SlideShare a Scribd company logo

Amazon Virtual Private Cloud - VPC 2

Download as PPTX, PDF
AWS Riyadh User Group
AWS Riyadh User Group

Amazon Virtual Private Cloud - VPC 2

Technology
1 of 57
UpScale 20-10-2018 AWS Virtual Private Cloud (VPC #2) AWS Riyadh User Group Ahmad ElGohary13 @aalgohary85 ELGOHARY AHMAD aalgohary85@gmail.com
Agenda • Past and Coming Topics • Correcting Wrong Information • Session 1 Review • Default and Custom VPCs • NAT Instance, NAT GW and Bastion Host • VPC Peering
Agenda • Virtual Flow Logs • VPC Endpoints • AWS Managed VPN Connections • Direct Connect • VPC Limits and Pricing • Exam Tips • Questions • LAB
AWS Riyadh User Group • AWS Registered User Group in Riyadh, Saudi Arabia • Founded by Ahmed Aziz • Public Group • 352 Members • Connect all AWS Geeks
Past and Coming Topics • Storage • S3 • Compute • EC2 • Auto Scaling • Networking • VPC Session 1 • VPC Session 2 • Route 53 • API Gateway
Past and Coming Topics Cont’d • Databases • RDS • Dynamo DB • ElastiCache • Application Integration • SNS • SQS • SWF • Management Tools • Cloud Formation • Cloud Trail vs Cloud Watch
Past and Coming Topics Cont’d • Add-Ons • Lambda • Cost Optimization • Well Architected Framework • Having Fun with Alexa • Chatbot • Machine Learning
CIDR.xyz
Session 1 Review
What can you do with a VPC? • Launch instances into a subnet of your choice • Assign custom IP address ranges in each subnet • Configure route tables between subnets • Create internet gateway and attach it to your VPC • Much better security control over your AWS resources • Instance security groups • Subnet network access control lists
Default VPC vs Custom VPC • Default VPC is user friendly, allowing you to immediately deploy instances. • All subnet in default VPC have a route out to the internet. • Each EC2 instance has both a public and private IP address.
Reserved AWS IP Addresses • The first four IP addresses and the last IP address in each subnet CIDR block are reserved. • For example, 10.0.0.0/24 – 10.0.0.0  Network Address – 10.0.0.1  VPC Router – 10.0.0.2  VPC DNS Server – 10.0.0.3  Future Use – 10.0.0.255  Network Broadcast Address
NAT Instances • Enable instances in the private subnet to initiate outbound IPv4 traffic to the Internet or other AWS services, but prevent the instances from receiving inbound traffic initiated by someone on the Internet. • You must disable source/destination checks on it.
NAT Gateway • NAT Gateway is AWS managed service. – You don’t have to care about the availability or scalability of it. • Both are used only for outbound IPv4 traffic. • Egress-Only Internet gateway is used for outbound IPv6 traffic.
NAT Instances vs NAT Gateways
NAT Instances vs NAT Gateways Cont’d
NAT Instance vs Bastion Host • A NAT instance is used to provide internet traffic to EC2 instances in private subnets. • A Bastion host is used to securely administer EC2 instances (using SSH or RDP) in private subnets. Called also Jump box.
VPC Peering • Allows you to connect one VPC with another via a direct network route using private IP addresses. • Instances behave as if they were on the same private network. • You can peer VPCs with other in the same account, other AWS accounts or even other regions. • Peering is in a star configuration: ie 1 central VPC peers with 4 others. NO TRANSITIVE PEERING!!!
VPC Peering Cont’d • Allows you to connect one VPC with another via a direct network route using private IP addresses. • Instances behave as if they were on the same private network. • You can peer VPCs with other in the same account, other AWS accounts or even other regions. • Peering is in a star configuration: ie 1 central VPC peers with 4 others. NO TRANSITIVE PEERING!!!
VPC Flow Logs • VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. • Flow log data can be published to Amazon CloudWatch Logs and Amazon S3. • After you've created a flow log, you can retrieve and view its data in the chosen destination.
VPC Flow Logs Cont’d • Flow Logs can be created at 3 level: – VPC – Subnet – Network Interface
Create Flow Log
VPC Endpoint • A VPC endpoint allows you to securely connect your VPC to another service. • An interface endpoint is powered by PrivateLink, and uses an elastic network interface (ENI) as an entry point for traffic destined to the service. • AWS PrivateLink is a highly available, scalable technology that enables you to privately connect your VPC to supported AWS services, services hosted by other AWS accounts (VPC endpoint services), and supported AWS Marketplace partner services. You do not require an internet gateway, NAT device, public IP address, AWS Direct Connect connection, or VPN connection to communicate with the service. Traffic between your VPC and the service does not leave the Amazon network. • A gateway endpoint serves as a target for a route in your route table for traffic destined for the service.
Interface Endpoints • Amazon API Gateway • AWS CloudFormation • Amazon CloudWatch • Amazon CloudWatch Events • Amazon CloudWatch Logs • AWS CodeBuild • AWS Config • Amazon EC2 API • Elastic Load Balancing API • AWS Key Management Service • Amazon Kinesis Data Streams • Amazon SageMaker Runtime • AWS Secrets Manager • AWS Security Token Service • AWS Service Catalog • Amazon SNS • AWS Systems Manager • Endpoint services hosted by other AWS accounts • Supported AWS Marketplace partner services
Gateway Endpoints Amazon S3 DynamoDB
Create VPC Endpoint
Create VPC Endpoint Cont’d
Create VPC Endpoint Cont’d
Create VPC Endpoint Cont’d
Create VPC Endpoint Cont’d
AWS Managed VPN Connections • By default, instances that you launch into an Amazon VPC can't communicate with your own (remote) network. • You can enable access to your remote network from your VPC by attaching a virtual private gateway to the VPC, creating a custom route table, updating your security group rules, and creating an AWS managed VPN connection. • AWS supports Internet Protocol security (IPsec) VPN connections. • AWS currently does not support IPv6 traffic through a VPN connection.
Single VPN Connection
Multiple VPN Connections
