VPC Peering vs Transit Gateway
Routing, cost, and migration threshold.
VPC Peering vs Transit Gateway
When you need connectivity between multiple VPCs, you have two options: VPC Peering for simple point-to-point connections, or Transit Gateway for a scalable hub-and-spoke architecture. The right choice depends on your VPC count, routing complexity, and cost tolerance.
VPC Peering
VPC Peering creates a direct network route between two VPCs:
aws ec2 create-vpc-peering-connection \
--vpc-id vpc-prod \
--peer-vpc-id vpc-shared \
--peer-region us-east-1Key characteristics:
- Point-to-point only — each pair needs its own peering connection
- No transitive routing — if A peers with B and B peers with C, A cannot reach C through B
- No bandwidth limits — uses AWS backbone at full speed
- No per-GB data processing charges (only standard data transfer)
- Cross-region and cross-account supported
Transit Gateway
Transit Gateway acts as a cloud router connecting VPCs, VPNs, and Direct Connect:
aws ec2 create-transit-gateway \
--options AmazonSideAsn=64512,AutoAcceptSharedAttachments=enable,DefaultRouteTableAssociation=enableKey characteristics:
- Hub-and-spoke model — any attached VPC can route to any other
- Transitive routing supported
- Supports VPN and Direct Connect attachments
- Route tables for network segmentation
- $0.05/hour per attachment + $0.02/GB data processed
Comparison
| Factor | VPC Peering | Transit Gateway |
|---|---|---|
| Connection model | Point-to-point | Hub-and-spoke |
| Transitive routing | No | Yes |
| Max connections | 125 per VPC | 5,000 attachments |
| Bandwidth | No limit | 50 Gbps per attachment |
| Cost (hourly) | Free | $0.05/hr per attachment |
| Data transfer cost | Standard rates | +$0.02/GB processing |
| VPN/DX support | No | Yes |
| Network segmentation | N/A | Route tables |
Cost Analysis
For 2-3 VPCs with low cross-VPC traffic, peering is significantly cheaper:
- 3 VPC peering connections: $0/month (free) + data transfer
- 3 TGW attachments: ~$109/month ($0.05 × 3 × 730 hours) + $0.02/GB
For 10+ VPCs, Transit Gateway becomes more manageable despite higher cost:
- 45 peering connections (10 VPCs): $0/month but 45 route table entries to manage
- 10 TGW attachments: ~$365/month but centralized routing
When to Use Each
- VPC Peering: 2-4 VPCs, no hybrid connectivity needed, cost-sensitive
- Transit Gateway: 5+ VPCs, VPN/DX integration, need for route segmentation, multi-account
Migration Path: Peering to Transit Gateway
- Create Transit Gateway and attach VPCs
- Update route tables to prefer TGW routes (more specific CIDR)
- Test connectivity through TGW
- Remove peering route table entries
- Delete VPC peering connections
Eazy SaaS Tip: We see many clients start with VPC peering and outgrow it within 12 months as they add environments and hybrid connectivity. Our recommendation: if you expect to have 5+ VPCs within a year, start with Transit Gateway to avoid the migration effort later.