The document discusses Amazon Virtual Private Clouds (VPCs). It describes VPCs as isolated virtual networks within the AWS cloud that allow users to define their own virtual networking environments, including IP ranges, subnets, route tables and network gateways. It provides examples of how to configure public and private subnets, security groups, route tables and internet gateways to control traffic within a VPC network.
This document discusses AWS Auto Scaling, which automatically launches and terminates EC2 instances based on demand. It describes the key components of Auto Scaling including launch configurations, Auto Scaling groups, scaling policies, and CloudWatch alarms. It provides step-by-step instructions for setting up a simple Auto Scaling group to support a web application, including creating an AMI, load balancer, launch configuration, Auto Scaling group, scaling policies, and CloudWatch alarms to dynamically scale the number of EC2 instances.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
보안 사고 예방을 위한 주요 AWS 모범 사례 – 신은수, AWS 보안 담당 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집Amazon Web Services Korea
* 발표 동영상: https://youtu.be/KGibV5yV9U8
AWS 사용 환경에서 발생할 수 있는 다양한 보안 사고의 원인 중 상위 5개 (부적절한 보안 그룹 설정, 부적절한 자격증명 관리, 패치미적용, S3 버킷 퍼블릭 공개, DDoS 에 취약한 아키텍처)의 보안 위협에 대해 설명하고 각 보안 위협을 해소할 수 있는 AWS 모범 사례에 대해 설명합니다.
Elastic Load Balancing allows the incoming traffic to be distributed automatically across multiple healthy EC2 instances.
ELB serves as a single point of contact to the client.
ELB helps to being transparent and increases the application availability by allowing addition or removal of multiple EC2 instances across one or more availability zones, without disrupting the overall flow of information.
Amazon Route 53 is a highly available, scalable, and easy to use cloud Domain Name System (DNS) web service. With an SLA of 100% availability, Route 53 is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications. By using Route 53 as your DNS provider, you can ensure your application’s up-time, run architecture that delivers better performance, and provide your end users with a better experience through lower latency and faster load times, all at the fraction of the cost of other DNS providers. Learning Objective: In this webinar, you will learn the following: - General overview of DNS, and how Route 53 is built to provide reliable and secure DNS - Using the Route 53 console to manage your DNS, easily and seamlessly - Utilizing health checks and failover to ensure high availability - Configuring advanced routing policies, including running your application in multiple regions with LBR and Geo for better performance for your end users. - Saving costs by using Route 53 - Registering or transferring your domains into Route 53 to manage all of your domain resources from one place - How to start using Route 53, including migrating your DNS without experiencing any downtime.
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). We will discuss core VPC concepts including picking your IP space, subnetting, routing, security, NAT and VPC Endpoints.
This document provides an overview of Amazon Route 53 DNS services including:
- IPv4 and IPv6 address spaces and how Route 53 resolves domain names to IP addresses using A records.
- Common DNS record types like NS, SOA, CNAME and how they work.
- Route 53 routing policies for controlling traffic like simple, weighted, latency, failover and geolocation routing.
- How alias records can simplify configuration by automatically reflecting changes to referenced resources.
- A example of setting up Route 53 with domains, record sets, Elastic Load Balancers and instances across regions.
Day 5 - AWS Autoscaling Master Class - The New Capacity PlanAmazon Web Services
Autoscaling groups is the new ‘Capacity Plan’ for Cloud based applications. Autoscaling enables all sorts of applications to scale seamlessly from day one traffic to millions of users – all with no capital expenditure on extra hardware procurement. Never again be caught out unprepared for a surge in traffic or the traffic generated by a successful campaign. In addition, why keep enough infrastructure running for peak loads during quieter periods, at night for example. Scale down your infrastructure to enjoy the significant cost savings that cloud computing affords you.
Reasons to attend:
- Learn how Autoscaling groups work and how they are configured and triggered.
- Learn how to architect your application in order to achieve zero impact to customers while scaling both up and down.
- Learn how to dynamically change the size of your infrastructure to match the changing capacity requirements.
