• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Amazon virtual private cloud (vpc)
 

Amazon virtual private cloud (vpc)

on

  • 120 views

Amazon VPC 에 대한 소개

Amazon VPC 에 대한 소개

Statistics

Views

Total Views
120
Views on SlideShare
117
Embed Views
3

Actions

Likes
2
Downloads
9
Comments
0

1 Embed 3

http://realgsong.wordpress.com 3

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Amazon virtual private cloud (vpc) Amazon virtual private cloud (vpc) Presentation Transcript

    • Amazon VPC Encored Technologies, Inc. Jonghan Seo (jhseo@encoredtech.com)
    • About Amazon VPC ● Virtual Private Cloud ● Virtual network dedicated to an AWS account ● Price ○ No additional charge for VPC itself
    • VPC ● Logically isolated from other VPCs in AWS ● to ‘configure’ VPC ○ selecting IP address range ○ creating subnets ○ configuring network gateways ○ configuring route tables ○ configuring security settings
    • Subnet ● a range of IP addresses in VPC ● public/private subnet ○ Internet Gateway (IGW) ○ public subnet ■ routed to IGW ○ private subnet ■ not routed to IGW ■ can send requests to the internet through Network Access Translation (NAT)
    • Security ● Security Group ● Network Access Control List (ACL)
    • VPC Example
    • Configuring VPC ● CIDR (Classless InterDomain Routing) ● examples ○ 192.168.123.123 → 192.168.123.123/32 ○ 192.168.10.* → 192.168.10.0/24 ○ *.*.*.* → 0.0.0.0/0
    • Configuring VPC ● Creating VPC in an AWS region ○ Selecting IP address ranges for the VPC
    • Configuring VPC ● Creating Subnets ○ Selecting IP address range for each subnet
    • Configuring VPC ● Configuring network gateways ○ IGW, VGW
    • Configuring VPC ● Configuring route tables (a public subnet)
    • Configuring VPC ● Configuring route tables (a private subnet)
    • Configuring VPC ● Configuring network settings (ACL)
    • Security in VPC ● Specifying allow/deny rules in terms of IPs and ports for inbound/outbound traffics ● Two Features ○ Security Group(SG) ○ network Access Control Lists (ACL)
    • Security in VPC ● SG vs. ACL
    • Security in VPC
    • Security in VPC (ACL)
    • Security in VPC (ACL) ● ACL recommendations ○ Scenario 1 ■ single subnet ■ receives and sends internet traffics ○ Scenario 2 ■ public and private subnets ■ public subnet: receives and send internet traffics ■ private subnet: only initiates traffics to the internet through NAT
    • Networking in VPC ● IP address ○ private IP ■ all instances have a primary private IP ■ an instance can have multiple secondary private IP addresses ○ public IP ■ an instance optionally has a public IP ■ assigned from Amazon’s pool of IPs (not from a amazon account’s) so it is not persistent. ■ to assign a persistent public IP: EIP(Elastic IP addresses)
    • Networking in VPC ● Elastic IP Addresses (EIP) ○ a static public IP address ○ can be associated with any instance or network interface for VPC ○ a sort of my pool of public IPs ○ allocating an EIP in VPC → associating an EIP with a running instance in VPC → disassociating an EIP → releasing an EIP
    • Networking in VPC ● Elastic Network Interface (ENI) ○ a sort of a (virtual) ethernet card ○ attributes: ■ a primary private IP ■ one or more secondary private IP ■ one EIP per private IP ■ one public IP ■ one or more SG ■ a MAC address ■ a source/destination check flag ■ a description
    • Networking in VPC ● route table ○ subnet : route table = n : 1 ○ main/custom route table ○ http://docs.aws.amazon. com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html
    • Networking in VPC ● Adding an IGW ○ Creating a Subnet ○ Attaching an IGW ○ Creating a Custom Route Table ■ adding a custom route rule ex) 0.0.0.0/0 igw-b71902dd ■ Associating the route table to the subnet
    • Networking in VPC ○ Updating the SG rules (default SG for VPC) ■ 80(HTTP) 0.0.0.0/0 ■ 443(HTTPS) 0.0.0.0/0 ○ Adding EIP to instances
    • Networking in VPC ● NAT Instance ○ Creating a VPC with two subnets ○ Creating the NATSG security group ○ Launching an instance (AMI: ami-vpc-nat) ■ SG = NATSG ■ selecting Public IP options (assigning EIP after launching)
    • Networking in VPC ○ Configuring the NATSG ■ http://docs.aws.amazon. com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance. html#NATSG ○ Disabling Source/Destination Checks ■ NAT must send/receive traffic when the source or destination is not itself ■ Disable the SrcDestCheck attribute ○ Updating the route table for the private subnet ■ 0.0.0.0/0 nat-instance-id
    • AWS VPC - other AWS products ● EC2-VPC ● ElastiCache-VPC ● RDS-VPC ● AS-VPC ● ELB-VPC ● EMR-VPC ● Elastic Beanstalk-VPC