What is a Transit Gateway and when would you use it over peering?
AWS · Basic level
Answer
Transit Gateway is a managed regional network hub for many VPCs, VPNs, and Direct Connect attachments. I choose it over peering when I need hub-and-spoke connectivity, routing domains, multi-account networking, or hybrid connectivity at scale.
Technical explanation
Transit Gateway route tables let you segment prod, non-prod, inspection, and shared-services routing domains.
In AWS networking, always separate placement, routing, and filtering: subnets place resources, route tables decide next hops, and SG/NACL rules filter traffic.
Design for failure domains by spreading public, private, and data subnets across multiple AZs and avoiding single-AZ dependencies where production availability matters.
Troubleshooting should follow packet flow: source, SG, NACL, route table, endpoint/NAT/IGW/TGW, destination SG, and service listener.
Hands-on example
1. Create a sandbox VPC with two AZs, public subnets, private subnets, route tables, IGW, NAT Gateway, security groups, and one VPC endpoint relevant to the topic.
2. Deploy a small test instance or pod in the correct subnet and validate routing with curl, traceroute where allowed, and VPC Flow Logs.
3. Change one control at a time - route, SG, NACL, endpoint policy, NAT, or TGW route - and observe exactly how connectivity changes.
4. Document the final production pattern as an architecture diagram plus a troubleshooting checklist.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More AWS interview questions
- What is the AWS shared responsibility model, and where is the line between AWS and the customer?
- Explain the difference between a Region, an Availability Zone, and an Edge Location.
- What is a VPC, and what are its core components (subnets, route tables, IGW, NAT)?
- Difference between a public and a private subnet, and how does each reach the internet?
- What is the difference between a Security Group and a Network ACL?
- Are Security Groups stateful or stateless? What about NACLs?
- What is an Internet Gateway versus a NAT Gateway, and when do you need each?
- How does a NAT Gateway differ from a NAT instance?