Direct Connect • AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. • Using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple virtual interfaces. • This allows you to use the same connection to access public resources such as objects stored in Amazon S3 using public IP address space, and private resources such as Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC) using private IP space, while maintaining network separation between the public and private environments. • Virtual interfaces can be reconfigured at any time to meet your changing needs. • It reduces your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.
Direct Connect Cont’d
VPC Limits and Pricing Limits https://docs.aws.amazon.com/vpc/latest/userguide/amazon- vpc-limits.html Pricing https://aws.amazon.com/vpc/pricing/
VPC Exam Tips THINK OF A VPC AS A LOGICAL DATACENTER IN AWS. CONSISTS OF IGWS (OR VIRTUAL PRIVATE GATEWAYS), ROUTE TABLES, NETWORK ACCESS CONTROL LISTS, SUBNETS AND SECURITY GROUPS. 1 SUBNET = 1 AVAILABILITY ZONE SECURITY GROUPS ARE STATEFUL; NETWORK ACCESS CONTROL LISTS ARE STATELESS. THERE'S NO WAY FOR YOU TO COORDINATE AVAILABILITY ZONES BETWEEN ACCOUNTS. NO TRANSITIVE PEERING YOU WILL NEED AT LEAST 2 SUBNETS (2 AZS) IN ORDER TO DEPLOY AN ALB.
NAT Instance Exam Tips • When creating a NAT instance, disable source/destination check on the instance. • NAT instances must be in a public subnet. • There must be a route out of the private subnet to the NAT instance, in order for this to work. • The amount of traffic that NAT instances can support depends on the instance size. If you are bottlenecking, increase the instance size. • You can create high availability using auto scaling groups, multiple subnets in different AZs, and a script to automate failover.
NAT GW Exam Tips Preferred by the enterprise Scale automatically up to 45 Gbps No need to patch Not associated with security groups Automatically assigned a public IP address Remember to update your route table No need to disable source/destination checks More secure that a NAT instance
Network ACL Exam Tips • Your VPC comes automatically with a default network ACL, and by default it allows all outbound and inbound traffic. • You can create custom network ACLs. By default, each custom network ACL denies all inbound and outbound traffic until you add rules. • Each subnet in your VPC must be associated with a network ACL. If you don’t explicitly associate a subnet with a network ACL, the subnet is automatically associated with the default network ACL. • You can associate a network ACL with multiple subnets; however, a subnet can only be associated with one network ACL at a time. When you associate a subnet with a network ACL, the previous association is removed.
Network ACL Exam Tips Cont’d • Network ACLs contain a numbered list of rules that is evaluated in order, starting with the lowest numbered rule. • Network ACLs have separate inbound and outbound rules, and each rule can either allow or deny traffic. • Network ACLs are stateless; responses to allowed inbound traffic are subject to the rules for outbound traffic and vice versa. • Block IP addresses using network ACLs not security groups.
VPC Flow Log Exam Tips • You cannot enable flow logs for VPCs that are peered with your VPC unless the peer VPC is in your account. • You cannot tag a flow log. • You can’t change the flow log configuration after creating it.
VPC Flow Log Exam Tips Cont’d • Not all IP traffic is monitored. • Traffic generated by instances when they contact Amazon DNS server. If you use your own DNS server, then all traffic to that DNS server is logged. • Traffic generated by a Windows instance for Amazon Windows license activation. • Traffic to and from 169.254.169.254 for instance metadata. • DHCP traffic • Traffic to the reserved IP address for the default VPC router.
Questions
Questions Cont’d
Questions Cont’d
Questions Cont’d
Questions Cont’d
Questions Cont’d
Questions Cont’d
Questions Cont’d
Questions Cont’d
LAB: Peering Connection, VPC End Points, NAT GW • Create S3-Full-Access IAM Role • Create My VPC with CIDR 10.0.0.0/16, No IPv6, Default Tenancy – Create My VPC IGW and attach it to My VPC – Create My Public Subnet 10.0.1.0/24, with AZ no preference, enable auto-assign public IP address – Add default route in My VPC Public RT (Main), associate My Public Subnet – Create SG Allow SSH and ICMP for My VPC – SSH 10.0.0.0/16,192.168.0.0/16 – All ICMP 192.168.0.0/16 – Create My Private Subnet with CIDR 10.0.2.0/24 – Create My VPC Private RT, associate My Private Subnet – Launch TestVPCPeer-Instance1 in First Private Subnet, Attach IAM Role S3_Full_Access • Create Peer VPC with CIDR 192.168.0.0/16 – Create Peer VPC IGW and it attach to Peer VPC – Create Peer Public Subnet 192.168.1.0/24, with AZ no preference, enable auto-assign public IP address – Add default route in Peer VPC Public RT (Main), associate Peer Public Subnet – Create Security Group Allow SSH and ICMP for Peer VPC – SSH <My Public IP> - All ICMP 10.0.0.0/16 – Launch TestVPCPeer-Instance2 in Peer Public Subnet, Attach IAM Role S3_Full_Access
LAB: Peering Connection, VPC End Points, NAT GW Cont’d • Create Peering My VPC and Peer VPC between My VPC and Peer VPC – Add route to 10.0.0.0/16 in Peer VPC Public RT – Add route to 192.168.0.0/16 in My VPC Private RT – SSH into TestVPCPeer-Instance2 and ping <TestVPCPeer-Instance1 IP> – Accept Request for Pending Peering Connection • Create Endpoint to S3 for My VPC and My VPC Private RT and Full Access policy – Download LondonKP.pem and change the permission – From TestVPCPeer-Instance2 ssh into TestVPCPeer-Instance1 using LondonKP.pem – From TestVPCPeer-Instance1 run aws s3 --region eu-west-2 ls • In My VPC – Create My NAT GW for My Public Subnet – Add default route to My NAT GW in My VPC Private RT – From TestVPCPeer-Instance1 run sudo yum update
References • https://acloud.guru/ • https://docs.aws.amazon.com/https: //qwiklabs.com/ • http://cidr.xyz/ • https://www.cloudping.info/ • https://www.reddit.com/r/aws/com ments/856rbm/aws_vpc_endpoint_f or_s3_not_working/
Questions
See You Next Meetup AWS Riyadh User Group

