Week 5
What does Amazon VPC stand for? And what does it let you do?
Amazon VPC stands for Amazon Virtual Private Cloud and it enables you to provision a logically isolated section of the AWS Cloud, where you can launch AWS resources in a virtual network that you define.
-Control your virtual networking resources (IP addresses, subnets, and network configurations)
- Use multiple layers of security
What does internet gateway do? And what is the public subnet route table?
Connects your VPC to the internet
Public subnet route table is: 10.0.0.0/16 - Local
0.0.0.0/0 - Igw-ID
What does AWS Direct connect do?
Connects your VPC to a remote network by using a dedicated and private network connection
What are the two amazon firewall options?
- Security groups
- Network Access Control List (ACLs)
What are Cloud Domain Name System (DNS)?
DNS: translates text-based domain names to IP addresses
- Amazon route 53 is a highly available and scalable cloud DNS web service that translates domain names into multiple IP addresses
What are Subnets and what do vpcs belong to?
A VPC belongs to a single AWS region and span multiple availability zones
One VPC -> one CIDR block with a predefined size (/16 tp /28). CIDR blocks cannot overlap
By default, AWS reserves five IP addresses for each CIDR block
What does NAT Gateway stand for, and what does it do?
NAT gateway stands for Network address translation gateway. And it enables instances in a private subnet to connect to the internet
What does VPC endpoint do?
Connects your VPC to supported AWS services privately
- Interface endpoints enable you to connect to services that are powered by AWS Private links
- Gateway endpoints
What are security groups?
Virtual firewall for your instances
- Controls inbound and outbound traffic - filter traffic
- Acts at the instance level, NOT the subnet level
What is amazon route 53 routing?
Support several routing policies
Use case 1: latency routing
Use case 2: Failover Routing• Configuring backup and failover scenarios for your own applications• Enabling highly available Multi-Region architectures on AWS• Creating health checks
Route tables and routes
- One main route table for the VPC
- One route table for each subnet (Several subnets can share one route table)
What does VPC sharing do?
VPC sharing allows multiple AWS accounts to create their application resources into shared, centrally-managed amazon VPCs
AWS Transit Gateway, What does it do?
A hub and spoke connection alternative to VPC Peering
What are the rules in security groups?
By default, security group rules. Allow all outbound traffic, Deny all inbound traffic
- Security groups are stateful. State information is kept even after a request is processed
- All rules are evaluated before the decision to allow traffic
What are CDNs?
A solution addressing network latency problems• A distributed system of cached servers• Caches -> static copies of required contents• Deliver from the nearest server• Amazon CloudFront – Amazon’s CDN solution• Fast and global• Security at the edge• Highly programmable• Deeply integrated with AWS• Cost-effective
Route table contains two features, what are they?
Destination: destination CIDR block
Target: the target that the destination traffic is sent through
- By default, a route table contains a local route for communication within the VPC (Cannot be deleted)
What does VPC Peering do?
Connects your VPC to other VPCS
What are the labels of the network diagram?
- Region
- VPC
- Availability Zone
- Private Subnet (x2)
- Public Ip Address
- Private Ip Address
- NAT Gateway
- Elastic network interface
- Route table (x2)
- Route
- Internet Gateway
What are Network Access Control Lists (ACLs)?
- Controls inbound and outbound traffic - filter traffic
- Acts at the subnet level, NOT the instance level
Examples of VPC networking options for different needs
AWS Site-to-Site VPN, what does it do?
Connects your VPC to remote networks
What is VPC Security in General Aim?
- Build security into your VPC architecture
- Isolate subnets if possible, Choose the appropriate gateway device or VPN connection for your needs
- Use firewalls
What are the rules in Network ACLs?
By default: Before adding rules, deny all outbound and inbound traffic.
After adding rules: Allow all outbound and inbound IPv4 traffic
- A network ACL has separate inbound and outbound rules, and each rule can either allow or deny traffic
Security groups are stateless. No information about a request is maintained after a request is processed
- Rules are evaluated in order in a rule list