Amazon Web Services Japan, profile picture
Uploaded byAmazon Web Services Japan
22,727 views

20190417 AWS Black Belt Online Seminar Amazon VPC Advanced

AWS公式オンラインセミナー: https://amzn.to/JPWebinar 過去資料: https://amzn.to/JPArchive

Embed presentation

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Webinar https://amzn.to/JPWebinar https://amzn.to/JPArchive Solutions Architect 2019/4/17 Amazon VPC Advanced [AWS Black Belt Online Seminar]
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 2
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Black Belt Online Seminar • • ① 吹き出しをクリック ② 質問を入力 ③ Sendをクリック Twitter #awsblackbelt 3
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • 2019 4 17 AWS (http://aws.amazon.com) • AWS AWS • • AWS does not offer binding price quotes. AWS pricing is publicly available and is subject to change in accordance with the AWS Customer Agreement available at http://aws.amazon.com/agreement/. Any pricing information included in this document is provided only as an estimate of usage charges for AWS services based on certain information that you have provided. Monthly charges will be based on your actual use of AWS services, and may vary from the estimates provided. 4
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • VPC Sharing • Transit Gateway • PrivateLink 5
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 6
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 東京リージョン Amazon Virtual Private Cloud (VPC) (http://aws.amazon.com/jp/vpc/) • AWS • AWS • 仮想プライベートクラウドサービス VPC ( 172.16.0.0/16) 既存システム プライベート サブネット パブリック サブネット インターネット VPN or 専用線 ネットワークを 要件に応じて設定 インターネット ゲートウェイ 7
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark VPC • 2009-8 Limited Beta • 2009-12 Unlimited Beta • 2010-2 EBS Support • 2010-9 (MC) • 2011-3 IGW, EIP, NAT instance, NACL, SG • 2011-8 Multi-AZ • 2011-9 DirectConnect(DX) • 2012-6 Multiple IP • 2012-7 Internal ELB • 2013-10 DX MC • 2013-12 Default VPC • 2014-3 VPC peering • 2014-9 R53 Private host zone 8
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark VPC • 2015-6 VPC flow logs • 2015-12 NAT gateway • 2016-7 DNS for VPC peering • 2016-8 RDS in your VPC • 2016-12 IPv6 • 2017-8 Add CIDRs • 2017-11 PrivateLink • 2017-11 Inter-Region VPC Peering • 2018-10 BYOIP • 2018-11 Agentless network assessments • 2018-11 Transit Gateway • 2018-12 VPC Sharing • 2018-12 ClientVPN 9
2019.4のReference Network Architecture Internet Account Account Account Account Account Account Account Account Account Account Account Account VP N AWS Direct Connect * Account Account Account Account IAM, cross-account roles Route tables Route tables Transit Gateway Available Q1 2019 10
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 東京リージョン Amazon Virtual Private Cloud (VPC) 特徴 (http://aws.amazon.com/jp/vpc/) • AWS上にプライベートネットワークを構築 • AWSと既存環境のハイブリッド構成を実現 • きめ細かいネットワーク設定が可能 仮想プライベートクラウドサービス VPC ( 172.16.0.0/16) 既存システム プライベート サブネット パブリック サブネット インターネット VPN or 専用線 ネットワークを 要件に応じて設定 インターネット ゲートウェイ ここが歴史です 11
2019.4のReference Network Architecture Internet Account Account Account Account Account Account Account Account Account Account Account Account VP N AWS Direct Connect * Account Account Account Account IAM, cross-account roles Route tables Route tables Transit Gateway Available Q1 2019 12
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC Sharing 13
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Mini-Agenda VPC – VPC 14
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. なぜマルチアカウントか? 15
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Answers AWS Multiple Account Security Strategy 16
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Multi-Account view Production Account Test/UAT Account Development Account Master Account 17
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 18
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Production Account Test/UAT Account Development Account Master Account VPC VPC VPC 10.1.0.0/16 10.2.0.0/16 10.3.0.0/16 PeeringPeering Private VIF Private VIF Private VIF NAT gateway NAT gateway NAT gateway 19
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark App A Production Account App A Test/UAT Account App A Development Account Master Account App B Production Account App B Test/UAT Account App B Development Account Business Unit A Business Unit B VPC VPC VPC VPC VPCVPC VPC VPC VPC VPC VPC VPC NAT gateway NAT gateway NAT gateway NAT gateway NAT gateway PeeringPeeringPeeringPeering Private VIF Private VIFPrivate VIF Private VIF 20
