SlideShare a Scribd company logo

AWS VPC by hellocloud.io

Hello Cloud
Hello Cloud

AWS VPC by hellocloud.io

Engineering
1 of 33
Download to read offline
Prepared By ~ Sai HelloCloud.io
Core Principles ● Humility ● Grit ● Deep Work ● Focus ● Consistency
VPC
gritworks-master (123456789012) ap-southeast-1 VPC (172.31.0.0/16) ap-southeast-1a ap-southeast-1b ap-southeast-1c Public subnet ap-southeast-1a 172.31.16.0/20 Public subnet ap-southeast-1b 172.31.32.0/20 Public subnet ap-southeast-1c 172.31.0.0/20 rtb (main) 172.31.0.0/16 local 0.0.0.0/0 igw
IGW (Internet Gateway) Inbound internet access (TO INTERNET)
NACLs - Virtual Firewall for your subnets Security Groups - Virtual Firewall for your instances
VPC (172.31.0.0/16) ap-southeast-1a ap-southeast-1b ap-southeast-1c Public subnet ap-southeast-1a 172.31.16.0/20 Public subnet ap-southeast-1b 172.31.32.0/20 Public subnet ap-southeast-1c 172.31.0.0/20 rtb (main) 172.31.0.0/16 local 0.0.0.0/0 igw Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny secu-group (sg-e9f787a4) secu-group (sg-e9f787a4) public-instance-1 172.31.18.102/20 18.136.120.52/32 public-instance-2 172.31.40.11/20 13.250.31.41/32
gritworks-master (123456789012) ap-southeast-1 VPC (192.168.0.0/16) ap-southeast-1a ap-southeast-1b ap-southeast-1c Public subnet ap-southeast-1a 192.168.0.0/24 Public subnet ap-southeast-1b 192.168.1.0/24 Public subnet ap-southeast-1c 192.168.2.0/24 192.168.0.0/16 local 0.0.0.0/0 igw Private subnet ap-southeast-1a 192.168.3.0/24 Private subnet ap-southeast-1b 192.168.4.0/24 Private subnet ap-southeast-1c 192.168.5.0/24 192.168.0.0/16 local
NACLs - STATELESS Security Groups - STATEFUL
Public subnet ap-southeast-1a 172.31.16.0/20 Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Inbound rules Type Protocol Port range Source All traffic All All sg-e9f787a4 All traffic All All YOUR IP public-instance-1 172.31.27.135/20 18.136.120.52/32 Network ACLs (acl-489dea2e) Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Outbound rules Type Protocol Port range Source All traffic All All 0.0.0.0/0
TEST CASES
Public subnet ap-southeast-1a 172.31.16.0/20 Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Inbound rules Type Protocol Port range Source All traffic All All sg-e9f787a4 All traffic All All YOUR IP public-instance-1 172.31.27.135/20 18.136.120.52/32 Network ACLs (acl-489dea2e) Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Outbound rules Type Protocol Port range Source All traffic All All 0.0.0.0/0
Public subnet ap-southeast-1a 172.31.16.0/20 Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Inbound rules Type Protocol Port range Source All traffic All All sg-e9f787a4 All traffic All All YOUR IP public-instance-1 172.31.27.135/20 18.136.120.52/32 Network ACLs (acl-489dea2e) Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Outbound rules Type Protocol Port range Source All traffic All All 0.0.0.0/0
Public subnet ap-southeast-1a 172.31.16.0/20 Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Inbound rules Type Protocol Port range Source All traffic All All sg-e9f787a4 All traffic All All YOUR IP public-instance-1 172.31.27.135/20 18.136.120.52/32 Network ACLs (acl-489dea2e) Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Outbound rules Type Protocol Port range Source All traffic All All 0.0.0.0/0 public-instance-2 172.31.44.202/20 13.212.86.174/32 Public subnet ap-southeast-1b 172.31.32.0/20
Public subnet ap-southeast-1b 172.31.32.0/20 Public subnet ap-southeast-1a 172.31.16.0/20 Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Inbound rules Type Protocol Port range Source All traffic All All sg-e9f787a4 All traffic All All YOUR IP public-instance-1 172.31.27.135/20 18.136.120.52/32 Network ACLs (acl-489dea2e) Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Outbound rules Type Protocol Port range Destination All traffic All All 0.0.0.0/0 public-instance-2 172.31.44.202/20 13.212.86.174/32
