๐ AWS 1x1 - ๐ฉ๐ฃ๐ & ๐ก๐ฒ๐๐๐ผ๐ฟ๐ธ๐ถ๐ป๐ด
Your logically isolated virtual network in the cloud.
From Security Groups, over Route Tables to VPC Peering โ
Your logically isolated virtual network in the cloud.
From Security Groups, over Route Tables to VPC Peering โ
๐ง๐ต๐ฟ๐ฒ๐ฎ๐ฑ ๐ข๐๐ฒ๐ฟ๐๐ถ๐ฒ๐ ๐งต
โข VPCs & Subnets
โข Route Tables
โข Internet Gateway
โข NAT Gateways & Instances
โข Security Groups
โข Network Access Control Lists
โข VPC Peering
{ 1/14 }
โข VPCs & Subnets
โข Route Tables
โข Internet Gateway
โข NAT Gateways & Instances
โข Security Groups
โข Network Access Control Lists
โข VPC Peering
{ 1/14 }
Maybe you didn't know, but Amazon ๐ฉirtual ๐ฃrivate ๐กetwork is the networking layer for EC2.
This virtual network imitates your local data center, but with all the benefits of the cloud's scalable infrastructure.
Knowing about VPC & networking is crucial.
{ 2/14 }
This virtual network imitates your local data center, but with all the benefits of the cloud's scalable infrastructure.
Knowing about VPC & networking is crucial.
{ 2/14 }
๐ฉ๐ฃ๐๐ & ๐ฆ๐๐ฏ๐ป๐ฒ๐๐
A VPC is a logically isolated network where you can launch resources like Lambda functions or EC2 instances into.
You can also:
โข specify IP ranges
โข add subnets
โข associate security groups
โข configure route tables
{ 3/14 }
A VPC is a logically isolated network where you can launch resources like Lambda functions or EC2 instances into.
You can also:
โข specify IP ranges
โข add subnets
โข associate security groups
โข configure route tables
{ 3/14 }
For subnets, we separate ๐ฝ๐๐ฏ๐น๐ถ๐ฐ & ๐ฝ๐ฟ๐ถ๐๐ฎ๐๐ฒ subnets. Public subnets are for resources that need access to the internet - private subnets are for resources that only need internal access.
๐ก Some resources can only live in private subnets (e.g. ElastiCache)
{ 4/14 }
๐ก Some resources can only live in private subnets (e.g. ElastiCache)
{ 4/14 }
Resources in each subnet can be protected with ๐บ๐๐น๐๐ถ๐ฝ๐น๐ฒ ๐น๐ฎ๐๐ฒ๐ฟ๐ ๐ผ๐ณ ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐.
For example:
โข ๐ฆecurity ๐roups (SGs)
โข Network ๐ccess ๐ontrol ๐ists (ACLs)
๐ก Your AWS account (created after the end of 2013) comes with a ๐ฑ๐ฒ๐ณ๐ฎ๐๐น๐ VPC!
{ 5/14 }
For example:
โข ๐ฆecurity ๐roups (SGs)
โข Network ๐ccess ๐ontrol ๐ists (ACLs)
๐ก Your AWS account (created after the end of 2013) comes with a ๐ฑ๐ฒ๐ณ๐ฎ๐๐น๐ VPC!
{ 5/14 }
๐ฅ๐ผ๐๐๐ฒ ๐ง๐ฎ๐ฏ๐น๐ฒ๐
Traffic inside your VPC needs direction. That's what Route Tables are for.
Those are sets of rules which you can associate with a subnet. Each Route Table needs a ๐ฑ๐ฒ๐๐๐ถ๐ป๐ฎ๐๐ถ๐ผ๐ป and ๐๐ฎ๐ฟ๐ด๐ฒ๐ which defines how traffic is routed.
{ 6/14 }
Traffic inside your VPC needs direction. That's what Route Tables are for.
Those are sets of rules which you can associate with a subnet. Each Route Table needs a ๐ฑ๐ฒ๐๐๐ถ๐ป๐ฎ๐๐ถ๐ผ๐ป and ๐๐ฎ๐ฟ๐ด๐ฒ๐ which defines how traffic is routed.
{ 6/14 }
The ๐ฑ๐ฒ๐๐๐ถ๐ป๐ฎ๐๐ถ๐ผ๐ป is a set of IP addresses to where you want to direct your traffic, defined as a Classless Inter-Domain Routing (CIDR) block.
The ๐๐ฎ๐ฟ๐ด๐ฒ๐ is either a gateway, network interface, or connection that your subnet should send the traffic to.
{ 7/14 }
The ๐๐ฎ๐ฟ๐ด๐ฒ๐ is either a gateway, network interface, or connection that your subnet should send the traffic to.
{ 7/14 }
If you didn't assign your own route table to a subnet, is implicitly assigned to the ๐บ๐ฎ๐ถ๐ป ๐ฟ๐ผ๐๐๐ฒ ๐๐ฎ๐ฏ๐น๐ฒ.