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • • • • • • • • • • • 21
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 22
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark VPC App A Production Account App A Test/UAT Account App A Development Account Master Account App B Production Account App B Test/UAT Account App B Development Account Business Unit A Business Unit B Prod VPC VPC VPC Dev/Test VPCNAT gateway NAT gateway Private VIF Private VIF 23
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark VPC VPC • IPv4 • • AWS • AWS 24
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark IP IPv4 CIDR VPC peering, Transit VPC • VPC 25
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Admin Users Account A (VPC Owner) Account B (Participant) Common VPC Same AWS Organization AWS Resource Access Manager Shared Subnet Share subnet with Resource Share EC2 Instance owned by Account A RDS Instance owned by Account B Traffic 26
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark VPC Sharing VPC • VPC • VPC Sharing • VPC • VPC, 27
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 28
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark to VPC VPN 29
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Transit Gateway 1000以上のVPCとオンプレミス間の相互接続を簡単 に オンプレミス データセンター AWS VPC AWS Transit Gateway 30
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Transit Gateway: AWS Transit Gateway VPCとオンプレミス間のルーティングポリシーを集中管理 マルチアカウント間での1000を超えるVPC間接続をサポート 柔軟なルーティングテーブルの分割とルーティングルール スケーラブル マルチVPNコネクションのスループット向上 運用の単純化 31
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • アカウント間の複数VPC間の相互接続の集中管理 • VPNとDirect Connectの接続点を集中化 • ピアツーピアネットワークが必要であった構成の削減、または 廃止が可能 • ECMPルーティングによるVPNスループットの向上(50 Gbps+) • AWS Transit Gatewayによりリージョン間のピアリングが可能 • AWSグローバルネットワークを活用して、低遅延のクロスリー ジョン接続を実現 • Regional construct reduces blast radius • AWSとオンプレミス間の設定時間を削減 • 1カ所で管理および監視が簡単に可能 • CloudWatchとVPC Flow Logsとの統合 • 既存のVPCセキュリティグループとネットワークアクセスコン トロールリストを利用可能 ネットワーク構成 の単純化 Global Connectivity AWS Transit Gateway: 32
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 33
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark – VPC • 複数のVPCを使用しているお客様 • 多数のVPCにまたがるアプリケーションを構 築するお客様 • ネットワークサービスの共有が可能 (DNS, Active Directory, ファイアーウォール, IDS) • 管理のオーバーヘッドを削減 34
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark – • すべてのVPCで共通のVPNまたはDirect Connect Gateway(DXGW)を共有 • 複数のVPCにオンプレミスネットワークを接 続する時間を短縮 • AWS Transit GatewayにVPCを追加する際、 追加する顧客ネットワークに変更は不要 35
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Use Case – • 共有のVPCホストセキュリティツール • Firewall as a service • Webアプリケーションファイアウォール (WAF)、データ損失防止(DLP)、侵入検 知/保護(IDS / IPS) • ネイティブAWSサービスでスケールアウト 36
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 37
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Internet Account Account Account Account 開発環境 Account Account Account Account テスト環境 Account Account Account Account 本番環境 アウトバウンド URL filtering NAT gateway DLP / Proxy エッジサービス WAF / ADC SD-WAN VPN / Firewall IDS / IPS Firewall / NGFW インラインサービス 共有サービス Authentication, Monitoring VPN AWS Direct Connect * Account Account Account Account 管理アカウント (logging, AWS Organizations, billing, landing zone) IAM, Cross-account roles Route tables Route tables Transit Gateway East-West + North-South Available 1H 2019 AWS Transit Gateway 38
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark VPC Account Account Account Account Development Account Account Account Account Testing Account Account Account Account Production 共有サービス Authentication, monitoring Route tables Route tables Transit Gateway VRF) Account Account Account Account Acquisition Example applications • 認証 • ロギング • DevOps ツール • セキュリティリソース AWS Transit Gateway 39
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Transit Gateway PrivateLink AWS Transit Gateway • 多対多、1対多でルーティング テーブルを利用するもの • Highly scalable • 1時間当たりのAZエンドポイン トコスト Account Account Account Account Development Account Account Account Account Testing Account Account Account Account Production Shared Services Authentication, Monitoring R o u t e T a b l e s R o u t e T a b l e s Transit Gateway 適用範囲:アプリケーション共有サービス 信頼モデル:VPC間に相互信頼をもたない 依存関係:ロードバランサとアプリケーションアーキテクチャ 規模:数千のスポークVPC 対象範囲:多数のVPCへのネットワーク共有サービス 信頼モデル:VPC単位の信頼、集中管理 依存関係:Transit Gatewayによる集中管理 規模:数千のスポークVPC AWS PrivateLink • 1対多のコネクティビティ • Highly scalable • IPアドレス重複のサポート • Elastic Load Balancingの使用 • ロードバランサと1時間当たり のエンドポイントコスト 40
