Do I need transit architecture for AWS Shared VPCs?
Let me give you an example of on-prem world by asking a question, is it a good practice to have a single VLAN and deploy all workloads in VLAN1? The blast radius is going to be huge, there won’t be a concept of compliance, segmentation, NextGen security, visibility and troubleshooting. Management would become easier, but you have to compromise a lot.
Shared VPCs by no means a replacement of transit architecture and doesn’t provide enterprise grade networking and security. Even with multiple shared VPCs you need transit to provide connectivity between them.
When you have very few applications then it makes sense to use Shared VPCs.
Here’s the Aviatrix architecture for AWS Shared VPCs where admin is creating shared resources for Prod and Dev accounts:
Admin creates shared spoke and transit VPCs and deploy Aviatrix spoke and transit gateways in their respective subnets. Admin share the workload subnets (public and private both) with Prod and Dev accounts.
Prod and Dev accounts deploy their workloads in the shared subnets as shown below:
End to end connectivity along with common repeatable architecture, security, visibility and troubleshooting can be easily achieved with Aviatrix Multi-Cloud Network Architecture.