AWS cloud practitioner notes - Networking
The content here is under the Attribution 4.0 International (CC BY 4.0) license
Amazon VPC (Virtual Private Cloud) (AWS, 2021)(AWS, 2021) lets you provision an isolated section of AWS cloud, and deliver AWS services that you control. Public and private groups of resources are known as subnets.
- Public subnet
- Private subnet
Previous: AWS cloud practitioner notes - Infrastructure and reliability
Module 4 - Connectivity to AWS
Internet gateway allows public traffic from the internet to access the VPC.
____________________________________________
| AWS cloud |
| ___________________________________ |
| |VPC | |
__________ | __|_________ | |
| Client | internet request | |internet | | |
|________| --------------------------> |gateway | | |
| |__________| | |
| | | |
| | | |
| | | |
| |_________________________________| |
|__________________________________________|
Virtual **private gateway allows access to private resources in a VPC.
____________________________________________
| AWS cloud |
| ___________________________________ |
| |VPC | |
_______________ | _|_________ | |
| Corporate | | | virtual | | |
| data center | internet | | private | | |
|_____________| ---------------------->| gateway | | |
VPN connection | |___________| | |
| | | |
| | | |
| | | |
| |_________________________________| |
|__________________________________________|
AWS Direct connect (AWS, 2021) provides a direct connection from private data centers, offices, or other locations to AWS.
____________________________________________
| AWS cloud |
____________________ | ___________________________________ |
| | | |VPC | |
_______________ |AWS direct connect| | ___|_________ | |
| Corporate | |location | | | virtual | | |
| data center | | | | | private | | |
|_____________|---->|AWS direct |----->| gateway | | |
|connect end point | | |___________| | |
| | | | | |
| | | | | |
|__________________| | | | |
| |_________________________________| |
|__________________________________________|
Module 4 - subnets and network access control lists
AWS networking security features:
- Network hardening
- Application security
- User identity
- Authentication and authorization
- Distributed denial of service prevention
- Data integrity
- Data encryption
Network ACL does not evaluate the package content, it evaluates only if the package can go in or out.
Every ec2 comes with a security group, by default all connections are blocked.
- Security groups are stateful
- Network ACL is stateless (allow all inbound and outbound traffic)
Module 4 - Global networking
AWS Route 53 domain name system, is the service that Amazon uses to translate a domain name to an IP address. Route 53 can route traffic based on the following policies:
- Latency-based routing
- Geo-location DNS (Domain Name System)
- Geo-proximity routing
- Weighted round-robin
Up next
References
- AWS. (2021). Amazon Virtual Private Cloud. https://aws.amazon.com/vpc/?vpc-blogs.sort-by=item.additionalFields.createdDate&vpc-blogs.sort-order=desc
- AWS. (2021). VPCs and subnets. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html
- AWS. (2021). AWS Direct Connect. https://aws.amazon.com/directconnect