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Transit Gateway VPN VPN Route tables Route tables Transit Gateway Customer Gateway Transit Gateway (TGW)によるVPNの統合 • VPNはVirtual Private Gateway (VGW)に接続しているように 動作 • 帯域、設定、API,コストおよびエクスペリエンスは従 来通り • VPNはVGWではなくTGWに接続 • VGW同様トンネルあたり1.25 gbpsの帯域幅を適用 多数のVPCのエッジへの暗号化 • トラフィックはVPC内に入るまで暗号化 • VPC間の通信は自動では暗号化されない • インターリージョンVPCはデフォルト暗号化 41
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Transit Gateway VPN: VPN VPN Route tables Route tables Transit Gateway Customer Gateway 複数トンネルによるトラフィックの分散サポート • BGPマルチパスによるEqual Cost Multi Path(ECMP)の サポート • 最大50 Gbpsの帯域までテスト済み • トラフィックの小さな複数のフローへの分割, マルチパー トアップロード, etc. オンプレミス環境側の設定確認事項 • マルチパスBGPサポート • ECMPサポート, ECMPのパスの最大数, reverse-path forwarding/spoofing機能の有無 • BGP、スタティックルートサポート 42
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Direct Connect Transit Gateway Direct Connect VPC Public接続を利用したDirect Connect上にVPNを張る暗号化 Account Account Account Account Development Account Account Account Account Testing Account Account Account Account Production Shared VPN AWS Direct Connect Route Tables Route Tables Transit Gateway virtual interfaces VPN AWS Direct Connect Route Tables Route Tables Transit Gateway Public virtual interface AWS Cloud Receive AWS public IP addresses 20191Hサポート予定 43
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 構成例 44
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Transit Gatewayで自由に通信させる route domains Transit Gateway Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.0.0.0/8 VPN Default routing domain ルートテーブルは1つ 45
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Transit Gatewayで通信制限する route domains Transit Gateway Shared services VP N VPC Route Destination 10.1.0.0/16 vpc-att-1xxxx 10.2.0.0/16 vpc-att-2xxxx Route Destination 10.3.0.0/16 vpc-att-3xxxx 10.4.0.0/16 vpc-att-4xxxx Route Destination 10.0.0.0/8 VPN 10.4.0.0/16 vpc-att-4xxxx VPCs attach to a route table with routes to shared resources Shared resources attach to a route table with routes to all resources Shared serviceと VPN向けのみの経路 それぞれのVPC向け の経路 46
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. インターネットに抜けるOutbound Route Domains Transit Gateway VP N Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.0.0.0/8 VPN 0.0.0.0/0 vpc-att-4xxxxxx Default routing domain インターネットVPC向 けの経路 47
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. インターネットに抜けるOutbound Route Domains Transit Gateway VP N Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.0.0.0/8 VPN 0.0.0.0/0 vpc-att-4xxxxxx Default routing domain インターネットVPC向 けの経路 48
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink 49
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS PrivateLink • https://aws.amazon.com/jp/about-aws/whats- new/2017/11/introducing-aws-privatelink-for-aws-services/ • パブリック IP を使用することなく、またインターネット全体を横断するトラ フィックを必要とすることなく、Amazon Virtual Private Cloud (VPC) か ら AWS のサービスにプライベートにアクセスできます。 • 対応サービス • https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html • 最近ではECR,ECS,Fargateも 50
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink • 別の AWS アカウントでホストされるサービス、AWS Marketplace のサードパーティサービスにセキュアに接続 • お客様の VPC とこうしたいずれかのサービス間のトラフィックは Amazon のネットワークの外に出ない • サービスと通信するためにインターネットゲートウェイ、NAT デバイス、パブリック IP アドレス、VPN 接続は不要 51
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Transit Gateway PrivateLink AWS Transit Gateway • 多対多、1対多でルーティング テーブルを利用するもの • Highly scalable • 1時間当たりのAZエンドポイン トコスト Account Account Account Account Development Account Account Account Account Testing Account Account Account Account Production Shared Services Authentication, Monitoring R o u t e T a b l e s R o u t e T a b l e s Transit Gateway 適用範囲:アプリケーション共有サービス 信頼モデル:VPC間に相互信頼をもたない 依存関係:ロードバランサとアプリケーションアーキテクチャ 規模:数千のスポークVPC 対象範囲:多数のVPCへのネットワーク共有サービス 信頼モデル:VPC単位の信頼、集中管理 依存関係:Transit Gatewayによる集中管理 規模:数千のスポークVPC AWS PrivateLink • 1対多のコネクティビティ • Highly scalable • IPアドレス重複のサポート • Elastic Load Balancingの使用 • ロードバランサと1時間当たり のエンドポイントコスト 52
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • VPC Sharing • Transit Gateway • PrivateLink 3 Transit Gateway AWS Summit Tokyo Dive Deep 53
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Q&A AWS Japan Blog https://aws.amazon.com/jp/blogs/news/ 54
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS AWS https://amzn.to/JPArchive 55
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • •
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Webinar https://amzn.to/JPWebinar https://amzn.to/JPArchive