Public subnet ap-southeast-1b 172.31.32.0/20 Public subnet ap-southeast-1a 172.31.16.0/20 Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Inbound rules Type Protocol Port range Source All traffic All All sg-e9f787a4 All traffic All All YOUR IP public-instance-1 172.31.27.135/20 18.136.120.52/32 Network ACLs (acl-489dea2e) Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Outbound rules Type Protocol Port range Source All traffic All All 0.0.0.0/0 public-instance-2 172.31.44.202/20 13.212.86.174/32
Public subnet ap-southeast-1b 172.31.32.0/20 Public subnet ap-southeast-1a 172.31.16.0/20 Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Inbound rules Type Protocol Port range Source All traffic All All sg-e9f787a4 All traffic All All YOUR IP public-instance-1 172.31.27.135/20 18.136.120.52/32 Network ACLs (acl-489dea2e) Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Outbound rules Type Protocol Port range Source All traffic All All 0.0.0.0/0 public-instance-2 172.31.44.202/20 13.212.86.174/32 public-instance-21 172.31.35.37/20 13.212.87.209/32
NAT Gateways Onbound internet access
VPC (172.31.0.0/16) Public subnet ap-southeast-1a 172.31.16.0/20 Public subnet ap-southeast-1b 172.31.32.0/20 Public subnet ap-southeast-1c 172.31.0.0/20 172.31.0.0/16 local 0.0.0.0/0 igw Private subnet ap-southeast-1a 172.31.48.0/20 Private subnet ap-southeast-1b 172.31.64.0/20 Private subnet ap-southeast-1c 172.31.80.0/20 172.31.0.0/16 local 0.0.0.0/0 natgw1 secu-group (sg-e9f787a4) public-instance-1 172.31.18.48/20 13.229.133.196/32 pub-ip priv-ip secu-group (sg-e9f787a4) private-instance-1 172.31.57.83/20 secu-group (sg-e9f787a4) private-instance-2 172.31.69.115/20 secu-group (sg-e9f787a4) private-instance-3 172.31.84.232/20
NAT Gateways AZ Resilient (Not Region Resilient)
Release Elastic IP after deleting NAT Gateways
SSH Agent Forwarding
mycomputer hellocloud-master-sg.pem (PRIVATE KEY) public-instance-1 hellocloud-master-sg.pem (PRIVATE KEY) hellocloud-master-sg (Public-key) private-instance-1 hellocloud-master-sg (Public-key)
SSH agent forwarding For Linux, ssh-add -c hellocloud-master-sg.pem For macOS, ssh-add -K hellocloud-master-sg.pem Connect to public instance using the -A option to enable SSH agent forwarding, ssh -A ubuntu@public-instance-1 Connect to private instance from public instance, ssh ubuntu@private-instance-1
Private NAT gateway traffic can't reach the internet.
LAB
The failure of one NAT Gateway and the fail over to an available NAT Gateway by the manual changing of the default route next hop in respective private subnets route table.
VPC (172.31.0.0/16) Public subnet ap-southeast-1a 172.31.16.0/20 Public subnet ap-southeast-1b 172.31.32.0/20 Public subnet ap-southeast-1c 172.31.0.0/20 172.31.0.0/16 local 0.0.0.0/0 igw Private subnet ap-southeast-1a 172.31.48.0/20 Private subnet ap-southeast-1b 172.31.64.0/20 Private subnet ap-southeast-1c 172.31.80.0/20 secu-group (sg-e9f787a4) public-instance-1 172.31.18.102/20 18.136.120.52/32 nat-gw-1 pub-ip priv-ip secu-group (sg-e9f787a4) private-instance-1 172.31.60.214/20 secu-group (sg-e9f787a4) private-instance-2 172.31.69.115/20 secu-group (sg-e9f787a4) private-instance-3 172.31.84.232/20 nat-gw-2 pub-ip priv-ip nat-gw-3 pub-ip priv-ip 172.31.0.0/16 local 0.0.0.0/0 nat-gw-1 172.31.0.0/16 local 0.0.0.0/0 nat-gw-2 172.31.0.0/16 local 0.0.0.0/0 nat-gw-3
Elastic IP
public-instance-1 18.141.173.52 172.31.23.196 stop 3.0.90.6 172.31.23.196 start Create new EIP 54.179.154.227 public-instance-1 54.179.154.227 172.31.23.196 Associate EIP 54.179.154.227 172.31.23.196 Stop and start the instance1 3.0.90.91 172.31.23.196 Disassociate EIP public-instance-1 54.179.154.227 172.31.23.196 Associate IP with reassociation enabled EIP Reassociate to instance2 public-instance-2 54.179.154.227 172.31.42.37 public-instance-1 52.221.241.51 172.31.23.196
Workloads in Private Subnets may need: ● Internet Access (or) ● Databases or Apps that are on-premises.
Q & A

