the connection and confirm.

  7. (Optional) Repeat the steps for each Astro cluster that you want to connect to your transit gateway.