More Related Content

PDF
202205 AWS Black Belt Online Seminar Amazon VPC IP Address Manager (IPAM)
byAmazon Web Services Japan
 
PDF
202205 AWS Black Belt Online Seminar Amazon FSx for OpenZFS
byAmazon Web Services Japan
 
PDF
202204 AWS Black Belt Online Seminar AWS IoT Device Defender
byAmazon Web Services Japan
 
PDF
Infrastructure as Code (IaC) 談義 2022
byAmazon Web Services Japan
 
PDF
202204 AWS Black Belt Online Seminar Amazon Connect を活用したオンコール対応の実現
byAmazon Web Services Japan
 
PDF
202204 AWS Black Belt Online Seminar Amazon Connect Salesforce連携(第1回 CTI Adap...
byAmazon Web Services Japan
 
PDF
Amazon Game Tech Night #25 ゲーム業界向け機械学習最新状況アップデート
byAmazon Web Services Japan
 
PPTX
20220409 AWS BLEA 開発にあたって検討したこと
byAmazon Web Services Japan
 
202205 AWS Black Belt Online Seminar Amazon VPC IP Address Manager (IPAM)
byAmazon Web Services Japan
 
202205 AWS Black Belt Online Seminar Amazon FSx for OpenZFS
byAmazon Web Services Japan
 
202204 AWS Black Belt Online Seminar AWS IoT Device Defender
byAmazon Web Services Japan
 
Infrastructure as Code (IaC) 談義 2022
byAmazon Web Services Japan
 
202204 AWS Black Belt Online Seminar Amazon Connect を活用したオンコール対応の実現
byAmazon Web Services Japan
 
202204 AWS Black Belt Online Seminar Amazon Connect Salesforce連携(第1回 CTI Adap...
byAmazon Web Services Japan
 
Amazon Game Tech Night #25 ゲーム業界向け機械学習最新状況アップデート
byAmazon Web Services Japan
 
20220409 AWS BLEA 開発にあたって検討したこと
byAmazon Web Services Japan
 

More from Amazon Web Services Japan

PDF
202202 AWS Black Belt Online Seminar AWS Managed Rules for AWS WAF の活用
byAmazon Web Services Japan
 
PDF
202203 AWS Black Belt Online Seminar Amazon Connect Tasks.pdf
byAmazon Web Services Japan
 
PDF
SaaS テナント毎のコストを把握するための「AWS Application Cost Profiler」のご紹介
byAmazon Web Services Japan
 
PDF
Amazon QuickSight の組み込み方法をちょっぴりDD
byAmazon Web Services Japan
 
PDF
マルチテナント化で知っておきたいデータベースのこと
byAmazon Web Services Japan
 
PDF
機密データとSaaSは共存しうるのか!?セキュリティー重視のユーザー層を取り込む為のネットワーク通信のアプローチ
byAmazon Web Services Japan
 
PDF
パッケージソフトウェアを簡単にSaaS化!?既存の資産を使ったSaaS化手法のご紹介
byAmazon Web Services Japan
 
PDF
202202 AWS Black Belt Online Seminar Amazon Connect Customer Profiles
byAmazon Web Services Japan
 
PDF
Amazon Game Tech Night #24 KPIダッシュボードを最速で用意するために
byAmazon Web Services Japan
 
PDF
202202 AWS Black Belt Online Seminar AWS SaaS Boost で始めるSaaS開発⼊⾨
byAmazon Web Services Japan
 
PPTX
[20220126] JAWS-UG 2022初頭までに葬ったAWSアンチパターン大紹介
byAmazon Web Services Japan
 
PDF
202111 AWS Black Belt Online Seminar AWSで構築するSmart Mirrorのご紹介
byAmazon Web Services Japan
 
PDF
202201 AWS Black Belt Online Seminar Apache Spark Performnace Tuning for AWS ...
byAmazon Web Services Japan
 
