AWS cloud practitioner notes - Networking

Last updated Apr 6, 2024 Published Jan 6, 2021

The content here is under the Attribution 4.0 International (CC BY 4.0) license

Amazon VPC (Virtual Private Cloud) (AWS, 2021)(AWS, 2021) lets you provision an isolated section of AWS cloud, and deliver AWS services that you control. Public and private groups of resources are known as subnets.

  • Public subnet
  • Private subnet

Previous: AWS cloud practitioner notes - Infrastructure and reliability

Module 4 - Connectivity to AWS

Internet gateway allows public traffic from the internet to access the VPC.

                                   ____________________________________________
                                   | AWS cloud                                |
                                   |     ___________________________________  |
                                   |     |VPC                              |  |
__________                         |   __|_________                        |  |
| Client | internet request        |   |internet  |                        |  |
|________| --------------------------> |gateway   |                        |  |
                                   |   |__________|                        |  |
                                   |     |                                 |  |
                                   |     |                                 |  |
                                   |     |                                 |  |
                                   |     |_________________________________|  |
                                   |__________________________________________|

Virtual **private gateway allows access to private resources in a VPC.

                                   ____________________________________________
                                   | AWS cloud                                |
                                   |     ___________________________________  |
                                   |     |VPC                              |  |
_______________                    |    _|_________                        |  |
| Corporate   |                    |   | virtual   |                       |  |
| data center |        internet    |   | private   |                       |  |
|_____________| ---------------------->| gateway   |                       |  |
                    VPN connection |   |___________|                       |  |
                                   |     |                                 |  |
                                   |     |                                 |  |
                                   |     |                                 |  |
                                   |     |_________________________________|  |
                                   |__________________________________________|

AWS Direct connect (AWS, 2021) provides a direct connection from private data centers, offices, or other locations to AWS.

                                           ____________________________________________
                                           | AWS cloud                                |
                    ____________________   |     ___________________________________  |
                    |                  |   |     |VPC                              |  |
_______________     |AWS direct connect|   |  ___|_________                        |  |
| Corporate   |     |location          |   |  | virtual   |                        |  |
| data center |     |                  |   |  | private   |                        |  |
|_____________|---->|AWS direct        |----->| gateway   |                        |  |
                    |connect end point |   |  |___________|                        |  |
                    |                  |   |     |                                 |  |
                    |                  |   |     |                                 |  |
                    |__________________|   |     |                                 |  |
                                           |     |_________________________________|  |
                                           |__________________________________________|

Module 4 - subnets and network access control lists

AWS networking security features:

  • Network hardening
  • Application security
  • User identity
  • Authentication and authorization
  • Distributed denial of service prevention
  • Data integrity
  • Data encryption

Network ACL does not evaluate the package content, it evaluates only if the package can go in or out.

Every ec2 comes with a security group, by default all connections are blocked.

  • Security groups are stateful
  • Network ACL is stateless (allow all inbound and outbound traffic)

Module 4 - Global networking

AWS Route 53 domain name system, is the service that Amazon uses to translate a domain name to an IP address. Route 53 can route traffic based on the following policies:

  • Latency-based routing
  • Geo-location DNS (Domain Name System)
  • Geo-proximity routing
  • Weighted round-robin

Up next

Storage and databases

References

  1. AWS. (2021). Amazon Virtual Private Cloud. https://aws.amazon.com/vpc/?vpc-blogs.sort-by=item.additionalFields.createdDate&vpc-blogs.sort-order=desc
  2. AWS. (2021). VPCs and subnets. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html
  3. AWS. (2021). AWS Direct Connect. https://aws.amazon.com/directconnect

You also might like