This document discusses AWS Auto Scaling, which automatically launches and terminates EC2 instances based on demand. It describes the key components of Auto Scaling including launch configurations, Auto Scaling groups, scaling policies, and CloudWatch alarms. It provides step-by-step instructions for setting up a simple Auto Scaling group to support a web application, including creating an AMI, load balancer, launch configuration, Auto Scaling group, scaling policies, and CloudWatch alarms to dynamically scale the number of EC2 instances.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
보안 사고 예방을 위한 주요 AWS 모범 사례 – 신은수, AWS 보안 담당 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집Amazon Web Services Korea
* 발표 동영상: https://youtu.be/KGibV5yV9U8
AWS 사용 환경에서 발생할 수 있는 다양한 보안 사고의 원인 중 상위 5개 (부적절한 보안 그룹 설정, 부적절한 자격증명 관리, 패치미적용, S3 버킷 퍼블릭 공개, DDoS 에 취약한 아키텍처)의 보안 위협에 대해 설명하고 각 보안 위협을 해소할 수 있는 AWS 모범 사례에 대해 설명합니다.
Elastic Load Balancing allows the incoming traffic to be distributed automatically across multiple healthy EC2 instances.
ELB serves as a single point of contact to the client.
ELB helps to being transparent and increases the application availability by allowing addition or removal of multiple EC2 instances across one or more availability zones, without disrupting the overall flow of information.
Amazon Route 53 is a highly available, scalable, and easy to use cloud Domain Name System (DNS) web service. With an SLA of 100% availability, Route 53 is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications. By using Route 53 as your DNS provider, you can ensure your application’s up-time, run architecture that delivers better performance, and provide your end users with a better experience through lower latency and faster load times, all at the fraction of the cost of other DNS providers. Learning Objective: In this webinar, you will learn the following: - General overview of DNS, and how Route 53 is built to provide reliable and secure DNS - Using the Route 53 console to manage your DNS, easily and seamlessly - Utilizing health checks and failover to ensure high availability - Configuring advanced routing policies, including running your application in multiple regions with LBR and Geo for better performance for your end users. - Saving costs by using Route 53 - Registering or transferring your domains into Route 53 to manage all of your domain resources from one place - How to start using Route 53, including migrating your DNS without experiencing any downtime.
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). We will discuss core VPC concepts including picking your IP space, subnetting, routing, security, NAT and VPC Endpoints.
This document provides an overview of Amazon Route 53 DNS services including:
- IPv4 and IPv6 address spaces and how Route 53 resolves domain names to IP addresses using A records.
- Common DNS record types like NS, SOA, CNAME and how they work.
- Route 53 routing policies for controlling traffic like simple, weighted, latency, failover and geolocation routing.
- How alias records can simplify configuration by automatically reflecting changes to referenced resources.
- A example of setting up Route 53 with domains, record sets, Elastic Load Balancers and instances across regions.
Day 5 - AWS Autoscaling Master Class - The New Capacity PlanAmazon Web Services
Autoscaling groups is the new ‘Capacity Plan’ for Cloud based applications. Autoscaling enables all sorts of applications to scale seamlessly from day one traffic to millions of users – all with no capital expenditure on extra hardware procurement. Never again be caught out unprepared for a surge in traffic or the traffic generated by a successful campaign. In addition, why keep enough infrastructure running for peak loads during quieter periods, at night for example. Scale down your infrastructure to enjoy the significant cost savings that cloud computing affords you.
Reasons to attend:
- Learn how Autoscaling groups work and how they are configured and triggered.
- Learn how to architect your application in order to achieve zero impact to customers while scaling both up and down.
- Learn how to dynamically change the size of your infrastructure to match the changing capacity requirements.
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud trail key concepts, workflow and event history
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud
Can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage
Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic
Auto Scaling helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application. You create collections of EC2 instances, called Auto Scaling groups.
You can specify the minimum number of instances in each Auto Scaling group, and Auto Scaling ensures that your group never goes below this size.
You can specify the maximum number of instances in each Auto Scaling group, and Auto Scaling ensures that your group never goes above this size.