PDF
202112 AWS Black Belt Online Seminar 店内の「今」をお届けする小売業向けリアルタイム配信基盤のレシピ
byAmazon Web Services Japan
 
PDF
20211209 Ops-JAWS Re invent2021re-cap-cloud operations
byAmazon Web Services Japan
 
PDF
20211203 AWS Black Belt Online Seminar AWS re:Invent 2021アップデート速報
byAmazon Web Services Japan
 
PDF
[AWS EXpert Online for JAWS-UG 18] 見せてやるよ、Step Functions の本気ってやつをな
byAmazon Web Services Japan
 
PPTX
20211109 JAWS-UG SRE keynotes
byAmazon Web Services Japan
 
PPTX
20211109 bleaの使い方(基本編)
byAmazon Web Services Japan
 
PDF
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN
byAmazon Web Services Japan
 
202202 AWS Black Belt Online Seminar AWS Managed Rules for AWS WAF の活用
byAmazon Web Services Japan
 
202203 AWS Black Belt Online Seminar Amazon Connect Tasks.pdf
byAmazon Web Services Japan
 
SaaS テナント毎のコストを把握するための「AWS Application Cost Profiler」のご紹介
byAmazon Web Services Japan
 
Amazon QuickSight の組み込み方法をちょっぴりDD
byAmazon Web Services Japan
 
マルチテナント化で知っておきたいデータベースのこと
byAmazon Web Services Japan
 
機密データとSaaSは共存しうるのか!?セキュリティー重視のユーザー層を取り込む為のネットワーク通信のアプローチ
byAmazon Web Services Japan
 
パッケージソフトウェアを簡単にSaaS化!?既存の資産を使ったSaaS化手法のご紹介
byAmazon Web Services Japan
 
202202 AWS Black Belt Online Seminar Amazon Connect Customer Profiles
byAmazon Web Services Japan
 
Amazon Game Tech Night #24 KPIダッシュボードを最速で用意するために
byAmazon Web Services Japan
 
202202 AWS Black Belt Online Seminar AWS SaaS Boost で始めるSaaS開発⼊⾨
byAmazon Web Services Japan
 
[20220126] JAWS-UG 2022初頭までに葬ったAWSアンチパターン大紹介
byAmazon Web Services Japan
 
202111 AWS Black Belt Online Seminar AWSで構築するSmart Mirrorのご紹介
byAmazon Web Services Japan
 
202201 AWS Black Belt Online Seminar Apache Spark Performnace Tuning for AWS ...
byAmazon Web Services Japan
 
202112 AWS Black Belt Online Seminar 店内の「今」をお届けする小売業向けリアルタイム配信基盤のレシピ
byAmazon Web Services Japan
 
20211209 Ops-JAWS Re invent2021re-cap-cloud operations
byAmazon Web Services Japan
 
20211203 AWS Black Belt Online Seminar AWS re:Invent 2021アップデート速報
byAmazon Web Services Japan
 
[AWS EXpert Online for JAWS-UG 18] 見せてやるよ、Step Functions の本気ってやつをな
byAmazon Web Services Japan
 
20211109 JAWS-UG SRE keynotes
byAmazon Web Services Japan
 
20211109 bleaの使い方(基本編)
byAmazon Web Services Japan
 
202110 AWS Black Belt Online Seminar AWS Site-to-Site VPN
byAmazon Web Services Japan
 

Recently uploaded

PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
PPTX
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
PPTX
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
communication-skills-with-technology tools
byJaleto Sunkemo
 