Recommended

Containers on AWS
Containers on AWSContainers on AWS
Containers on AWSAWS Riyadh User Group
 
AWS Messaging
AWS MessagingAWS Messaging
AWS MessagingAWS Riyadh User Group
 
Amazon Virtual Private Cloud - VPC 1
Amazon Virtual Private Cloud - VPC 1Amazon Virtual Private Cloud - VPC 1
Amazon Virtual Private Cloud - VPC 1AWS Riyadh User Group
 
Amazon relational database service (rds)
Amazon relational database service (rds)Amazon relational database service (rds)
Amazon relational database service (rds)AWS Riyadh User Group
 
Blockchain on AWS
Blockchain on AWSBlockchain on AWS
Blockchain on AWSAWS Riyadh User Group
 
AWS VPC Fundamental
AWS VPC FundamentalAWS VPC Fundamental
AWS VPC FundamentalPiyush Agrawal
 
EC2 and S3 Level 100
EC2 and S3 Level 100EC2 and S3 Level 100
EC2 and S3 Level 100AWS Riyadh User Group
 
AWS Serverless Examples
AWS Serverless Examples AWS Serverless Examples
AWS Serverless Examples Dimosthenis Botsaris
 

Recommended

Containers on AWS
Containers on AWSContainers on AWS
Containers on AWSAWS Riyadh User Group
 
AWS Messaging
AWS MessagingAWS Messaging
AWS MessagingAWS Riyadh User Group
 
Amazon Virtual Private Cloud - VPC 1
Amazon Virtual Private Cloud - VPC 1Amazon Virtual Private Cloud - VPC 1
Amazon Virtual Private Cloud - VPC 1AWS Riyadh User Group
 
Amazon relational database service (rds)
Amazon relational database service (rds)Amazon relational database service (rds)
Amazon relational database service (rds)AWS Riyadh User Group
 
Blockchain on AWS
Blockchain on AWSBlockchain on AWS
Blockchain on AWSAWS Riyadh User Group
 
AWS VPC Fundamental
AWS VPC FundamentalAWS VPC Fundamental
AWS VPC FundamentalPiyush Agrawal
 
EC2 and S3 Level 100
EC2 and S3 Level 100EC2 and S3 Level 100
EC2 and S3 Level 100AWS Riyadh User Group
 
AWS Serverless Examples
AWS Serverless Examples AWS Serverless Examples
AWS Serverless Examples Dimosthenis Botsaris
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsAmazon Web Services
 
AWS Service Drill Downs
AWS Service Drill DownsAWS Service Drill Downs
AWS Service Drill DownsAmazon Web Services
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...Amazon Web Services
 