If you specify the desired capacity, either when you create the group or at any time thereafter, Auto Scaling ensures that your group has this many instances.
If you specify scaling policies, then Auto Scaling can launch or terminate instances as demand on your application increases or decreases
DNS converts human-friendly domain names like www.google.com to IP addresses like 8.8.8.8. There are two main IP address formats: IPv4 with 32-bit addresses and IPv4 with 128-bit addresses supporting over 340 undecillion addresses. Top-level domains are controlled by IANA and stored in a root zone database listing available top-level domains. DNS records like SOA, NS, TTL, A, AAAA, CNAME etc. are used to direct traffic and cache records. AWS Route 53 offers routing policies including simple, weighted, latency-based, failover, geolocation and multivalue answer routing.
by Kashif Imran, Sr. Solutions Architect, AWS
Serverless computing allows you to build and run applications without the need for provisioning or managing servers. With serverless computing, you can build web, mobile, and IoT backends; run stream processing or big data workloads; run chatbots, and more. In this session, you’ll learn how to get started with serverless computing with AWS Lambda, which lets you run code without provisioning or managing servers. We’ll introduce you to the basics of building with Lambda and how you can benefit from features such as continuous scaling, built-in high availability, integrations with AWS and third-party apps, and subsecond metering pricing. We’ll also introduce you to the broader portfolio of AWS services that help you build serverless applications with Lambda, including Amazon API Gateway, Amazon DynamoDB, AWS Step Functions, and more.
Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM enables you to securely control access to your application or product services and resources for your users.
A brief introduction to Amazon Virtual Private Cloud (VPC).
Amazon VPC is a very important service that provides a logically isolated area of the AWS cloud where you can launch AWS resources in a virtual network that you define.
[AWS Builders] AWS IAM 을 통한 클라우드에서의 권한 관리 - 신은수, AWS Security Specialist SAAmazon Web Services Korea
발표자료 다시보기: https://youtu.be/A77sIwSPCsE
AWS 에서는 클라우드 환경에서의 권한 관리를 위하여 IAM( Identity & Access Management ) 서비스를 제공하고 있습니다. 이 웨비나는AWS 의 다양한 자원들에 대한 이용 권한을 효율적으로 제어하고 관리하기 위하여 사용될 수 있는 IAM 의 다양한 옵션들을 살펴보고 IAM 의 권한이 할당되는 원리들을 설명합니다.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of Amazon VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information for current Amazon EC2-Classic network customers and help you prepare to adopt Amazon VPC.
Speakers:
Steve Seymour, AWS Solutions Architect
Eamonn O'Neill, Director, Lemongrass Consulting
Jackie Wong, Head of Networks, Financial Times
Learning Objectives:
- Learn how to make decisions about the service and share best practices and useful tips for success
- Learn about Content based routing, HTTP/2, WebSockets
- Secure your web applications using TLS termination, AWS WAF on Application Load Balancer
The document discusses Auto Scaling Groups in AWS which allow automatic scaling of EC2 instances based on configured scaling policies, metrics and alarms. Key components include launch configurations that define instance templates, auto scaling groups that group instances, and scaling policies that specify how capacity should adjust in response to configured triggers. Dynamic scaling can automatically add or remove capacity based on cloudwatch metrics and alarms, while other scaling types like manual, scheduled and fixed are also covered.
The document discusses Amazon Virtual Private Cloud (Amazon VPC), which allows users to define virtual networks within the AWS cloud. It describes benefits of using VPC such as security, IP address management, and network access control. It then covers VPC capabilities, architecture scenarios, configuration options for public/private subnets, security features like security groups and network ACLs, and additional topics such as dedicated hardware, VPC peering, and default VPC configuration.
Adapting the capacity of your compute infrastructure to the demands of your applications is the domain of Auto Scaling. Adding and removing Amazon EC2 instances is only part of the story, though – there is more to it than first meets the eye. This session introduces the basics of how to use Auto Scaling before moving on to more advanced topics such as mixing Spot and On-Demand instances to optimize cost or strategies for blue/green deployments. If you have used Auto Scaling before, you can learn about useful new features like lifecycle hooks and step scaling policies that make Auto Scaling even more widely applicable.
