Architecture details - Network Orchestration for AWS Transit Gateway

Architecture details

This section describes the components and AWS services that make up this solution and the architecture details on how these components work together.

AWS services in this solution

AWS service Description
AWS Transit Gateway Core. Deploys a transit gateway that connects VPCs through a central hub.
AWS Lambda Core. Deploys multiple Lambda functions to support core microservices and create transit gateway attachments.
AWS Step Functions Core. Deploys a state machine to orchestrate the subnet and VPC tagging events and create transit gateway attachments.
Amazon DynamoDB Core. Deploys a DynamoDB table for VPC and transit gateway attachments, and for transit gateway peering attachments.
Amazon EventBridge Core. Deploys an event bus and event rules to connect components of the solution.
AWS X-Ray Supporting. Deploys traces for API Gateway and Step Functions, allowing you to investigate root causes of failures.
Amazon SNS Optional. Deploys a topic that sends an email notification with the optional web UI URL.
Amazon Cognito Optional. Deploys a user pool that supports identity authentication for the optional web UI.
AWS AppSync Optional. Deploys AWS AppSync schema and resolvers for the DynamoDB table and Lambda functions. Using resolvers, AWS AppSync translates GraphQL requests and fetches information from DynamoDB.
Amazon S3 Optional. Deploys Amazon S3 buckets to host the web UI assets.
AWS WAF Optional. Deploys AWS WAF web access control list (ACL) to protect AWS AppSync from common security events, such as SQL injection and cross-site scripting (XSS).
Amazon CloudFront Optional. Deploys CloudFront with an Amazon S3 bucket as the origin. This restricts access to the Amazon S3 bucket so that it’s not publicly accessible and prevents direct access from the bucket.