20190417 AWS Black Belt Online Seminar Amazon VPC Advanced

  • 1.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Webinar https://amzn.to/JPWebinar https://amzn.to/JPArchive Solutions Architect 2019/4/17 Amazon VPC Advanced [AWS Black Belt Online Seminar]
  • 2.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 2
  • 3.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Black Belt Online Seminar • • ① 吹き出しをクリック ② 質問を入力 ③ Sendをクリック Twitter #awsblackbelt 3
  • 4.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • 2019 4 17 AWS (http://aws.amazon.com) • AWS AWS • • AWS does not offer binding price quotes. AWS pricing is publicly available and is subject to change in accordance with the AWS Customer Agreement available at http://aws.amazon.com/agreement/. Any pricing information included in this document is provided only as an estimate of usage charges for AWS services based on certain information that you have provided. Monthly charges will be based on your actual use of AWS services, and may vary from the estimates provided. 4
  • 5.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • VPC Sharing • Transit Gateway • PrivateLink 5
  • 6.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 6
  • 7.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 東京リージョン Amazon Virtual Private Cloud (VPC) (http://aws.amazon.com/jp/vpc/) • AWS • AWS • 仮想プライベートクラウドサービス VPC ( 172.16.0.0/16) 既存システム プライベート サブネット パブリック サブネット インターネット VPN or 専用線 ネットワークを 要件に応じて設定 インターネット ゲートウェイ 7
  • 8.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark VPC • 2009-8 Limited Beta • 2009-12 Unlimited Beta • 2010-2 EBS Support • 2010-9 (MC) • 2011-3 IGW, EIP, NAT instance, NACL, SG • 2011-8 Multi-AZ • 2011-9 DirectConnect(DX) • 2012-6 Multiple IP • 2012-7 Internal ELB • 2013-10 DX MC • 2013-12 Default VPC • 2014-3 VPC peering • 2014-9 R53 Private host zone 8
  • 9.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark VPC • 2015-6 VPC flow logs • 2015-12 NAT gateway • 2016-7 DNS for VPC peering • 2016-8 RDS in your VPC • 2016-12 IPv6 • 2017-8 Add CIDRs • 2017-11 PrivateLink • 2017-11 Inter-Region VPC Peering • 2018-10 BYOIP • 2018-11 Agentless network assessments • 2018-11 Transit Gateway • 2018-12 VPC Sharing • 2018-12 ClientVPN 9
  • 10.
    2019.4のReference Network Architecture Internet Account Account AccountAccount Account Account Account Account Account Account Account Account VP N AWS Direct Connect * Account Account Account Account IAM, cross-account roles Route tables Route tables Transit Gateway Available Q1 2019 10
  • 11.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. 東京リージョン Amazon Virtual Private Cloud (VPC) 特徴 (http://aws.amazon.com/jp/vpc/) • AWS上にプライベートネットワークを構築 • AWSと既存環境のハイブリッド構成を実現 • きめ細かいネットワーク設定が可能 仮想プライベートクラウドサービス VPC ( 172.16.0.0/16) 既存システム プライベート サブネット パブリック サブネット インターネット VPN or 専用線 ネットワークを 要件に応じて設定 インターネット ゲートウェイ ここが歴史です 11
  • 12.
    2019.4のReference Network Architecture Internet Account Account AccountAccount Account Account Account Account Account Account Account Account VP N AWS Direct Connect * Account Account Account Account IAM, cross-account roles Route tables Route tables Transit Gateway Available Q1 2019 12
  • 13.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC Sharing 13
  • 14.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Mini-Agenda VPC – VPC 14
  • 15.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. なぜマルチアカウントか? 15
  • 16.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Answers AWS Multiple Account Security Strategy 16
  • 17.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Multi-Account view Production Account Test/UAT Account Development Account Master Account 17
  • 18.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 18
  • 19.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Production Account Test/UAT Account Development Account Master Account VPC VPC VPC 10.1.0.0/16 10.2.0.0/16 10.3.0.0/16 PeeringPeering Private VIF Private VIF Private VIF NAT gateway NAT gateway NAT gateway 19
  • 20.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark App A Production Account App A Test/UAT Account App A Development Account Master Account App B Production Account App B Test/UAT Account App B Development Account Business Unit A Business Unit B VPC VPC VPC VPC VPCVPC VPC VPC VPC VPC VPC VPC NAT gateway NAT gateway NAT gateway NAT gateway NAT gateway PeeringPeeringPeeringPeering Private VIF Private VIFPrivate VIF Private VIF 20
  • 21.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • • • • • • • • • • • 21