This document discusses shared responsibility for security and compliance on AWS. It outlines that AWS is responsible for security of the cloud, including foundational services, global infrastructure, and data protection capabilities. Customers are responsible for security and compliance of their content and applications in the cloud. The document provides an overview of AWS security features and references resources to help customers deploy securely and meet compliance needs by leveraging AWS services and controls.
Amazon RDS & Amazon Aurora: Relational Databases on AWS - SRV206 - Atlanta AW...Amazon Web Services
This document provides an overview of Amazon Relational Database Service (Amazon RDS) and Amazon Aurora. It discusses what Amazon RDS is, the benefits of using Amazon RDS over managing databases yourself, how to configure an Amazon RDS database instance, and options for database engines, instance types, and storage types. It also covers high availability, read replicas, backups, security, monitoring, and Amazon Aurora.
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Organizations offers policy-based management for multiple AWS Accounts. Learn how Organizations helps you more easily manage policies for groups of accounts and automate account creation.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
Presented by: Koen Biggelaar, Senior Manager Solutions Architecture, Amazon Web Services
Customer Guest: Jurjan Woltman, Architect, Wehkamp
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud trail key concepts, workflow and event history
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud
Can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage
Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic
Auto Scaling helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application. You create collections of EC2 instances, called Auto Scaling groups.
You can specify the minimum number of instances in each Auto Scaling group, and Auto Scaling ensures that your group never goes below this size.
You can specify the maximum number of instances in each Auto Scaling group, and Auto Scaling ensures that your group never goes above this size.
If you specify the desired capacity, either when you create the group or at any time thereafter, Auto Scaling ensures that your group has this many instances.
If you specify scaling policies, then Auto Scaling can launch or terminate instances as demand on your application increases or decreases
DNS converts human-friendly domain names like www.google.com to IP addresses like 8.8.8.8. There are two main IP address formats: IPv4 with 32-bit addresses and IPv4 with 128-bit addresses supporting over 340 undecillion addresses. Top-level domains are controlled by IANA and stored in a root zone database listing available top-level domains. DNS records like SOA, NS, TTL, A, AAAA, CNAME etc. are used to direct traffic and cache records. AWS Route 53 offers routing policies including simple, weighted, latency-based, failover, geolocation and multivalue answer routing.
by Kashif Imran, Sr. Solutions Architect, AWS
Serverless computing allows you to build and run applications without the need for provisioning or managing servers. With serverless computing, you can build web, mobile, and IoT backends; run stream processing or big data workloads; run chatbots, and more. In this session, you’ll learn how to get started with serverless computing with AWS Lambda, which lets you run code without provisioning or managing servers. We’ll introduce you to the basics of building with Lambda and how you can benefit from features such as continuous scaling, built-in high availability, integrations with AWS and third-party apps, and subsecond metering pricing. We’ll also introduce you to the broader portfolio of AWS services that help you build serverless applications with Lambda, including Amazon API Gateway, Amazon DynamoDB, AWS Step Functions, and more.
Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM enables you to securely control access to your application or product services and resources for your users.
A brief introduction to Amazon Virtual Private Cloud (VPC).
Amazon VPC is a very important service that provides a logically isolated area of the AWS cloud where you can launch AWS resources in a virtual network that you define.
[AWS Builders] AWS IAM 을 통한 클라우드에서의 권한 관리 - 신은수, AWS Security Specialist SAAmazon Web Services Korea
발표자료 다시보기: https://youtu.be/A77sIwSPCsE
AWS 에서는 클라우드 환경에서의 권한 관리를 위하여 IAM( Identity & Access Management ) 서비스를 제공하고 있습니다. 이 웨비나는AWS 의 다양한 자원들에 대한 이용 권한을 효율적으로 제어하고 관리하기 위하여 사용될 수 있는 IAM 의 다양한 옵션들을 살펴보고 IAM 의 권한이 할당되는 원리들을 설명합니다.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of Amazon VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information for current Amazon EC2-Classic network customers and help you prepare to adopt Amazon VPC.
