Building a Hub-and-Spoke Topology in AWS Using Infrastructure as Code

Written By Pat Allen

In our previous blog, we covered how to create a hub-and-spoke topology in AWS. Now, we take it a step further by implementing the same architecture using Infrastructure as Code (IaC). Automating network deployments with IaC improves consistency, reduces manual effort, and enhances scalability. In this guide, we’ll use Terraform to build a robust and secure hub-and-spoke network in AWS.

Understanding the Hub-and-Spoke Model

The hub-and-spoke model in AWS consists of:

  • Hub VPC: Centralized VPC for shared services like firewalls, DNS, and monitoring tools.

  • Spoke VPCs: Individual VPCs for applications, isolated for security and scalability.

  • Transit Gateway (TGW): Facilitates communication between the hub and spoke VPCs.

  • Route Tables & Security Groups: Control network traffic between VPCs.

Benefits of Using IaC for AWS Networking

  • Consistency: Ensures identical configurations across environments.

  • Automation: Deploys and updates network infrastructure efficiently.

  • Scalability: Allows easy expansion of network resources.

Terraform Code for Hub-and-Spoke Network

Here’s a high-level Terraform configuration to deploy the hub-and-spoke architecture:

provider "aws" {
  region = "us-east-1"
}
resource "aws_vpc" "hub_vpc" {
  cidr_block = "10.0.0.0/16"
  tags = { Name = "Hub-VPC" }
}
resource "aws_vpc" "spoke_vpc_1" {
  cidr_block = "10.1.0.0/16"
  tags = { Name = "Spoke-VPC-1" }
}
resource "aws_ec2_transit_gateway" "tgw" {}
resource "aws_ec2_transit_gateway_vpc_attachment" "hub_attachment" {
  transit_gateway_id = aws_ec2_transit_gateway.tgw.id
  vpc_id             = aws_vpc.hub_vpc.id
}
resource "aws_ec2_transit_gateway_vpc_attachment" "spoke_attachment_1" {
  transit_gateway_id = aws_ec2_transit_gateway.tgw.id
  vpc_id             = aws_vpc.spoke_vpc_1.id
}

This script sets up a hub VPC, a spoke VPC, and connects them using AWS Transit Gateway.

Deploying and Managing the Network

  1. Initialize Terraform: Run terraform init to set up Terraform.

  2. Plan Deployment: Execute terraform plan to preview changes.

  3. Apply Changes: Deploy with terraform apply.

Conclusion

Using Infrastructure as Code to deploy a hub-and-spoke topology in AWS streamlines network management, ensures consistency, and enhances security. As cloud networks grow, automation will be key to maintaining efficiency.

Would you like to see more Terraform examples for cloud networking? Let us know in the comments!

Pat Allen
Previous

Deep Dive into Software-Defined Networking (SDN): Transforming the Future of Network Management
Next

Building a Cloud Network Infrastructure: Hub-and-Spoke Model with AWS Best Practices