AWS Transit Gateway connects VPCs and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once, you can learn more about Transit Gateway here.

As accounts are created within our Control Tower managed environment we also need to automate the connectivity between them and if required out to a WAN, Corporate offices and on premise data centres. These labs take you through a couple of approaches.

Transit Gateway - Simple

Transit Gateway - Advanced


Amazon Route 53, combined with its resolver endpoints and conditional forwarding rules provide comprehensive DNS configuration for nearly all scenarios in AWS environment as well as in hybrid scenarios.

This enables users to be able to use friendly names to reach an EC2 instance or access a Load Balancer or even VPC endpoints via more memorable names from different environments including on-prem resources.

The workshops below provides hands-on experience going from simplest implementation (single account with resolver endpoints) to more complex scenario (multiple account with an inbound resolver endpoint which the on-prem resources can use to resolve AWS names)

DNS topics - Route 53 Resolvers

DNS topics - Route 53 Conditional Forwarding Rules

DNS topics - Hybrid DNS Strategy - single account and on-prem

DNS topics - Hybrid DNS Strategy - multiple account, single region and on-prem

Additional reading:

Simplify DNS management in a multi-account environment with Route 53 Resolver

AWS re:Invent 2019: Deep dive on DNS in the hybrid cloud