Speakers:
Steve Seymour, AWS Solutions Architect
Eamonn O'Neill, Director, Lemongrass Consulting
Jackie Wong, Head of Networks, Financial Times
Learning Objectives:
- Learn how to make decisions about the service and share best practices and useful tips for success
- Learn about Content based routing, HTTP/2, WebSockets
- Secure your web applications using TLS termination, AWS WAF on Application Load Balancer
The document discusses Auto Scaling Groups in AWS which allow automatic scaling of EC2 instances based on configured scaling policies, metrics and alarms. Key components include launch configurations that define instance templates, auto scaling groups that group instances, and scaling policies that specify how capacity should adjust in response to configured triggers. Dynamic scaling can automatically add or remove capacity based on cloudwatch metrics and alarms, while other scaling types like manual, scheduled and fixed are also covered.
The document discusses Amazon Virtual Private Cloud (Amazon VPC), which allows users to define virtual networks within the AWS cloud. It describes benefits of using VPC such as security, IP address management, and network access control. It then covers VPC capabilities, architecture scenarios, configuration options for public/private subnets, security features like security groups and network ACLs, and additional topics such as dedicated hardware, VPC peering, and default VPC configuration.
Adapting the capacity of your compute infrastructure to the demands of your applications is the domain of Auto Scaling. Adding and removing Amazon EC2 instances is only part of the story, though – there is more to it than first meets the eye. This session introduces the basics of how to use Auto Scaling before moving on to more advanced topics such as mixing Spot and On-Demand instances to optimize cost or strategies for blue/green deployments. If you have used Auto Scaling before, you can learn about useful new features like lifecycle hooks and step scaling policies that make Auto Scaling even more widely applicable.
This document discusses shared responsibility for security and compliance on AWS. It outlines that AWS is responsible for security of the cloud, including foundational services, global infrastructure, and data protection capabilities. Customers are responsible for security and compliance of their content and applications in the cloud. The document provides an overview of AWS security features and references resources to help customers deploy securely and meet compliance needs by leveraging AWS services and controls.
Amazon RDS & Amazon Aurora: Relational Databases on AWS - SRV206 - Atlanta AW...Amazon Web Services
This document provides an overview of Amazon Relational Database Service (Amazon RDS) and Amazon Aurora. It discusses what Amazon RDS is, the benefits of using Amazon RDS over managing databases yourself, how to configure an Amazon RDS database instance, and options for database engines, instance types, and storage types. It also covers high availability, read replicas, backups, security, monitoring, and Amazon Aurora.
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Organizations offers policy-based management for multiple AWS Accounts. Learn how Organizations helps you more easily manage policies for groups of accounts and automate account creation.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
Presented by: Koen Biggelaar, Senior Manager Solutions Architecture, Amazon Web Services
Customer Guest: Jurjan Woltman, Architect, Wehkamp
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
This document provides an overview of Amazon Virtual Private Cloud (VPC) networking fundamentals and connectivity options. It discusses setting up an internet-connected VPC including choosing an IP address range, creating subnets in availability zones, creating a route to the internet, and authorizing traffic. It also covers VPC peering, virtual private networks (VPNs), AWS Direct Connect, VPC endpoints, AWS PrivateLink, DNS options with Route 53, and VPC flow logs.
The document discusses setting up a virtual private cloud (VPC) on AWS. It provides steps for choosing an IP address range and subnets across availability zones. It also covers creating a route to the internet, network access control lists, and security groups. The document discusses connectivity options like routing by subnet, NAT gateways, VPN connections, and VPC peering. It includes a customer case study from Quby who simplified their networking architecture by moving to AWS VPC and automating infrastructure provisioning.
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...Amazon Web Services
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This midlevel architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks that AWS makes available with VPC. Learn how you can connect your VPC with your offices and current data center footprint. This session adds a focus on AWS Partners and where they are relevant in AWS networking.
