AWS cloud practitioner notes - Networking

Last updated Apr 6, 2024 Published Jan 6, 2021

The content here is under the Attribution 4.0 International (CC BY 4.0) license

Amazon VPC (Virtual Private Cloud) [1][2] lets you provision an isolated section of AWS cloud, and deliver AWS services that you control. Public and private groups of resources are known as subnets.

  • Public subnet
  • Private subnet

Previous: AWS cloud practitioner notes - Infrastructure and reliability

Module 4 - Connectivity to AWS

Internet gateway allows public traffic from the internet to access the VPC.

                                   ____________________________________________
                                   | AWS cloud                                |
                                   |     ___________________________________  |
                                   |     |VPC                              |  |
__________                         |   __|_________                        |  |
| Client | internet request        |   |internet  |                        |  |
|________| --------------------------> |gateway   |                        |  |
                                   |   |__________|                        |  |
                                   |     |                                 |  |
                                   |     |                                 |  |
                                   |     |                                 |  |
                                   |     |_________________________________|  |
                                   |__________________________________________|

Virtual **private gateway allows access to private resources in a VPC.

                                   ____________________________________________
                                   | AWS cloud                                |
                                   |     ___________________________________  |
                                   |     |VPC                              |  |
_______________                    |    _|_________                        |  |
| Corporate   |                    |   | virtual   |                       |  |
| data center |        internet    |   | private   |                       |  |
|_____________| ---------------------->| gateway   |                       |  |
                    VPN connection |   |___________|                       |  |
                                   |     |                                 |  |
                                   |     |                                 |  |
                                   |     |                                 |  |
                                   |     |_________________________________|  |
                                   |__________________________________________|

AWS Direct connect [3] provides a direct connection from private data centers, offices, or other locations to AWS.

                                           ____________________________________________
                                           | AWS cloud                                |
                    ____________________   |     ___________________________________  |
                    |                  |   |     |VPC                              |  |
_______________     |AWS direct connect|   |  ___|_________                        |  |
| Corporate   |     |location          |   |  | virtual   |                        |  |
| data center |     |                  |   |  | private   |                        |  |
|_____________|---->|AWS direct        |----->| gateway   |                        |  |
                    |connect end point |   |  |___________|                        |  |
                    |                  |   |     |                                 |  |
                    |                  |   |     |                                 |  |
                    |__________________|   |     |                                 |  |
                                           |     |_________________________________|  |
                                           |__________________________________________|

Module 4 - subnets and network access control lists

AWS networking security features:

  • Network hardening
  • Application security
  • User identity
  • Authentication and authorization
  • Distributed denial of service prevention
  • Data integrity
  • Data encryption

Network ACL does not evaluate the package content, it evaluates only if the package can go in or out.

Every ec2 comes with a security group, by default all connections are blocked.

  • Security groups are stateful
  • Network ACL is stateless (allow all inbound and outbound traffic)

Module 4 - Global networking

AWS Route 53 domain name system, is the service that Amazon uses to translate a domain name to an IP address. Route 53 can route traffic based on the following policies:

  • Latency-based routing
  • Geo-location DNS (Domain Name System)
  • Geo-proximity routing
  • Weighted round-robin

Up next

Storage and databases

References

  1. [1]AWS, “Amazon Virtual Private Cloud,” 2021 [Online]. Available at: https://aws.amazon.com/vpc/?vpc-blogs.sort-by=item.additionalFields.createdDate&vpc-blogs.sort-order=desc. [Accessed: 06-Jan-2021]
  2. [2]AWS, “VPCs and subnets,” 2021 [Online]. Available at: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html. [Accessed: 06-Jan-2021]
  3. [3]AWS, “AWS Direct Connect,” 2021 [Online]. Available at: https://aws.amazon.com/directconnect. [Accessed: 06-Jan-2021]