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...Amazon Web Services
 
NEW LAUNCH! Introduction to AWS X-Ray
NEW LAUNCH! Introduction to AWS X-RayNEW LAUNCH! Introduction to AWS X-Ray
NEW LAUNCH! Introduction to AWS X-RayAmazon Web Services
 
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...Amazon Web Services
 
AWS re:Invent 2016: Accenture Cloud Platform Serverless Journey (ARC202)
AWS re:Invent 2016: Accenture Cloud Platform Serverless Journey (ARC202)AWS re:Invent 2016: Accenture Cloud Platform Serverless Journey (ARC202)
AWS re:Invent 2016: Accenture Cloud Platform Serverless Journey (ARC202)Amazon Web Services
 
AWS Introduction
AWS IntroductionAWS Introduction
AWS IntroductionDimosthenis Botsaris
 
AWS Serverless Introduction
AWS Serverless IntroductionAWS Serverless Introduction
AWS Serverless IntroductionDimosthenis Botsaris
 
Deep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSDeep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSAmazon Web Services
 
AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC...
AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC...AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC...
AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC...Amazon Web Services
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 ThreatsHackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 ThreatsAmazon Web Services
 
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...Amazon Web Services
 
Monitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECSMonitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECSAmazon Web Services
 
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveNEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveAmazon Web Services
 
AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppS...
AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppS...AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppS...
AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppS...Amazon Web Services
 
ENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSAmazon Web Services
 
Deep Dive on Amazon EFS (with Encryption) - AWS Online Tech Talks
Deep Dive on Amazon EFS (with Encryption) - AWS Online Tech TalksDeep Dive on Amazon EFS (with Encryption) - AWS Online Tech Talks
Deep Dive on Amazon EFS (with Encryption) - AWS Online Tech TalksAmazon Web Services
 
UCT AWS_IOT
UCT AWS_IOTUCT AWS_IOT
UCT AWS_IOTuniconvergetechnologies
 
Learn about AWS Certifications - Andrew May, Columbus
Learn about AWS Certifications - Andrew May, ColumbusLearn about AWS Certifications - Andrew May, Columbus
Learn about AWS Certifications - Andrew May, ColumbusAWS Chicago
 
Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Tejoy Vachhrajani
 
AWS network services
AWS network servicesAWS network services
AWS network servicesNagesh Ramamoorthy
 

More Related Content

What's hot

Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsAmazon Web Services
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...Amazon Web Services
 
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...Amazon Web Services
 
NEW LAUNCH! Introduction to AWS X-Ray
NEW LAUNCH! Introduction to AWS X-RayNEW LAUNCH! Introduction to AWS X-Ray
NEW LAUNCH! Introduction to AWS X-RayAmazon Web Services
 
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...Amazon Web Services
 
AWS re:Invent 2016: Accenture Cloud Platform Serverless Journey (ARC202)
AWS re:Invent 2016: Accenture Cloud Platform Serverless Journey (ARC202)AWS re:Invent 2016: Accenture Cloud Platform Serverless Journey (ARC202)
AWS re:Invent 2016: Accenture Cloud Platform Serverless Journey (ARC202)Amazon Web Services
 
Deep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSDeep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSAmazon Web Services
 
AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC...
AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC...AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC...
AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC...Amazon Web Services
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 ThreatsHackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 ThreatsAmazon Web Services
 
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...Amazon Web Services
 
Monitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECSMonitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECSAmazon Web Services
 
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveNEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveAmazon Web Services
 
AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppS...
AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppS...AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppS...
AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppS...Amazon Web Services
 
ENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSAmazon Web Services
 
Deep Dive on Amazon EFS (with Encryption) - AWS Online Tech Talks
Deep Dive on Amazon EFS (with Encryption) - AWS Online Tech TalksDeep Dive on Amazon EFS (with Encryption) - AWS Online Tech Talks
Deep Dive on Amazon EFS (with Encryption) - AWS Online Tech TalksAmazon Web Services
 
Learn about AWS Certifications - Andrew May, Columbus
Learn about AWS Certifications - Andrew May, ColumbusLearn about AWS Certifications - Andrew May, Columbus
Learn about AWS Certifications - Andrew May, ColumbusAWS Chicago
 

What's hot (20)

Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 Threats
 
AWS Service Drill Downs
AWS Service Drill DownsAWS Service Drill Downs
AWS Service Drill Downs
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
 
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
AWS re:Invent 2016: Best Practices for Integrating Active Directory with AWS ...
 
