Tray Platform / Connecting to on-prem systems / Configuring AWS alternatives / AWS Transit Gateway

AWS Transit Gateway

tgw

This setup will allow Tray's connectors to reach inside your private network using routes established via attachment of a Tray-owned VPC to the your Transit Gateway.

This option will therefore only work if you are (at least partially) hosted on AWS and also use Transit Gateways to govern your network topology.

Setting up Transit Gateway

Basic required info

Details Notes
Customer Name
Geographic location The region in which your VPC is locatedwe will place the Tray VPC in the same region as required by AWS
Tray OrgID
Your AWS Account number
Your Transit Gateway ID
Your subnet CIDR ranges Tray uses 10.200.0.0/25 by defaultThis cannot overlap with your VPC CIDR rangeIn the unlikely event that it does, you should notify us so we can update it to be in another range

The setup process

  1. We set up a separate Tray VPC network which does not overlap with your network and will not require you to reserve a large chunk of routes

  2. We then create a Transit Gateway Attachment request to your network which will normally require manual acceptance by your AWS admins ('auto-accept' is not a recommended security practice)

  3. Once accepted, our connectors will be able to reach the services hosted in your VPC

Technical Considerations

  • Once the request is accepted, you can still explicitly limit Tray’s access to the different corners of your network by using NACLs and Security Groups.