Transit Gateway vs VPC peering - Building a Scalable and Secure Multi-VPC AWS Network Infrastructure

Transit Gateway vs VPC peering

Transit Gateway solves the complexity involved with creating and managing multiple VPC peering connections at scale. While this makes TGW a good default for most network architectures, VPC peering is still a valid choice due to the following advantages it has over TGW:

  • Lower cost — With VPC peering you only pay for data transfer charges. Transit Gateway has an hourly charge per attachment in addition to the data transfer fees.

  • No bandwidth limits — With Transit Gateway, Maximum bandwidth (burst) per VPC connection is 50 Gbps. VPC peering has no aggregate bandwidth. Individual instance network performance limits and flow limits (10 Gbps within a placement group and 5 Gbps otherwise) apply to both options. Only VPC peering supports placement groups.

  • Latency — Unlike VPC peering, Transit Gateway is an additional hop between VPCs.

  • Security Groups compatibility — Security groups referencing works with intra-Region VPC peering. It does not currently work with Transit Gateway.

Within your Landing Zone setup, VPC Peering can be used in combination with the hub and spoke model enabled by Transit Gateway.