(NET201) Creating Your Virtual Data Center: VPC FundamentalsAmazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
AWS provides a range of security services and features that AWS customers can use to secure their content and meet their own specific business requirements for security. This presentation focuses on the top 5 ways you can make use of AWS security features to meet your own organization's security and compliance objectives.
Reasons to attend:
Learn about the AWS approach to security and how responsibilities are shared between AWS and our customers.
Learn how to build your own secure virtual private cloud and integrate it with your existing solutions.
Learn how to use AWS services and scale to assist in mitigation against attacks.
Learn best practices for securing your AWS account, your content and your applications.
The Getting Started on AWS deck serves to introduce Amazon users and prospective customers to the Amazon VPC, EC2 and the concepts and components that are necessary building Fault Tolerant & High Available environments on AWS. It also serves to introduce services like Direct Connect, Router53 (Amazon DNS Service) and one of our new additions, the Amazon
Application Load Balancer (ALB). After perusing this deck, users should have a better understanding of what these services are and their propose benefits.
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsAmazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
This document provides an overview of how to set up a virtual private cloud (VPC) on AWS. It discusses choosing IP address ranges and subnets, creating routes to the internet, and authorizing traffic using network access control lists and security groups. It also covers additional connectivity options like VPC peering, virtual private networks, and AWS Direct Connect.
Creando una estrategia en el Cloud y acelerar los resultadosAmazon Web Services
(Diapositivas de presentación son en inglés.)
En esta sesión abordaremos en profundidad la adopción de AWS en el ámbito empresarial: creación paso a paso de una estrategia de transformación utilizando el Cloud Adoption Framework (CAF) de AWS. Construiremos una hoja de ruta prescriptiva para una transformación cloud usando las mejores prácticas, las técnicas y las herramientas utilizadas con éxito por numerosos clientes empresariales de AWS.
A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC
Creating Your Virtual Data Center - AWS Summit Bahrain 2017Amazon Web Services
This document provides an overview of setting up a virtual private cloud (VPC) on Amazon Web Services (AWS) with internet connectivity. It discusses choosing an IP address range and subnets across availability zones for the VPC. It also covers creating a route to the internet, authorizing traffic, and using security groups. The document then discusses additional VPC connectivity options like restricting internet access, connecting to on-premises networks via VPN or Direct Connect, and connecting VPCs via peering. It concludes by covering integrating AWS services into the VPC and using services like S3 endpoints, Route 53, and VPC flow logs.
This document provides an overview of setting up a private network in AWS called a VPC (Virtual Private Cloud). It discusses choosing an IP address range for the VPC, creating subnets across Availability Zones, setting up a route to the internet, and configuring security. It also covers options for connecting the VPC to on-premises networks, accessing other AWS services from the VPC, and monitoring VPC traffic with Flow Logs.
AWS Enterprise Day | Hybrid IT with AWS: Best of Both WorldsAmazon Web Services
This document discusses hybrid IT with AWS and provides an overview of key concepts:
- Hybrid IT is defined as combining internal and external services from internal and public clouds to support business outcomes.
- AWS provides global infrastructure across regions and availability zones as well as services for compute, storage, databases, networking, and more to support hybrid architectures.
- Common hybrid workloads discussed include backup and archive to AWS S3 for reduced costs, and storage expansion using S3 integrated appliances.
Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017Amazon Web Services
In this session, we walk through the fundamentals of Amazon VPC, it’s Security features and how you should make use of Identity and Access Management (IAM). First, we cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, VPC Endpoints, IAM Policies and more. We will also briefly consider the different approaches and use cases for optionally connecting your VPC to your physical data center. This fundamentals sessions is aimed at all new users to AWS, interested in understanding some of the building blocks that AWS makes available with Amazon VPC.
For more training on AWS, visit: https://www.qa.com/amazon
AWS Loft | London - Amazon Virtual Private Cloud by Andrew Kane, Solution Architect
April 18, 2016
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
AWS VPC
1. R I C H A R D F R I S B Y
J I M M Y M C G I B N E Y
Amazon Web Services – Virtual
Private Cloud (VPC)
2. Amazon Virtual Private Cloud (VPC)
— An Amazon VPC is an isolated portion of the AWS cloud.