  • 22.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 22
  • 23.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark VPC App A Production Account App A Test/UAT Account App A Development Account Master Account App B Production Account App B Test/UAT Account App B Development Account Business Unit A Business Unit B Prod VPC VPC VPC Dev/Test VPCNAT gateway NAT gateway Private VIF Private VIF 23
  • 24.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark VPC VPC • IPv4 • • AWS • AWS 24
  • 25.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark IP IPv4 CIDR VPC peering, Transit VPC • VPC 25
  • 26.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Admin Users Account A (VPC Owner) Account B (Participant) Common VPC Same AWS Organization AWS Resource Access Manager Shared Subnet Share subnet with Resource Share EC2 Instance owned by Account A RDS Instance owned by Account B Traffic 26
  • 27.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark VPC Sharing VPC • VPC • VPC Sharing • VPC • VPC, 27
  • 28.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 28
  • 29.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark to VPC VPN 29
  • 30.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Transit Gateway 1000以上のVPCとオンプレミス間の相互接続を簡単 に オンプレミス データセンター AWS VPC AWS Transit Gateway 30
  • 31.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Transit Gateway: AWS Transit Gateway VPCとオンプレミス間のルーティングポリシーを集中管理 マルチアカウント間での1000を超えるVPC間接続をサポート 柔軟なルーティングテーブルの分割とルーティングルール スケーラブル マルチVPNコネクションのスループット向上 運用の単純化 31
  • 32.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • アカウント間の複数VPC間の相互接続の集中管理 • VPNとDirect Connectの接続点を集中化 • ピアツーピアネットワークが必要であった構成の削減、または 廃止が可能 • ECMPルーティングによるVPNスループットの向上(50 Gbps+) • AWS Transit Gatewayによりリージョン間のピアリングが可能 • AWSグローバルネットワークを活用して、低遅延のクロスリー ジョン接続を実現 • Regional construct reduces blast radius • AWSとオンプレミス間の設定時間を削減 • 1カ所で管理および監視が簡単に可能 • CloudWatchとVPC Flow Logsとの統合 • 既存のVPCセキュリティグループとネットワークアクセスコン トロールリストを利用可能 ネットワーク構成 の単純化 Global Connectivity AWS Transit Gateway: 32
  • 33.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 33
  • 34.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark – VPC • 複数のVPCを使用しているお客様 • 多数のVPCにまたがるアプリケーションを構 築するお客様 • ネットワークサービスの共有が可能 (DNS, Active Directory, ファイアーウォール, IDS) • 管理のオーバーヘッドを削減 34
  • 35.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark – • すべてのVPCで共通のVPNまたはDirect Connect Gateway(DXGW)を共有 • 複数のVPCにオンプレミスネットワークを接 続する時間を短縮 • AWS Transit GatewayにVPCを追加する際、 追加する顧客ネットワークに変更は不要 35
  • 36.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Use Case – • 共有のVPCホストセキュリティツール • Firewall as a service • Webアプリケーションファイアウォール (WAF)、データ損失防止(DLP)、侵入検 知/保護(IDS / IPS) • ネイティブAWSサービスでスケールアウト 36
  • 37.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 37
  • 38.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Internet Account Account Account Account 開発環境 Account Account Account Account テスト環境 Account Account Account Account 本番環境 アウトバウンド URL filtering NAT gateway DLP / Proxy エッジサービス WAF / ADC SD-WAN VPN / Firewall IDS / IPS Firewall / NGFW インラインサービス 共有サービス Authentication, Monitoring VPN AWS Direct Connect * Account Account Account Account 管理アカウント (logging, AWS Organizations, billing, landing zone) IAM, Cross-account roles Route tables Route tables Transit Gateway East-West + North-South Available 1H 2019 AWS Transit Gateway 38
  • 39.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark VPC Account Account Account Account Development Account Account Account Account Testing Account Account Account Account Production 共有サービス Authentication, monitoring Route tables Route tables Transit Gateway VRF) Account Account Account Account Acquisition Example applications • 認証 • ロギング • DevOps ツール • セキュリティリソース AWS Transit Gateway 39
  • 40.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Transit Gateway PrivateLink AWS Transit Gateway • 多対多、1対多でルーティング テーブルを利用するもの • Highly scalable • 1時間当たりのAZエンドポイン トコスト Account Account Account Account Development Account Account Account Account Testing Account Account Account Account Production Shared Services Authentication, Monitoring R o u t e T a b l e s R o u t e T a b l e s Transit Gateway 適用範囲:アプリケーション共有サービス 信頼モデル:VPC間に相互信頼をもたない 依存関係:ロードバランサとアプリケーションアーキテクチャ 規模:数千のスポークVPC 対象範囲:多数のVPCへのネットワーク共有サービス 信頼モデル:VPC単位の信頼、集中管理 依存関係:Transit Gatewayによる集中管理 規模:数千のスポークVPC AWS PrivateLink • 1対多のコネクティビティ • Highly scalable • IPアドレス重複のサポート • Elastic Load Balancingの使用 • ロードバランサと1時間当たり のエンドポイントコスト 40
