VPC Peering vs Transit Gateway: Pick by Topology

VPC peering is point-to-point; transit gateway is hub-and-spoke. The decision rule based on topology and the cost crossover.

When peering wins

The VPC peering vs Transit Gateway decision is one of the foundational AWS network architecture choices. Both connect VPCs but the operational and cost characteristics differ significantly. The right answer depends on the number of VPCs, traffic patterns, and operational scale.

What VPC peering wins:

• Few VPCs (4 or fewer).: When the VPC count is small, peering is operationally manageable. The number of peering connections grows quadratically (n*(n-1)/2); at 4 VPCs that is 6 peerings, which is tractable.
• Peering is cheaper at this scale.: VPC peering has no per-hour cost; only data transfer costs apply. Transit Gateway has per-hour attachment costs plus data processing costs. At small scale, peering is unambiguously cheaper.
• Specific high-traffic pairs.: Two VPCs with significant traffic between them benefit from direct peering. The traffic does not pass through any intermediate; the latency is the lowest possible.
• Direct path is fastest.: Peering provides direct connectivity with no intermediate hops. The latency is the minimum possible; the throughput matches the underlying capacity. For latency-sensitive flows, direct peering is the right choice.
• Bilateral configuration.: Peering is a per-pair configuration. Each peering is established and managed individually. At small scale, the per-pair management is reasonable.

VPC peering is the right choice when the architecture is small and the connectivity needs are point-to-point.

When transit gateway wins

Transit Gateway is the right choice for larger architectures. The hub-and-spoke pattern scales much better than mesh peering as VPC count grows.

• Many VPCs (5 or more).: As the VPC count grows, peering becomes unmanageable. 10 VPCs require 45 peerings; 20 VPCs require 190 peerings. Each peering is a separate configuration; the operational burden becomes overwhelming.
• NxN peerings become unmanageable.: The combinatorial explosion makes mesh peering impractical at scale. Beyond a small number of VPCs, the team spends more time on peering management than on actual network engineering.
• Complex topologies with shared services.: When VPCs share common services (logging, monitoring, security tooling), the hub-and-spoke pattern matches the topology. Spokes connect to the hub; the hub provides shared services; the architecture is intentional.
• Hub-and-spoke is the natural shape.: Most large multi-VPC architectures naturally form hub-and-spoke patterns. Transit Gateway implements this directly; the team's mental model matches the network architecture.
• Centralized routing.: Transit Gateway provides centralized routing tables. Routing changes are made in one place; the impact propagates through the gateway. Mesh peering requires routing changes in every connected VPC.

Transit Gateway is the right choice for architectures above a small VPC count. The operational benefits compound with scale.

Cost crossover

The cost question has a defined answer that depends on VPC count and traffic patterns. The crossover point is where Transit Gateway becomes cheaper than peering despite its hourly fee.

• Around 5 to 6 VPCs.: The crossover point varies by traffic patterns and AZ count, but typically falls around 5 to 6 VPCs. Below this, peering is cheaper; above it, Transit Gateway is cheaper.
• Transit gateway becomes cheaper despite hourly fee.: The hourly attachment cost ($0.05 per hour per attachment) is offset by the operational simplicity and the reduced peering overhead. At scale, the math favors Transit Gateway.
• Recompute when scaling.: The crossover point shifts as architecture changes. Add VPCs; recompute. Change traffic patterns; recompute. The economics are not static; the right answer evolves.
• Crossover varies by traffic patterns.: Heavy traffic between specific VPCs favors peering for those pairs even at higher VPC counts. Hybrid architectures with peering for some pairs and Transit Gateway for the rest are common at the boundary.
• Plan the migration.: Migrating from peering to Transit Gateway is a significant project. Plan it deliberately; phase it; do not rush. The operational simplification is worth the migration cost when done right.

VPC peering vs Transit Gateway is a per-architecture decision that evolves with scale. Nova AI Ops integrates with VPC inventory and traffic data, surfaces the cost crossover, and helps teams identify when migration to Transit Gateway is justified by operational and cost benefits.