NEW LAUNCH! Introduction to AWS X-Ray
NEW LAUNCH! Introduction to AWS X-RayNEW LAUNCH! Introduction to AWS X-Ray
NEW LAUNCH! Introduction to AWS X-Ray
 
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
 
AWS re:Invent 2016: Accenture Cloud Platform Serverless Journey (ARC202)
AWS re:Invent 2016: Accenture Cloud Platform Serverless Journey (ARC202)AWS re:Invent 2016: Accenture Cloud Platform Serverless Journey (ARC202)
AWS re:Invent 2016: Accenture Cloud Platform Serverless Journey (ARC202)
 
AWS Introduction
AWS IntroductionAWS Introduction
AWS Introduction
 
AWS Serverless Introduction
AWS Serverless IntroductionAWS Serverless Introduction
AWS Serverless Introduction
 
Deep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSDeep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECS
 
AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC...
AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC...AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC...
AWS re:Invent 2016: Running, Configuring, and Securing Windows Workloads (ARC...
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 ThreatsHackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats
 
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
 
Monitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECSMonitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECS
 
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveNEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
 
AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppS...
AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppS...AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppS...
AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppS...
 
ENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWS
 
Deep Dive on Amazon EFS (with Encryption) - AWS Online Tech Talks
Deep Dive on Amazon EFS (with Encryption) - AWS Online Tech TalksDeep Dive on Amazon EFS (with Encryption) - AWS Online Tech Talks
Deep Dive on Amazon EFS (with Encryption) - AWS Online Tech Talks
 
UCT AWS_IOT
UCT AWS_IOTUCT AWS_IOT
UCT AWS_IOT
 
Learn about AWS Certifications - Andrew May, Columbus
Learn about AWS Certifications - Andrew May, ColumbusLearn about AWS Certifications - Andrew May, Columbus
Learn about AWS Certifications - Andrew May, Columbus
 

Similar to Amazon Virtual Private Cloud - VPC 2

Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Tejoy Vachhrajani
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
 
Pitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSPitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSEagleDream Technologies
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data CenterMonica Trantow
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
AWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
AWS Enterprise Day | Hybrid IT with AWS: Best of Both WorldsAWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
AWS Enterprise Day | Hybrid IT with AWS: Best of Both WorldsAmazon Web Services
 
Vpc (virtual private cloud)
Vpc (virtual private cloud)Vpc (virtual private cloud)
Vpc (virtual private cloud)RashmiDhanve
 
AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAbhinav Kumar
 
AWS Architecture Fundamentals - Houston
AWS Architecture Fundamentals - HoustonAWS Architecture Fundamentals - Houston
AWS Architecture Fundamentals - HoustonNicole Maus
 
Creating Your Virtual Data Center - AWS Summit Bahrain 2017
Creating Your Virtual Data Center - AWS Summit Bahrain 2017Creating Your Virtual Data Center - AWS Summit Bahrain 2017
Creating Your Virtual Data Center - AWS Summit Bahrain 2017Amazon Web Services
 
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...Amazon Web Services
 

Similar to Amazon Virtual Private Cloud - VPC 2 (20)

Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)
 
AWS network services
AWS network servicesAWS network services
AWS network services
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
 
Pitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSPitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWS
 
Getting Started on AWS
Getting Started on AWS Getting Started on AWS
Getting Started on AWS
 
Productos de redes con AWS
Productos de redes con AWSProductos de redes con AWS
Productos de redes con AWS
 
Aws VPC
Aws VPCAws VPC
Aws VPC
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data Center
 
Creating a Virtual Data Center
Creating a Virtual Data CenterCreating a Virtual Data Center
Creating a Virtual Data Center
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
 
Welcome to amazon web services setup aws vpc
Welcome to amazon web services setup aws vpcWelcome to amazon web services setup aws vpc
Welcome to amazon web services setup aws vpc
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
 
AWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
AWS Enterprise Day | Hybrid IT with AWS: Best of Both WorldsAWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
AWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
 
Vpc (virtual private cloud)
Vpc (virtual private cloud)Vpc (virtual private cloud)
Vpc (virtual private cloud)
 
AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic concepts
 
AWS Architecture Fundamentals - Houston
AWS Architecture Fundamentals - HoustonAWS Architecture Fundamentals - Houston
AWS Architecture Fundamentals - Houston
 
Creating Your Virtual Data Center - AWS Summit Bahrain 2017
Creating Your Virtual Data Center - AWS Summit Bahrain 2017Creating Your Virtual Data Center - AWS Summit Bahrain 2017
Creating Your Virtual Data Center - AWS Summit Bahrain 2017
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
 

More from AWS Riyadh User Group

AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul MaddoxAWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul MaddoxAWS Riyadh User Group
 
AWS reinvent 2019 recap - Riyadh - Database and Analytics - Assif Abbasi
AWS reinvent 2019 recap - Riyadh - Database and Analytics - Assif AbbasiAWS reinvent 2019 recap - Riyadh - Database and Analytics - Assif Abbasi
AWS reinvent 2019 recap - Riyadh - Database and Analytics - Assif AbbasiAWS Riyadh User Group
 
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver VankerAWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver VankerAWS Riyadh User Group
 
AWS reinvent 2019 recap - Riyadh - AI And ML - Ahmed Raafat
AWS reinvent 2019 recap - Riyadh - AI And ML - Ahmed RaafatAWS reinvent 2019 recap - Riyadh - AI And ML - Ahmed Raafat
AWS reinvent 2019 recap - Riyadh - AI And ML - Ahmed RaafatAWS Riyadh User Group
 
