A Singapore leading telecommunication and digital solutions company would like to engage 1CLOUDSTAR to implement a massive network infrastructure on Amazon Web Service (AWS) platform with Hub and Spoke network topology approach to connect data center, office, remote sites, and AWS VPCs, with one VPC that centralized firewalls in high-availability (HA) manner.

• The design of Hub-Spoke network is massive with multiple scenarios into consideration, including multiple on-premises sites via private links and site-2-site IPsec VPN.
• All resources provisioned on AWS needs to be strictly controlled by Infrastructure-as-code (IaC) approach and the code needs to be reusable for future workload spoke networks.

Amazon Transit Gateway approach is proposed as kernel for the Hub-Spoke topology by 1CLOUDSTAR AWS specialist team. With Transit Gateway placed as Hub, not only AWS VPCs are able to associate with it, Direct Connect and site-to-site VPN with remote on-premises sites connects to Transit Gateway as well. All traffic through networks including north-south and east-west are routed to a centralized VPC with firewalls for inspection before reaching the destination network.

Terraform is chosen by 1CLOUDSTAR to manage and provision all resources on AWS including Transit Gateway and its attachments, Direct Connect, VPN connections, routing rules from spokes and Transit Gateway. Due to the modular and loose-couple characteristic of Terraform, the Terraform code is designed for highly reusable to achieve customer’s requirement.