AWS Transit Gateway
AWS Transit GatewayCopy
This setup will allow Tray's connectors to reach inside your private network using routes established via attachment of a Tray-owned VPC to the your Transit Gateway.
This option will therefore only work if you are (at least partially) hosted on AWS and also use Transit Gateways to govern your network topology.
Transit Gateway required infoCopy
| Details | Notes |
|---|---|
| Customer Name | |
| Geographic location | The region in which your VPC is locatedwe will place the Tray VPC in the same region as required by AWS |
| Tray OrgID | |
| Your AWS Account number | |
| Your Transit Gateway ID | |
| Your subnet CIDR ranges | Tray uses 10.200.0.0/25 by defaultThis cannot overlap with your VPC CIDR rangeIn the unlikely event that it does, you should notify us so we can update it to be in another range |
Transit Gateway setup processCopy
We set up a separate Tray VPC network which does not overlap with your network and will not require you to reserve a large chunk of routes
We then create a Transit Gateway Attachment request to your network which will normally require manual acceptance by your AWS admins ('auto-accept' is not a recommended security practice)
Once accepted, our connectors will be able to reach the services hosted in your VPC
Transit Gateway technical considerationsCopy
Once the request is accepted, you can still explicitly limit Tray’s access to the different corners of your network by using NACLs and Security Groups.