You use Amazon VPC to create a virtual network
topology for your Amazon EC2 resources.
— You have complete control over your virtual networking
environment, including selection of your own IP address
range, creation of subnets, and configuration of route
tables and network gateways.
— You can create a public-facing subnet for your
webservers that has access to the Internet, and place your
backend systems such as databases or application servers
in a private-facing subnet with no Internet access
3. Amazon Virtual Private Cloud (VPC)
§ Provision a private, isolated
virtual network on the AWS
cloud.
§ Have complete control over your
virtual networking environment.
Amazon
VPC
4. VPCs and subnets
§ A subnet defines a range of IP addresses in your VPC.
§ You can launch AWS resources into a subnet that you
select.
§ A private subnet should be used for resources that won’t
be accessible over the Internet.
§ A public subnet should be used for resources that will be
accessed over the Internet.
§ Each subnet must reside entirely within one Availability
Zone and cannot span zones.
5. VPC example
Virtual Private Cloud
AWS Cloud
Public Subnet Private Subnet VPN Only Subnet
DB Server
Web Server
Customer
Network
R
Internet
App Server
VPC NAT
Gateway
Internet
Gateway
Web Server App Server DB Server
Virtual Private
Gateway
6. Security in your VPC
• Security groups
• Network access
control lists
(ACLs)
• Key Pairs
Subnet
10.0.1.0/24
Internet Gateway
VPN Gateway
VPC Router
10.0.0.0/16
Security
Group
Security
Group
Network ACL Network ACL
Routing Table Routing Table
instance instance instance instance
Subnet
10.0.0.0/24
Security
Group
Security
Group
7. VPN connections
VPN Connectivity
option
Description
AWS Hardware VPN You can create an IPsec hardware VPN connection
between your VPC and your remote network.
AWS Direct Connect AWS Direct Connect provides a dedicated private
connection from a remote network to your VPC.
AWS VPN CloudHub You can create multiple AWS hardware VPN
connections via your VPC to enable communications
between various remote networks.
Software VPN You can create a VPN connection to your remote
network by using an Amazon EC2 instance in your VPC
that’s running a software VPN appliance.
8. Using One VPC
There are limited use cases where one VPC could be
appropriate:
§ High-performance computing
§ Identity management
§ Small, single applications managed by one person or very small team
For most use cases, there are two primary patterns for organizing your infrastructure:
Multi-VPC and Multi-Account
9. AWS Infrastructure Patterns
Shared Services
Amazon VPC
Development
Amazon VPC
Test
Amazon VPC
Production
Amazon VPC
Shared Services
AWS Account
Development
AWS Account
Test
AWS Account
Production
AWS Account
VPC pattern
Account pattern
10. Choosing A Pattern
How do you know which pattern to use?
§ The primary factors for determining this are the
complexity of your organization and your workload
isolation requirements:
§ Single IT team? Multi-VPC
§ Large organization with many IT teams? Multi-
account
§ High workload isolation required? Multi-account
11. Other Important Considerations
§ For these services, a VPC cannot provide any isolation
outside of connectivity.
§ Network traffic between AWS Regions traverse the AWS
global network backbone by default.
§ Amazon S3 and DynamoDB offer VPC endpoints to
connect without traversing the public Internet.
The majority of AWS services do not actually sit
within a VPC.
12. VPCs And IP Addresses
§ When you create your VPC, you specify its set of IP
addresses with CIDR notation
§ Classless Inter-Domain Routing (CIDR) notation is a
simplified way to show a specific range of IP
addresses
§ Example: 10.0.0.0/16 = all IPs from 10.0.0.0 to
10.0.255.255
§ How does that work? What does the 16 define?
13. IPs and CIDR
Every set of 4 digits in an IP address represents a set of 8
binary values (8 bits).