Recommended

HelloCloud.io - Introduction to IaC & Terraform
HelloCloud.io - Introduction to IaC & TerraformHelloCloud.io - Introduction to IaC & Terraform
HelloCloud.io - Introduction to IaC & TerraformHello Cloud
 
How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...Amazon Web Services
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWSAmazon Web Services
 
AWS VS AZURE VS GCP.pptx
AWS VS AZURE VS GCP.pptxAWS VS AZURE VS GCP.pptx
AWS VS AZURE VS GCP.pptxRaneesh Ramesan
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | Edureka
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | EdurekaAmazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | Edureka
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | EdurekaEdureka!
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep diveWinton Winton
 
Introduction to DevOps on AWS
Introduction to DevOps on AWSIntroduction to DevOps on AWS
Introduction to DevOps on AWSShiva Narayanaswamy
 

Recommended

HelloCloud.io - Introduction to IaC & Terraform
HelloCloud.io - Introduction to IaC & TerraformHelloCloud.io - Introduction to IaC & Terraform
HelloCloud.io - Introduction to IaC & TerraformHello Cloud
 
How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...Amazon Web Services
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWSAmazon Web Services
 
AWS VS AZURE VS GCP.pptx
AWS VS AZURE VS GCP.pptxAWS VS AZURE VS GCP.pptx
AWS VS AZURE VS GCP.pptxRaneesh Ramesan
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | Edureka
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | EdurekaAmazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | Edureka
Amazon AWS | What is Amazon AWS | AWS Tutorial | AWS Training | EdurekaEdureka!
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep diveWinton Winton
 
Introduction to DevOps on AWS
Introduction to DevOps on AWSIntroduction to DevOps on AWS
Introduction to DevOps on AWSShiva Narayanaswamy
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & ComplianceAmazon Web Services LATAM
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
 
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023SaiLinnThu2
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesAmazon Web Services
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar SeriesImproving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar SeriesAmazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWSAmazon Web Services
 
Architecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentArchitecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentAmazon Web Services
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWSAmazon Web Services
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsShiva Narayanaswamy
 
AWS WAF
AWS WAFAWS WAF
AWS WAFAmazon Web Services
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Weaveworks
 
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Amazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
AWS Fargate on EKS 실전 사용하기
AWS Fargate on EKS 실전 사용하기AWS Fargate on EKS 실전 사용하기
AWS Fargate on EKS 실전 사용하기AWSKRUG - AWS한국사용자모임
 
Microsoft Azure Fundamentals
Microsoft Azure FundamentalsMicrosoft Azure Fundamentals
Microsoft Azure FundamentalsAdwait Ullal
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfBRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfssusercbaa33
 
Software Defined Networks
Software Defined NetworksSoftware Defined Networks
Software Defined NetworksCisco Canada
 

More Related Content

What's hot

Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
 
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023SaiLinnThu2
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesAmazon Web Services
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar SeriesImproving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar SeriesAmazon Web Services
 
Architecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentArchitecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentAmazon Web Services
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsShiva Narayanaswamy
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Weaveworks
 
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Amazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Microsoft Azure Fundamentals
Microsoft Azure FundamentalsMicrosoft Azure Fundamentals
Microsoft Azure FundamentalsAdwait Ullal
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 

What's hot (20)

AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
 
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced Attacks
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation Slides
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
 
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar SeriesImproving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
 
Architecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentArchitecting security and governance across your AWS environment
Architecting security and governance across your AWS environment
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro Tips
 
AWS WAF
AWS WAFAWS WAF
AWS WAF
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKS
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)
 
