AWS cloud practitioner notes - Networking
The content here is under the Attribution 4.0 International (CC BY 4.0) license
Amazon VPC (Virtual Private Cloud) [1][2] lets you provision an isolated section of AWS cloud, and deliver AWS services that you control. Public and private groups of resources are known as subnets.
- Public subnet
- Private subnet
Previous: AWS cloud practitioner notes - Infrastructure and reliability
Module 4 - Connectivity to AWS
Internet gateway allows public traffic from the internet to access the VPC.
____________________________________________
| AWS cloud |
| ___________________________________ |
| |VPC | |
__________ | __|_________ | |
| Client | internet request | |internet | | |
|________| --------------------------> |gateway | | |
| |__________| | |
| | | |
| | | |
| | | |
| |_________________________________| |
|__________________________________________|
Virtual **private gateway allows access to private resources in a VPC.
____________________________________________
| AWS cloud |
| ___________________________________ |
| |VPC | |
_______________ | _|_________ | |
| Corporate | | | virtual | | |
| data center | internet | | private | | |
|_____________| ---------------------->| gateway | | |
VPN connection | |___________| | |
| | | |
| | | |
| | | |
| |_________________________________| |
|__________________________________________|
AWS Direct connect [3] provides a direct connection from private data centers, offices, or other locations to AWS.
____________________________________________
| AWS cloud |
____________________ | ___________________________________ |
| | | |VPC | |
_______________ |AWS direct connect| | ___|_________ | |
| Corporate | |location | | | virtual | | |
| data center | | | | | private | | |
|_____________|---->|AWS direct |----->| gateway | | |
|connect end point | | |___________| | |
| | | | | |
| | | | | |
|__________________| | | | |
| |_________________________________| |
|__________________________________________|
Module 4 - subnets and network access control lists
AWS networking security features:
- Network hardening
- Application security
- User identity
- Authentication and authorization
- Distributed denial of service prevention
- Data integrity
- Data encryption
Network ACL does not evaluate the package content, it evaluates only if the package can go in or out.
Every ec2 comes with a security group, by default all connections are blocked.
- Security groups are stateful
- Network ACL is stateless (allow all inbound and outbound traffic)
Module 4 - Global networking
AWS Route 53 domain name system, is the service that Amazon uses to translate a domain name to an IP address. Route 53 can route traffic based on the following policies:
- Latency-based routing
- Geo-location DNS (Domain Name System)
- Geo-proximity routing
- Weighted round-robin
Up next
References
- [1]AWS, “Amazon Virtual Private Cloud,” 2021 [Online]. Available at: https://aws.amazon.com/vpc/?vpc-blogs.sort-by=item.additionalFields.createdDate&vpc-blogs.sort-order=desc. [Accessed: 06-Jan-2021]
- [2]AWS, “VPCs and subnets,” 2021 [Online]. Available at: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html. [Accessed: 06-Jan-2021]
- [3]AWS, “AWS Direct Connect,” 2021 [Online]. Available at: https://aws.amazon.com/directconnect. [Accessed: 06-Jan-2021]
Table of contents
Got a question?
If you have question or feedback, don't think twice and click here to leave a comment. Just want to support me? Buy me a coffee!