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...AWS Riyadh User Group
 
Amazon SageMaker Build, Train and Deploy Your ML Models
Amazon SageMaker Build, Train and Deploy Your ML ModelsAmazon SageMaker Build, Train and Deploy Your ML Models
Amazon SageMaker Build, Train and Deploy Your ML ModelsAWS Riyadh User Group
 
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Riyadh User Group
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Riyadh User Group
 
AWS Technical Day Riyadh Nov 2019 [Migration]
AWS Technical Day Riyadh Nov 2019 [Migration]AWS Technical Day Riyadh Nov 2019 [Migration]
AWS Technical Day Riyadh Nov 2019 [Migration]AWS Riyadh User Group
 

More from AWS Riyadh User Group (15)

AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul MaddoxAWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
 
AWS reinvent 2019 recap - Riyadh - Database and Analytics - Assif Abbasi
AWS reinvent 2019 recap - Riyadh - Database and Analytics - Assif AbbasiAWS reinvent 2019 recap - Riyadh - Database and Analytics - Assif Abbasi
AWS reinvent 2019 recap - Riyadh - Database and Analytics - Assif Abbasi
 
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver VankerAWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
 
AWS reinvent 2019 recap - Riyadh - AI And ML - Ahmed Raafat
AWS reinvent 2019 recap - Riyadh - AI And ML - Ahmed RaafatAWS reinvent 2019 recap - Riyadh - AI And ML - Ahmed Raafat
AWS reinvent 2019 recap - Riyadh - AI And ML - Ahmed Raafat
 
Demistifying serverless on aws
Demistifying serverless on awsDemistifying serverless on aws
Demistifying serverless on aws
 
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...
 
Amazon SageMaker Build, Train and Deploy Your ML Models
Amazon SageMaker Build, Train and Deploy Your ML ModelsAmazon SageMaker Build, Train and Deploy Your ML Models
Amazon SageMaker Build, Train and Deploy Your ML Models
 
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
 
AWS Technical Day Riyadh Nov 2019 [Migration]
AWS Technical Day Riyadh Nov 2019 [Migration]AWS Technical Day Riyadh Nov 2019 [Migration]
AWS Technical Day Riyadh Nov 2019 [Migration]
 
AWS Amplify
AWS AmplifyAWS Amplify
AWS Amplify
 
Devops on AWS
Devops on AWSDevops on AWS
Devops on AWS
 
AWS AI Services
AWS AI ServicesAWS AI Services
AWS AI Services
 
AWS Cloudformation Session 01
AWS Cloudformation Session 01AWS Cloudformation Session 01
AWS Cloudformation Session 01
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Amazon Virtual Private Cloud - VPC 2