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
AWS Fargate on EKS 실전 사용하기
AWS Fargate on EKS 실전 사용하기AWS Fargate on EKS 실전 사용하기
AWS Fargate on EKS 실전 사용하기
 
Microsoft Azure Fundamentals
Microsoft Azure FundamentalsMicrosoft Azure Fundamentals
Microsoft Azure Fundamentals
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
 

Similar to AWS VPC by hellocloud.io

BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfBRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfssusercbaa33
 
Software Defined Networks
Software Defined NetworksSoftware Defined Networks
Software Defined NetworksCisco Canada
 
JomaSoft VDCF - Solaris Private Cloud
JomaSoft VDCF - Solaris Private CloudJomaSoft VDCF - Solaris Private Cloud
JomaSoft VDCF - Solaris Private CloudJomaSoft
 
Howto ethereal-wireshark-trace en
Howto ethereal-wireshark-trace enHowto ethereal-wireshark-trace en
Howto ethereal-wireshark-trace enJORGE GOMEZ
 
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat SheetICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat Sheetqqlan
 
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfLab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfadityacommunication1
 
Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014Jiunn-Jer Sun
 
OSTU - Sake Blok on Packet Capturing with Tshark
OSTU - Sake Blok on Packet Capturing with TsharkOSTU - Sake Blok on Packet Capturing with Tshark
OSTU - Sake Blok on Packet Capturing with TsharkDenny K
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.igede tirtanata
 
Asa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsAsa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsIT Tech
 
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesRobb Boyd
 
Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01Ralph Nguyen
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructionstrayyoo
 

Similar to AWS VPC by hellocloud.io (20)

BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfBRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdf
 
Software Defined Networks
Software Defined NetworksSoftware Defined Networks
Software Defined Networks
 
Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2
 
JomaSoft VDCF - Solaris Private Cloud
JomaSoft VDCF - Solaris Private CloudJomaSoft VDCF - Solaris Private Cloud
JomaSoft VDCF - Solaris Private Cloud
 
Howto ethereal-wireshark-trace en
Howto ethereal-wireshark-trace enHowto ethereal-wireshark-trace en
Howto ethereal-wireshark-trace en
 
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat SheetICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
 
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfLab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
 
Day 13.1..1 catalyst switch
Day 13.1..1 catalyst switchDay 13.1..1 catalyst switch
Day 13.1..1 catalyst switch
 
Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014
 
Configuracion EIGRP
Configuracion EIGRPConfiguracion EIGRP
Configuracion EIGRP
 
NAT Traversal
NAT TraversalNAT Traversal
NAT Traversal
 
OSTU - Sake Blok on Packet Capturing with Tshark
OSTU - Sake Blok on Packet Capturing with TsharkOSTU - Sake Blok on Packet Capturing with Tshark
OSTU - Sake Blok on Packet Capturing with Tshark
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.
 
08 (IDNOG01) ARP Guard in IXP by Eric Choy
08 (IDNOG01) ARP Guard in IXP by Eric Choy08 (IDNOG01) ARP Guard in IXP by Eric Choy
08 (IDNOG01) ARP Guard in IXP by Eric Choy
 
Asa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsAsa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problems
 
Stu t17 a
Stu t17 aStu t17 a
Stu t17 a
 
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series Switches
 
Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01
 
Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructions
 

Recently uploaded

Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxvipinkmenon1
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 

Recently uploaded (20)

Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptx
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 

