Recommended
More Related Content
What's hot
What's hot (20)
Similar to Demystify aws networking create your virtual network on aws
Similar to Demystify aws networking create your virtual network on aws (20)
Recently uploaded
Recently uploaded (20)
Demystify aws networking create your virtual network on aws
- 1. Demystify AWS Networking: Create your virtual network on AWS Jay Dobariya DevOps Engineer Yudiz Solutions Pvt. Ltd.
- 3. Instanc e B NAT 10.1.1.11/24 Instance B NAT-G W NAT-G W AWS Region Availability Zone 2 Availability Zone 1 VGW VPC peering VP C Flow Logs VPN Internet Public subnet Amazon S3 VPC CIDR 10.1.0.0/16 Public subnet Instance A 10.1.0.11/24 Private subnet Instance C 10.1.2.11/24 Private subnet Instance D 10.1.3.11/24 DXG W + Expand + IPv6 IG W VPCE 10.1.0.0/16 0.0.0.0/0 Local IGW S3.prefix.list VPCE-1 23 Destination Target Intra or inter region 10.1.0.0/16 0.0.0.0/0 Local S3.prefix.list VPCE-123 Destination Target NLB AWS PrivateLink service provider VPC On premises VPC-B EIP - 10.1.0.11 : 54.23.12.43 EIP - 10.1.1.11 : 54.19.12.23 Amazon DynamoD B AWS Lambda AWS Direct Connect Amazon SQS Amazon SNS AWS IoT Amazon CloudWatc h AW S PrivateLin k Transit GW On premises AWS PrivateLink- enabled services On premises VPC-B Other Routes VGW PCX-123 TGW On premises VPC-B Other Routes VGW PCX-123 TGW Amazon S3 AWS Global Accelerator
- 4. That was the agenda for this session
- 5. S U M M © 2019, Amazon Web Services, Inc. or its affiliates. All rights
- 6. What is a VPC ?
- 7. IP addressing Creating subnets Routing in a VPC Security VPC concepts and fundamentals
- 8. Choosing an IP address range
- 9. Choosing an IP address range for your VPC Avoid ranges that overlap with other networks to which you might connect 172.31.0.0/16 Recommended: FC1918 range S U M M © 2019, Amazon Web Services, Inc. or its affiliates. All rights
- 10. Creating subnets in a VPC S U M M © 2019, Amazon Web Services, Inc. or its affiliates. All rights
- 11. VPC subnets and Availability Zones 172.31.0.0/1 6 Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet 172.31.0.0/2 4 S U M M © 2019, Amazon Web Services, Inc. or its affiliates. All rights 172.31.1.0/2 4 172.31.2.0/2 4 eu-west-1 a eu-west-1 b eu-west-1 c
- 12. Routing in a VPC
- 14. Traffic destined for my VPC stays in my VPC S U M M © 2019, Amazon Web Services, Inc. or its affiliates. All rights
- 15. Network access control list Security groups Network security
- 16. “MyBackends” security group Allow only “MyWebServers” Security groups follow application structure Web Web Web “MyWebServers” security group Web App App App Internet gateway
- 17. Security groups example: Web servers Allow HTTP traffic from anywhere
- 18. Security groups example: Backends Allow application traffic from web servers only
- 19. Network access control list Security groups Network security S U M M © 2019, Amazon Web Services, Inc. or its affiliates. All rights
- 20. Security groups vs. NACLs S U M M © 2019, Amazon Web Services, Inc. or its affiliates. All rights Security group Network ACL Operates at instance level Operates at subnet level Supports allow rules only Supports allow and deny rules Is stateful: return traffic is automatically allowed regardless of any rules Is stateless: return traffic must be explicitly allowed by rules All rules evaluated before deciding whether to allow traffic Rules evaluated in order when deciding whether to allow traffic Applies only to instances explicitly associated with the security group Automatically applies to all instances launched into associated subnets Doesn’t filter traffic to or from link-local addresses (169.254.0.0/16) or AWS-reserved IPv4 addresses; these are the first four IPv4 addresses of the subnet (including the Amazon VPC DNS server)