AWS cloud practitioner notes - Networking

Introduction

Amazon VPC (Virtual Private Cloud) [1][2] lets you provision a isolated section of aws cloud, and deliver aws services that you control. Public and private grouping of resources are known as subnets.

  • Public subnet
  • Private subnet

Module 4 - Connectivity to AWS

Internet gateway allows public traffic from the internet to access the VPC.

                                   ____________________________________________
                                   | AWS cloud                                |
                                   |     ___________________________________  |
                                   |     |VPC                              |  |
__________                         |   __|_________                        |  |
| Client | inernet request         |   |internet  |                        |  |
|________| --------------------------> |gateway   |                        |  |
                                   |   |__________|                        |  |
                                   |     |                                 |  |
                                   |     |                                 |  |
                                   |     |                                 |  |
                                   |     |_________________________________|  |
                                   |__________________________________________|

Virtual private gateway allow access to private resources in a VPC.

                                   ____________________________________________
                                   | AWS cloud                                |
                                   |     ___________________________________  |
                                   |     |VPC                              |  |
_______________                    |    _|_________                        |  |
| Coportate   |                    |   | virtual   |                       |  |
| data center |        internet    |   | private   |                       |  |
|_____________| ---------------------->| gateway   |                       |  |
                    VPN connection |   |___________|                       |  |
                                   |     |                                 |  |
                                   |     |                                 |  |
                                   |     |                                 |  |
                                   |     |_________________________________|  |
                                   |__________________________________________|

AWS Direct connect [3] provides a direct connection from private data center, offices, or other locations to AWS.

                                           ____________________________________________
                                           | AWS cloud                                |
                    ____________________   |     ___________________________________  |
                    |                  |   |     |VPC                              |  |
_______________     |AWS direct connect|   |  ___|_________                        |  |
| Coportate   |     |location          |   |  | virtual   |                        |  |
| data center |     |                  |   |  | private   |                        |  |
|_____________|---->|AWS direct        |----->| gateway   |                        |  |
                    |connect end point |   |  |___________|                        |  |
                    |                  |   |     |                                 |  |
                    |                  |   |     |                                 |  |
                    |__________________|   |     |                                 |  |
                                           |     |_________________________________|  |
                                           |__________________________________________|

Module 4 - subnets and network access control lists

AWS networking security features:

  • Network hardening
  • Application security
  • User identity
  • Authentication and authorization
  • Distributed denial of service prevention
  • Data integrity
  • Data encryption

Network ACL does not evaluate the package content, it evaluates only if the package can go in or out.

Every ec2 comes with a security group, by default all connections are blocked.

  • Security groups are stateful
  • Network ACL is stateless (allow all inbound and outbound traffic)

Module 4 - Global networking

AWS Route 53 domain name system, is the service that amazon uses to translates a domain name to an IP address. Route 53 can route traffic based on the following policies:

  • Latency-based routing
  • Geolocation DNS
  • Geoproximity routing
  • weighted round robin

References

  1. [1]AWS, “Amazon Virtual Private Cloud,” 2021 [Online]. Available at: https://aws.amazon.com/vpc/?vpc-blogs.sort-by=item.additionalFields.createdDate&vpc-blogs.sort-order=desc. [Accessed: 06-Jan-2021]
  2. [2]AWS, “VPCs and subnets,” 2021 [Online]. Available at: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html. [Accessed: 06-Jan-2021]
  3. [3]AWS, “AWS Direct Connect,” 2021 [Online]. Available at: https://aws.amazon.com/directconnect. [Accessed: 06-Jan-2021]
Share this on