AWS VPC by hellocloud.io

  • 1. Prepared By ~ Sai HelloCloud.io
  • 2. Core Principles ● Humility ● Grit ● Deep Work ● Focus ● Consistency
  • 3. VPC
  • 4. gritworks-master (123456789012) ap-southeast-1 VPC (172.31.0.0/16) ap-southeast-1a ap-southeast-1b ap-southeast-1c Public subnet ap-southeast-1a 172.31.16.0/20 Public subnet ap-southeast-1b 172.31.32.0/20 Public subnet ap-southeast-1c 172.31.0.0/20 rtb (main) 172.31.0.0/16 local 0.0.0.0/0 igw
  • 5. IGW (Internet Gateway) Inbound internet access (TO INTERNET)
  • 6. NACLs - Virtual Firewall for your subnets Security Groups - Virtual Firewall for your instances
  • 7. VPC (172.31.0.0/16) ap-southeast-1a ap-southeast-1b ap-southeast-1c Public subnet ap-southeast-1a 172.31.16.0/20 Public subnet ap-southeast-1b 172.31.32.0/20 Public subnet ap-southeast-1c 172.31.0.0/20 rtb (main) 172.31.0.0/16 local 0.0.0.0/0 igw Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny secu-group (sg-e9f787a4) secu-group (sg-e9f787a4) public-instance-1 172.31.18.102/20 18.136.120.52/32 public-instance-2 172.31.40.11/20 13.250.31.41/32
  • 8. gritworks-master (123456789012) ap-southeast-1 VPC (192.168.0.0/16) ap-southeast-1a ap-southeast-1b ap-southeast-1c Public subnet ap-southeast-1a 192.168.0.0/24 Public subnet ap-southeast-1b 192.168.1.0/24 Public subnet ap-southeast-1c 192.168.2.0/24 192.168.0.0/16 local 0.0.0.0/0 igw Private subnet ap-southeast-1a 192.168.3.0/24 Private subnet ap-southeast-1b 192.168.4.0/24 Private subnet ap-southeast-1c 192.168.5.0/24 192.168.0.0/16 local
  • 9. NACLs - STATELESS Security Groups - STATEFUL
  • 10. Public subnet ap-southeast-1a 172.31.16.0/20 Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Inbound rules Type Protocol Port range Source All traffic All All sg-e9f787a4 All traffic All All YOUR IP public-instance-1 172.31.27.135/20 18.136.120.52/32 Network ACLs (acl-489dea2e) Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Outbound rules Type Protocol Port range Source All traffic All All 0.0.0.0/0
  • 12. Public subnet ap-southeast-1a 172.31.16.0/20 Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Inbound rules Type Protocol Port range Source All traffic All All sg-e9f787a4 All traffic All All YOUR IP public-instance-1 172.31.27.135/20 18.136.120.52/32 Network ACLs (acl-489dea2e) Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Outbound rules Type Protocol Port range Source All traffic All All 0.0.0.0/0
  • 13. Public subnet ap-southeast-1a 172.31.16.0/20 Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Inbound rules Type Protocol Port range Source All traffic All All sg-e9f787a4 All traffic All All YOUR IP public-instance-1 172.31.27.135/20 18.136.120.52/32 Network ACLs (acl-489dea2e) Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Outbound rules Type Protocol Port range Source All traffic All All 0.0.0.0/0
  • 14. Public subnet ap-southeast-1a 172.31.16.0/20 Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Inbound rules Type Protocol Port range Source All traffic All All sg-e9f787a4 All traffic All All YOUR IP public-instance-1 172.31.27.135/20 18.136.120.52/32 Network ACLs (acl-489dea2e) Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Outbound rules Type Protocol Port range Source All traffic All All 0.0.0.0/0 public-instance-2 172.31.44.202/20 13.212.86.174/32 Public subnet ap-southeast-1b 172.31.32.0/20
  • 15. Public subnet ap-southeast-1b 172.31.32.0/20 Public subnet ap-southeast-1a 172.31.16.0/20 Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Inbound rules Type Protocol Port range Source All traffic All All sg-e9f787a4 All traffic All All YOUR IP public-instance-1 172.31.27.135/20 18.136.120.52/32 Network ACLs (acl-489dea2e) Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Outbound rules Type Protocol Port range Destination All traffic All All 0.0.0.0/0 public-instance-2 172.31.44.202/20 13.212.86.174/32
