# AWS CloudFormation templates This solution uses CloudFormation to automate its deployment in the AWS Cloud. It includes the following AWS CloudFormation templates, which you can download before deployment. **Note** AWS CloudFormation resources are created from AWS CDK constructs. [https://solutions-reference.s3.amazonaws.com/network-orchestration-for-aws-transit-gateway/latest/network-orchestration-hub.template](https://solutions-reference.s3.amazonaws.com/network-orchestration-for-aws-transit-gateway/latest/network-orchestration-hub.template) **network-orchestration-hub.template** - Use this template to launch the solution and all associated components in your AWS network hub account. The default configuration deploys the following: + One transit gateway + Four transit gateway route tables + One global network in Transit Gateway network manager + Step Functions (to orchestrate VPC and transit gateway attachments) + One [AWS Resource Access Manager](https://aws.amazon.com/ram) (AWS RAM) resource share + One optional web UI with the following resources: + One DynamoDB table + EventBridge event bus and rules + IAM roles + One optional web UI for network management with the following resources: + One Amazon SNS topic + AWS AppSync API with WAF + One Amazon Cognito user pool + One CloudFront distribution with a CloudFront function + Amazon S3 buckets [https://solutions-reference.s3.amazonaws.com/network-orchestration-for-aws-transit-gateway/latest/network-orchestration-hub-service-linked-roles.template](https://solutions-reference.s3.amazonaws.com/network-orchestration-for-aws-transit-gateway/latest/network-orchestration-hub-service-linked-roles.template) **network-orchestration-hub-service-linked-roles.template** - Optionally use this template to launch the service-linked role for AWS RAM in your hub account. This stack is optional because it fails if the `AWSServiceRoleForResourceAccessManager` role already exists in the hub account. [https://solutions-reference.s3.amazonaws.com/network-orchestration-for-aws-transit-gateway/latest/network-orchestration-spoke.template](https://solutions-reference.s3.amazonaws.com/network-orchestration-for-aws-transit-gateway/latest/network-orchestration-spoke.template) **network-orchestration-spoke.template** - Use this template to launch the solution and all associated components in your spoke account(s). The default configuration deploys EventBridge rules and IAM roles. [https://solutions-reference.s3.amazonaws.com/network-orchestration-for-aws-transit-gateway/latest/network-orchestration-organization-role.template](https://solutions-reference.s3.amazonaws.com/network-orchestration-for-aws-transit-gateway/latest/network-orchestration-organization-role.template) **network-orchestration-organization-role.template** - Use this template to create an IAM role in the Organizations management account. The hub account requires this role to create easily-identifiable names for the transit gateway attachments, using a combination of OU path and VPC name.