---
title: AWS Transit Gateway
description: >-
  A network transit hub for interconnecting your virtual private clouds (VPCs)
  and on-premises networks.
breadcrumbs: Docs > Integrations > AWS Transit Gateway
---

# AWS Transit Gateway
Integration version1.0.0
## Overview{% #overview %}

Use AWS Transit Gateway to interconnect your virtual private clouds (VPCs) and on-premises networks.

Enable this integration to see all your Transit Gateway metrics in Datadog.

## Setup{% #setup %}

### Installation{% #installation %}

If you haven't already, set up the [Amazon Web Services integration](https://docs.datadoghq.com/integrations/amazon_web_services/) first.

### Metric & Resource collection{% #metric--resource-collection %}

1. In the [AWS integration page](https://app.datadoghq.com/integrations/amazon-web-services), ensure that `TransitGateway` is enabled under the `Metric Collection` tab.
1. Add the following permissions to your [Datadog IAM policy](https://docs.datadoghq.com/integrations/amazon_web_services/#installation) to collect AWS Transit Gateway resources.

| AWS Permission                              | Description                                                                                          |
| ------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
| `ec2:DescribeTransitGateways`               | Grants permission to describe one or more transit gateways                                           |
| `ec2:DescribeTransitGatewayVPCAttachments`  | Grants permission to describe one or more VPC attachments on a transit gateway.                      |
| `ec2:DescribeTransitGatewayRouteTables`     | Grants permission to describe one or more transit gateway route tables.                              |
| `ec2:GetTransitGatewayPrefixListReferences` | Grants permission to get information about prefix list references for a transit gateway route table. |
| `ec2:SearchTransitGatewayRoutes`            | Grants permission to search for routes in a transit gateway route table.                             |
Install the [Datadog - AWS Transit Gateway integration](https://app.datadoghq.com/integrations/amazon-transit-gateway).
### Log collection{% #log-collection %}

#### Enable Transit Gateway flow log logging{% #enable-transit-gateway-flow-log-logging %}

Transit Gateway flow logs can be sent to an S3 bucket or a CloudWatch log group.

1. In the AWS console, go to the Transit Gateway you want to monitor.
1. Go to the **Flow logs** tab.
1. Click **Create flow log**.
1. Select the S3 bucket or the CloudWatch log group to send the logs to.

**Note**: Include the string `transit-gateway` in the S3 bucket name to enable automatic log parsing.

#### Send logs to Datadog{% #send-logs-to-datadog %}

1. If you haven't already, set up the [Datadog Forwarder Lambda function](https://docs.datadoghq.com/logs/guide/forwarder/) in your AWS account.
1. Navigate to the Datadog Forwarder Lambda function in your AWS account. In the Function Overview section, click **Add Trigger**.
1. Select the **S3** or **CloudWatch Logs** trigger for the Trigger Configuration.
1. Select the S3 bucket or CloudWatch log group that contains your Transit Gateway logs.
1. For S3, leave the event type as `All object create events`.
1. Click **Add** to add the trigger to your Lambda.

After a few minutes, Transit Gateway flow logs appear in your [Log Explorer](https://docs.datadoghq.com/logs/explorer/).

For more information on collecting AWS Services logs, see [Send AWS Services Logs with the Datadog Lambda Function](https://docs.datadoghq.com/logs/guide/send-aws-services-logs-with-the-datadog-lambda-function/).

## Data Collected{% #data-collected %}

### Metrics{% #metrics %}

|  |
|  |
| **aws.transitgateway.bytes\_in**(count)                      | The number of bytes received by the transit gateway.*Shown as byte*                    |
| **aws.transitgateway.bytes\_out**(count)                     | The number of bytes sent from the transit gateway.*Shown as byte*                      |
| **aws.transitgateway.packet\_drop\_count\_blackhole**(count) | The number of packets dropped because they matched a blackhole route.*Shown as packet* |
| **aws.transitgateway.packet\_drop\_count\_no\_route**(count) | The number of packets dropped because they did not match a route.*Shown as packet*     |
| **aws.transitgateway.packets\_in**(count)                    | The number of packets received by the transit gateway.*Shown as packet*                |
| **aws.transitgateway.packets\_out**(count)                   | The number of packets sent by the transit gateway.*Shown as packet*                    |

### Events{% #events %}

The AWS Transit Gateway integration does not include any events.

### Service Checks{% #service-checks %}

The AWS Transit Gateway integration does not include any service checks.

## Troubleshooting{% #troubleshooting %}

Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).

## Further Reading{% #further-reading %}

- [Connect to Datadog over AWS PrivateLink using AWS Transit Gateway](https://www.datadoghq.com/architecture/connect-to-datadog-over-aws-privatelink-using-aws-transit-gateway/)