  • 1. UpScale 20-10-2018 AWS Virtual Private Cloud (VPC #2) AWS Riyadh User Group Ahmad ElGohary13 @aalgohary85 ELGOHARY AHMAD aalgohary85@gmail.com
  • 2. Agenda • Past and Coming Topics • Correcting Wrong Information • Session 1 Review • Default and Custom VPCs • NAT Instance, NAT GW and Bastion Host • VPC Peering
  • 3. Agenda • Virtual Flow Logs • VPC Endpoints • AWS Managed VPN Connections • Direct Connect • VPC Limits and Pricing • Exam Tips • Questions • LAB
  • 4. AWS Riyadh User Group • AWS Registered User Group in Riyadh, Saudi Arabia • Founded by Ahmed Aziz • Public Group • 352 Members • Connect all AWS Geeks
  • 5. Past and Coming Topics • Storage • S3 • Compute • EC2 • Auto Scaling • Networking • VPC Session 1 • VPC Session 2 • Route 53 • API Gateway
  • 6. Past and Coming Topics Cont’d • Databases • RDS • Dynamo DB • ElastiCache • Application Integration • SNS • SQS • SWF • Management Tools • Cloud Formation • Cloud Trail vs Cloud Watch
  • 7. Past and Coming Topics Cont’d • Add-Ons • Lambda • Cost Optimization • Well Architected Framework • Having Fun with Alexa • Chatbot • Machine Learning
  • 10. What can you do with a VPC? • Launch instances into a subnet of your choice • Assign custom IP address ranges in each subnet • Configure route tables between subnets • Create internet gateway and attach it to your VPC • Much better security control over your AWS resources • Instance security groups • Subnet network access control lists
  • 11. Default VPC vs Custom VPC • Default VPC is user friendly, allowing you to immediately deploy instances. • All subnet in default VPC have a route out to the internet. • Each EC2 instance has both a public and private IP address.
  • 12. Reserved AWS IP Addresses • The first four IP addresses and the last IP address in each subnet CIDR block are reserved. • For example, 10.0.0.0/24 – 10.0.0.0  Network Address – 10.0.0.1  VPC Router – 10.0.0.2  VPC DNS Server – 10.0.0.3  Future Use – 10.0.0.255  Network Broadcast Address
  • 13. NAT Instances • Enable instances in the private subnet to initiate outbound IPv4 traffic to the Internet or other AWS services, but prevent the instances from receiving inbound traffic initiated by someone on the Internet. • You must disable source/destination checks on it.
  • 14. NAT Gateway • NAT Gateway is AWS managed service. – You don’t have to care about the availability or scalability of it. • Both are used only for outbound IPv4 traffic. • Egress-Only Internet gateway is used for outbound IPv6 traffic.
  • 15. NAT Instances vs NAT Gateways
  • 16. NAT Instances vs NAT Gateways Cont’d
  • 17. NAT Instance vs Bastion Host • A NAT instance is used to provide internet traffic to EC2 instances in private subnets. • A Bastion host is used to securely administer EC2 instances (using SSH or RDP) in private subnets. Called also Jump box.
  • 18. VPC Peering • Allows you to connect one VPC with another via a direct network route using private IP addresses. • Instances behave as if they were on the same private network. • You can peer VPCs with other in the same account, other AWS accounts or even other regions. • Peering is in a star configuration: ie 1 central VPC peers with 4 others. NO TRANSITIVE PEERING!!!
  • 19. VPC Peering Cont’d • Allows you to connect one VPC with another via a direct network route using private IP addresses. • Instances behave as if they were on the same private network. • You can peer VPCs with other in the same account, other AWS accounts or even other regions. • Peering is in a star configuration: ie 1 central VPC peers with 4 others. NO TRANSITIVE PEERING!!!
  • 20. VPC Flow Logs • VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. • Flow log data can be published to Amazon CloudWatch Logs and Amazon S3. • After you've created a flow log, you can retrieve and view its data in the chosen destination.
  • 21. VPC Flow Logs Cont’d • Flow Logs can be created at 3 level: – VPC – Subnet – Network Interface
  • 23. VPC Endpoint • A VPC endpoint allows you to securely connect your VPC to another service. • An interface endpoint is powered by PrivateLink, and uses an elastic network interface (ENI) as an entry point for traffic destined to the service. • AWS PrivateLink is a highly available, scalable technology that enables you to privately connect your VPC to supported AWS services, services hosted by other AWS accounts (VPC endpoint services), and supported AWS Marketplace partner services. You do not require an internet gateway, NAT device, public IP address, AWS Direct Connect connection, or VPN connection to communicate with the service. Traffic between your VPC and the service does not leave the Amazon network. • A gateway endpoint serves as a target for a route in your route table for traffic destined for the service.
  • 24. Interface Endpoints • Amazon API Gateway • AWS CloudFormation • Amazon CloudWatch • Amazon CloudWatch Events • Amazon CloudWatch Logs • AWS CodeBuild • AWS Config • Amazon EC2 API • Elastic Load Balancing API • AWS Key Management Service • Amazon Kinesis Data Streams • Amazon SageMaker Runtime • AWS Secrets Manager • AWS Security Token Service • AWS Service Catalog • Amazon SNS • AWS Systems Manager • Endpoint services hosted by other AWS accounts • Supported AWS Marketplace partner services
  • 31. AWS Managed VPN Connections • By default, instances that you launch into an Amazon VPC can't communicate with your own (remote) network. • You can enable access to your remote network from your VPC by attaching a virtual private gateway to the VPC, creating a custom route table, updating your security group rules, and creating an AWS managed VPN connection. • AWS supports Internet Protocol security (IPsec) VPN connections. • AWS currently does not support IPv6 traffic through a VPN connection.