There are a lot more key concepts to know for route tables that are well-documented at AWS.
docs.aws.amazon.com/vpc/latest/useโฆ
{ 8/14 }
There are a lot more key concepts to know for route tables that are well-documented at AWS.
docs.aws.amazon.com/vpc/latest/useโฆ
{ 8/14 }
Some more facts about the default VPC:
โข it comes with an internet gateway
โข the default subnet is ๐ฝ๐๐ฏ๐น๐ถ๐ฐ - resources there use the internet gateway for accessing the internet
โข your default subnets resources have a private & public IPv4 address
{ 9/14 }
โข it comes with an internet gateway
โข the default subnet is ๐ฝ๐๐ฏ๐น๐ถ๐ฐ - resources there use the internet gateway for accessing the internet
โข your default subnets resources have a private & public IPv4 address
{ 9/14 }
An internet gateway is not the only way of enabling access to the world
You can also use a ๐กetwork ๐ddress ๐งranslations (๐ก๐๐ง) device. It maps multiple of your private IPv4 addresses to a single public IPv4.
๐ก It also prevents unsolicited inbound connections.
{ 10/14 }
You can also use a ๐กetwork ๐ddress ๐งranslations (๐ก๐๐ง) device. It maps multiple of your private IPv4 addresses to a single public IPv4.
๐ก It also prevents unsolicited inbound connections.
{ 10/14 }
There are two different types of NAT devices at AWS:
โข NAT ๐๐ฎ๐๐ฒ๐๐ฎ๐* - an AWS managed gateway
โข NAT ๐๐ป๐๐๐ฎ๐ป๐ฐ๐ฒ - your own NAT device, running on an EC2 instance
* You're paying for each running ๐ต๐ผ๐๐ฟ & ๐ฒ๐ฎ๐ฐ๐ต ๐๐ ๐ผ๐ณ ๐ฑ๐ฎ๐๐ฎ that is processed!
{ 11/14 }
โข NAT ๐๐ฎ๐๐ฒ๐๐ฎ๐* - an AWS managed gateway
โข NAT ๐๐ป๐๐๐ฎ๐ป๐ฐ๐ฒ - your own NAT device, running on an EC2 instance
* You're paying for each running ๐ต๐ผ๐๐ฟ & ๐ฒ๐ฎ๐ฐ๐ต ๐๐ ๐ผ๐ณ ๐ฑ๐ฎ๐๐ฎ that is processed!
{ 11/14 }
๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐๐ฟ๐ผ๐๐ฝ๐ (SGs)
SGs define ๐ฎ๐น๐น๐ผ๐ rules for your traffic - inbound or outbound. It enables traffic filtering based on protocols & port numbers.
๐ก Security Groups operate on instance level & are stateful. A must-know fact for exams.
{ 12/14 }
SGs define ๐ฎ๐น๐น๐ผ๐ rules for your traffic - inbound or outbound. It enables traffic filtering based on protocols & port numbers.
๐ก Security Groups operate on instance level & are stateful. A must-know fact for exams.
{ 12/14 }
๐ก๐ฒ๐๐๐ผ๐ฟ๐ธ ๐๐ฐ๐ฐ๐ฒ๐๐ ๐๐ผ๐ป๐๐ฟ๐ผ๐น ๐๐ถ๐๐๐ (ACLs)
ACLs define ๐ฎ๐น๐น๐ผ๐ and/or ๐ฑ๐ฒ๐ป๐ rules. Evaluation starts with the lowest rule number - the first match is used.
๐ก ACLs are stateless => return traffic must be ๐ฒ๐ ๐ฝ๐น๐ถ๐ฐ๐ถ๐๐น๐ allowed by rules.
{ 13/14 }
ACLs define ๐ฎ๐น๐น๐ผ๐ and/or ๐ฑ๐ฒ๐ป๐ rules. Evaluation starts with the lowest rule number - the first match is used.
๐ก ACLs are stateless => return traffic must be ๐ฒ๐ ๐ฝ๐น๐ถ๐ฐ๐ถ๐๐น๐ allowed by rules.
{ 13/14 }
๐ฉ๐ฃ๐ ๐ฃ๐ฒ๐ฒ๐ฟ๐ถ๐ป๐ด
Peering connections allow you to route traffic between two VPCs as if they were in the same VPC. It also allows you to not only connect to VPCs in other regions but also in other AWS accounts.
๐ก CIDR blocks for your VPCs can't overlap!
{ 14/14 }
Peering connections allow you to route traffic between two VPCs as if they were in the same VPC. It also allows you to not only connect to VPCs in other regions but also in other AWS accounts.
๐ก CIDR blocks for your VPCs can't overlap!
{ 14/14 }
VPC & networking are huge topics and this was just an introduction to some important parts ๐
Learn more by exploring the docs and more important by getting hands-on practice! ๐จโ๐ป
Retweet & like the initial post if you enjoyed reading this & follow me for more cloud content ๐ค
Learn more by exploring the docs and more important by getting hands-on practice! ๐จโ๐ป
Retweet & like the initial post if you enjoyed reading this & follow me for more cloud content ๐ค
โข โข โข
Missing some Tweet in this thread? You can try to
force a refresh
ใ