  • 16. Public subnet ap-southeast-1b 172.31.32.0/20 Public subnet ap-southeast-1a 172.31.16.0/20 Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Inbound rules Type Protocol Port range Source All traffic All All sg-e9f787a4 All traffic All All YOUR IP public-instance-1 172.31.27.135/20 18.136.120.52/32 Network ACLs (acl-489dea2e) Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Outbound rules Type Protocol Port range Source All traffic All All 0.0.0.0/0 public-instance-2 172.31.44.202/20 13.212.86.174/32
  • 17. Public subnet ap-southeast-1b 172.31.32.0/20 Public subnet ap-southeast-1a 172.31.16.0/20 Network ACLs (acl-489dea2e) Inbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Inbound rules Type Protocol Port range Source All traffic All All sg-e9f787a4 All traffic All All YOUR IP public-instance-1 172.31.27.135/20 18.136.120.52/32 Network ACLs (acl-489dea2e) Outbound rules 100 All traffic All All 0.0.0.0/0 Allow * All traffic All All 0.0.0.0/0 Deny security-group (sg-e9f787a4) Outbound rules Type Protocol Port range Source All traffic All All 0.0.0.0/0 public-instance-2 172.31.44.202/20 13.212.86.174/32 public-instance-21 172.31.35.37/20 13.212.87.209/32
  • 19. VPC (172.31.0.0/16) Public subnet ap-southeast-1a 172.31.16.0/20 Public subnet ap-southeast-1b 172.31.32.0/20 Public subnet ap-southeast-1c 172.31.0.0/20 172.31.0.0/16 local 0.0.0.0/0 igw Private subnet ap-southeast-1a 172.31.48.0/20 Private subnet ap-southeast-1b 172.31.64.0/20 Private subnet ap-southeast-1c 172.31.80.0/20 172.31.0.0/16 local 0.0.0.0/0 natgw1 secu-group (sg-e9f787a4) public-instance-1 172.31.18.48/20 13.229.133.196/32 pub-ip priv-ip secu-group (sg-e9f787a4) private-instance-1 172.31.57.83/20 secu-group (sg-e9f787a4) private-instance-2 172.31.69.115/20 secu-group (sg-e9f787a4) private-instance-3 172.31.84.232/20
  • 20. NAT Gateways AZ Resilient (Not Region Resilient)
  • 21. Release Elastic IP after deleting NAT Gateways
  • 23. mycomputer hellocloud-master-sg.pem (PRIVATE KEY) public-instance-1 hellocloud-master-sg.pem (PRIVATE KEY) hellocloud-master-sg (Public-key) private-instance-1 hellocloud-master-sg (Public-key)
  • 24. SSH agent forwarding For Linux, ssh-add -c hellocloud-master-sg.pem For macOS, ssh-add -K hellocloud-master-sg.pem Connect to public instance using the -A option to enable SSH agent forwarding, ssh -A ubuntu@public-instance-1 Connect to private instance from public instance, ssh ubuntu@private-instance-1
  • 25. Private NAT gateway traffic can't reach the internet.
  • 26.
  • 27. LAB
  • 28. The failure of one NAT Gateway and the fail over to an available NAT Gateway by the manual changing of the default route next hop in respective private subnets route table.
  • 29. VPC (172.31.0.0/16) Public subnet ap-southeast-1a 172.31.16.0/20 Public subnet ap-southeast-1b 172.31.32.0/20 Public subnet ap-southeast-1c 172.31.0.0/20 172.31.0.0/16 local 0.0.0.0/0 igw Private subnet ap-southeast-1a 172.31.48.0/20 Private subnet ap-southeast-1b 172.31.64.0/20 Private subnet ap-southeast-1c 172.31.80.0/20 secu-group (sg-e9f787a4) public-instance-1 172.31.18.102/20 18.136.120.52/32 nat-gw-1 pub-ip priv-ip secu-group (sg-e9f787a4) private-instance-1 172.31.60.214/20 secu-group (sg-e9f787a4) private-instance-2 172.31.69.115/20 secu-group (sg-e9f787a4) private-instance-3 172.31.84.232/20 nat-gw-2 pub-ip priv-ip nat-gw-3 pub-ip priv-ip 172.31.0.0/16 local 0.0.0.0/0 nat-gw-1 172.31.0.0/16 local 0.0.0.0/0 nat-gw-2 172.31.0.0/16 local 0.0.0.0/0 nat-gw-3
  • 31. public-instance-1 18.141.173.52 172.31.23.196 stop 3.0.90.6 172.31.23.196 start Create new EIP 54.179.154.227 public-instance-1 54.179.154.227 172.31.23.196 Associate EIP 54.179.154.227 172.31.23.196 Stop and start the instance1 3.0.90.91 172.31.23.196 Disassociate EIP public-instance-1 54.179.154.227 172.31.23.196 Associate IP with reassociation enabled EIP Reassociate to instance2 public-instance-2 54.179.154.227 172.31.42.37 public-instance-1 52.221.241.51 172.31.23.196
  • 32. Workloads in Private Subnets may need: ● Internet Access (or) ● Databases or Apps that are on-premises.
  • 33. Q & A