  • 34. Direct Connect • AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. • Using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple virtual interfaces. • This allows you to use the same connection to access public resources such as objects stored in Amazon S3 using public IP address space, and private resources such as Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC) using private IP space, while maintaining network separation between the public and private environments. • Virtual interfaces can be reconfigured at any time to meet your changing needs. • It reduces your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.
  • 36. VPC Limits and Pricing Limits https://docs.aws.amazon.com/vpc/latest/userguide/amazon- vpc-limits.html Pricing https://aws.amazon.com/vpc/pricing/
  • 37. VPC Exam Tips THINK OF A VPC AS A LOGICAL DATACENTER IN AWS. CONSISTS OF IGWS (OR VIRTUAL PRIVATE GATEWAYS), ROUTE TABLES, NETWORK ACCESS CONTROL LISTS, SUBNETS AND SECURITY GROUPS. 1 SUBNET = 1 AVAILABILITY ZONE SECURITY GROUPS ARE STATEFUL; NETWORK ACCESS CONTROL LISTS ARE STATELESS. THERE'S NO WAY FOR YOU TO COORDINATE AVAILABILITY ZONES BETWEEN ACCOUNTS. NO TRANSITIVE PEERING YOU WILL NEED AT LEAST 2 SUBNETS (2 AZS) IN ORDER TO DEPLOY AN ALB.
  • 38. NAT Instance Exam Tips • When creating a NAT instance, disable source/destination check on the instance. • NAT instances must be in a public subnet. • There must be a route out of the private subnet to the NAT instance, in order for this to work. • The amount of traffic that NAT instances can support depends on the instance size. If you are bottlenecking, increase the instance size. • You can create high availability using auto scaling groups, multiple subnets in different AZs, and a script to automate failover.
  • 39. NAT GW Exam Tips Preferred by the enterprise Scale automatically up to 45 Gbps No need to patch Not associated with security groups Automatically assigned a public IP address Remember to update your route table No need to disable source/destination checks More secure that a NAT instance
  • 40. Network ACL Exam Tips • Your VPC comes automatically with a default network ACL, and by default it allows all outbound and inbound traffic. • You can create custom network ACLs. By default, each custom network ACL denies all inbound and outbound traffic until you add rules. • Each subnet in your VPC must be associated with a network ACL. If you don’t explicitly associate a subnet with a network ACL, the subnet is automatically associated with the default network ACL. • You can associate a network ACL with multiple subnets; however, a subnet can only be associated with one network ACL at a time. When you associate a subnet with a network ACL, the previous association is removed.
  • 41. Network ACL Exam Tips Cont’d • Network ACLs contain a numbered list of rules that is evaluated in order, starting with the lowest numbered rule. • Network ACLs have separate inbound and outbound rules, and each rule can either allow or deny traffic. • Network ACLs are stateless; responses to allowed inbound traffic are subject to the rules for outbound traffic and vice versa. • Block IP addresses using network ACLs not security groups.
  • 42. VPC Flow Log Exam Tips • You cannot enable flow logs for VPCs that are peered with your VPC unless the peer VPC is in your account. • You cannot tag a flow log. • You can’t change the flow log configuration after creating it.
  • 43. VPC Flow Log Exam Tips Cont’d • Not all IP traffic is monitored. • Traffic generated by instances when they contact Amazon DNS server. If you use your own DNS server, then all traffic to that DNS server is logged. • Traffic generated by a Windows instance for Amazon Windows license activation. • Traffic to and from 169.254.169.254 for instance metadata. • DHCP traffic • Traffic to the reserved IP address for the default VPC router.
  • 53. LAB: Peering Connection, VPC End Points, NAT GW • Create S3-Full-Access IAM Role • Create My VPC with CIDR 10.0.0.0/16, No IPv6, Default Tenancy – Create My VPC IGW and attach it to My VPC – Create My Public Subnet 10.0.1.0/24, with AZ no preference, enable auto-assign public IP address – Add default route in My VPC Public RT (Main), associate My Public Subnet – Create SG Allow SSH and ICMP for My VPC – SSH 10.0.0.0/16,192.168.0.0/16 – All ICMP 192.168.0.0/16 – Create My Private Subnet with CIDR 10.0.2.0/24 – Create My VPC Private RT, associate My Private Subnet – Launch TestVPCPeer-Instance1 in First Private Subnet, Attach IAM Role S3_Full_Access • Create Peer VPC with CIDR 192.168.0.0/16 – Create Peer VPC IGW and it attach to Peer VPC – Create Peer Public Subnet 192.168.1.0/24, with AZ no preference, enable auto-assign public IP address – Add default route in Peer VPC Public RT (Main), associate Peer Public Subnet – Create Security Group Allow SSH and ICMP for Peer VPC – SSH <My Public IP> - All ICMP 10.0.0.0/16 – Launch TestVPCPeer-Instance2 in Peer Public Subnet, Attach IAM Role S3_Full_Access
  • 54. LAB: Peering Connection, VPC End Points, NAT GW Cont’d • Create Peering My VPC and Peer VPC between My VPC and Peer VPC – Add route to 10.0.0.0/16 in Peer VPC Public RT – Add route to 192.168.0.0/16 in My VPC Private RT – SSH into TestVPCPeer-Instance2 and ping <TestVPCPeer-Instance1 IP> – Accept Request for Pending Peering Connection • Create Endpoint to S3 for My VPC and My VPC Private RT and Full Access policy – Download LondonKP.pem and change the permission – From TestVPCPeer-Instance2 ssh into TestVPCPeer-Instance1 using LondonKP.pem – From TestVPCPeer-Instance1 run aws s3 --region eu-west-2 ls • In My VPC – Create My NAT GW for My Public Subnet – Add default route to My NAT GW in My VPC Private RT – From TestVPCPeer-Instance1 run sudo yum update
  • 55. References • https://acloud.guru/ • https://docs.aws.amazon.com/https: //qwiklabs.com/ • http://cidr.xyz/ • https://www.cloudping.info/ • https://www.reddit.com/r/aws/com ments/856rbm/aws_vpc_endpoint_f or_s3_not_working/
  • 57. See You Next Meetup AWS Riyadh User Group

Editor's Notes

  1. You can safely remove this slide. This slide design was provided by SlideModel.com – You can download more templates, shapes and elements for PowerPoint from http://slidemodel.com
  2. You can safely remove this slide. This slide design was provided by SlideModel.com – You can download more templates, shapes and elements for PowerPoint from http://slidemodel.com