  • 41.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Transit Gateway VPN VPN Route tables Route tables Transit Gateway Customer Gateway Transit Gateway (TGW)によるVPNの統合 • VPNはVirtual Private Gateway (VGW)に接続しているように 動作 • 帯域、設定、API,コストおよびエクスペリエンスは従 来通り • VPNはVGWではなくTGWに接続 • VGW同様トンネルあたり1.25 gbpsの帯域幅を適用 多数のVPCのエッジへの暗号化 • トラフィックはVPC内に入るまで暗号化 • VPC間の通信は自動では暗号化されない • インターリージョンVPCはデフォルト暗号化 41
  • 42.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Transit Gateway VPN: VPN VPN Route tables Route tables Transit Gateway Customer Gateway 複数トンネルによるトラフィックの分散サポート • BGPマルチパスによるEqual Cost Multi Path(ECMP)の サポート • 最大50 Gbpsの帯域までテスト済み • トラフィックの小さな複数のフローへの分割, マルチパー トアップロード, etc. オンプレミス環境側の設定確認事項 • マルチパスBGPサポート • ECMPサポート, ECMPのパスの最大数, reverse-path forwarding/spoofing機能の有無 • BGP、スタティックルートサポート 42
  • 43.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Direct Connect Transit Gateway Direct Connect VPC Public接続を利用したDirect Connect上にVPNを張る暗号化 Account Account Account Account Development Account Account Account Account Testing Account Account Account Account Production Shared VPN AWS Direct Connect Route Tables Route Tables Transit Gateway virtual interfaces VPN AWS Direct Connect Route Tables Route Tables Transit Gateway Public virtual interface AWS Cloud Receive AWS public IP addresses 20191Hサポート予定 43
  • 44.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. 構成例 44
  • 45.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Transit Gatewayで自由に通信させる route domains Transit Gateway Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.0.0.0/8 VPN Default routing domain ルートテーブルは1つ 45
  • 46.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Transit Gatewayで通信制限する route domains Transit Gateway Shared services VP N VPC Route Destination 10.1.0.0/16 vpc-att-1xxxx 10.2.0.0/16 vpc-att-2xxxx Route Destination 10.3.0.0/16 vpc-att-3xxxx 10.4.0.0/16 vpc-att-4xxxx Route Destination 10.0.0.0/8 VPN 10.4.0.0/16 vpc-att-4xxxx VPCs attach to a route table with routes to shared resources Shared resources attach to a route table with routes to all resources Shared serviceと VPN向けのみの経路 それぞれのVPC向け の経路 46
  • 47.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. インターネットに抜けるOutbound Route Domains Transit Gateway VP N Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.0.0.0/8 VPN 0.0.0.0/0 vpc-att-4xxxxxx Default routing domain インターネットVPC向 けの経路 47
  • 48.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. インターネットに抜けるOutbound Route Domains Transit Gateway VP N Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.0.0.0/8 VPN 0.0.0.0/0 vpc-att-4xxxxxx Default routing domain インターネットVPC向 けの経路 48
  • 49.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PrivateLink 49
  • 50.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. AWS PrivateLink • https://aws.amazon.com/jp/about-aws/whats- new/2017/11/introducing-aws-privatelink-for-aws-services/ • パブリック IP を使用することなく、またインターネット全体を横断するトラ フィックを必要とすることなく、Amazon Virtual Private Cloud (VPC) か ら AWS のサービスにプライベートにアクセスできます。 • 対応サービス • https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html • 最近ではECR,ECS,Fargateも 50
  • 51.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. PrivateLink • 別の AWS アカウントでホストされるサービス、AWS Marketplace のサードパーティサービスにセキュアに接続 • お客様の VPC とこうしたいずれかのサービス間のトラフィックは Amazon のネットワークの外に出ない • サービスと通信するためにインターネットゲートウェイ、NAT デバイス、パブリック IP アドレス、VPN 接続は不要 51
  • 52.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Transit Gateway PrivateLink AWS Transit Gateway • 多対多、1対多でルーティング テーブルを利用するもの • Highly scalable • 1時間当たりのAZエンドポイン トコスト Account Account Account Account Development Account Account Account Account Testing Account Account Account Account Production Shared Services Authentication, Monitoring R o u t e T a b l e s R o u t e T a b l e s Transit Gateway 適用範囲:アプリケーション共有サービス 信頼モデル:VPC間に相互信頼をもたない 依存関係:ロードバランサとアプリケーションアーキテクチャ 規模:数千のスポークVPC 対象範囲:多数のVPCへのネットワーク共有サービス 信頼モデル:VPC単位の信頼、集中管理 依存関係:Transit Gatewayによる集中管理 規模:数千のスポークVPC AWS PrivateLink • 1対多のコネクティビティ • Highly scalable • IPアドレス重複のサポート • Elastic Load Balancingの使用 • ロードバランサと1時間当たり のエンドポイントコスト 52
  • 53.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • VPC Sharing • Transit Gateway • PrivateLink 3 Transit Gateway AWS Summit Tokyo Dive Deep 53
  • 54.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Q&A AWS Japan Blog https://aws.amazon.com/jp/blogs/news/ 54
  • 55.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS AWS https://amzn.to/JPArchive 55
  • 56.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • •
  • 57.
    © 2019, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Webinar https://amzn.to/JPWebinar https://amzn.to/JPArchive