00001010 00000000 00000000 00000000
10 . 0 . 0 . 0
10 . 0 . 255 . 255
00001010 00000000 11111111 11111111
14. IPs and CIDR
The 16 in the CIDR notation example represents how many
of those bits are "locked down" and cannot change.
16 bits
locked
00001010 00000000 00000000 00000000
10 . 0 . 0 . 0 /16
15. IPs and CIDR
The unlocked bits can change
between 1 and 0, allowing the
full range of possible values.
00001010 00000000 00000000 00000000
10 . 0 . 0 . 0 /16
17. VPCs and IP Addresses
§ AWS VPCs can use CIDR ranges between
/16 and /28.
§ For every one step a CIDR range increases,
the total number of IPs is cut in half:
CIDR / Total IPs
/16
65,536
/17
32,768
/18
16,384
/19
8,192
/20
4,096
/21
2,048
/22
1,024
/23
512
/24
256
/25
128
/26
64
/27
32
/28
16
18. What Are Subnets?
Subnets are segments or partitions of a network, divided by CIDR range.
Example:
1024
IPs
Subnet 1
251
Subnet 2
251
Subnet 3
251
Subnet 4
251
A VPC with CIDR /22
includes 1,024 total IPs
Note: In every subnet,
the first four and last
one IP addresses are
reserved for AWS use.
19. How to Use Subnets
Recommendation: Use subnets to
define Internet accessibility.
Public subnets
Include a routing table entry to an
Internet gateway to support
inbound/outbound access to the
public Internet.
Private subnets
Do not have a routing table entry to
an Internet gateway and are not
directly accessible from the public
Internet.
Typically use a "jump box"
(NAT/proxy/bastion host) to
support restricted, outbound-only
public Internet access.
20. Subnets
Recommendation: Start with one public and one private subnet per Availability Zone.
Availability Zone A
Public subnet Private subnet Public subnet Private subnet
10.0.0.0/21 (10.0.0.0-10.0.7.255)
Availability Zone A
21. Subnets
Recommendation: Start with one public and one private subnet per Availability Zone.
Availability Zone A Availability Zone A
Public subnet
10.0.0.0/24
Private subnet
10.0.2.0/23
Public subnet
10.0.1.0/24
Private subnet
10.0.4.0/23
10.0.0.0-
10.0.0.255
10.0.2.0-
10.0.3.255
10.0.1.0-
10.0.1.255
10.0.4.0-
10.0.5.255
10.0.0.0/21 (10.0.0.0-10.0.7.255)
22. Subnet Sizes
Recommendation: Consider larger subnets over smaller ones (/24 and larger).
Simplifies workload placement:
Choosing where to place a workload among
10 small subnets is more complicated than
with one large subnet.
Less likely to waste or run out of IPs:
If your subnet runs out of available IPs, you can't
add more to that subnet.
Example: If you have 251 IPs in a subnet that's
using only 25 of them, you can't share the unused
226 IPs with another subnet that's running out.
23. Subnet Types
Which subnet type (public or private) should you use for these resources ?
Web application instances
Public Private
ü
ü
ü
ü ü
Datastore instances
Batch processing instances
Back-end instances
24. How do you control your VPC traffic?
§ Route tables
§ Security groups
§ Network ACLs
§ Internet gateways
25. Route Tables
Directing Traffic Between VPC Resources
§ Determine where network traffic is
routed
§ Main and custom route tables
§ VPC route table: Local route
§ Only one route table per subnet
Main route table
Destination Target
10.0.0.0/16 local
10.0.0.0/16
Best practice:
Use custom route tables for each subnet to enable granular routing for destinations.
26. Security Groups
§ Are virtual firewalls that control inbound and outbound traffic for
one or more instances.
§ Deny all incoming traffic by default and use allow rules that can
filter based on TCP, UDP, and ICMP protocols.
§ Are stateful, which means that if your inbound request is allowed,
the outbound response does not have to be inspected/tracked, and
vice versa.
§ Can define a source/target as either a CIDR block or another
security group to handle situations like auto scaling.
Securing VPC Traffic With Security Groups
27. Security Groups
Use security groups to control traffic into, out of, and between resources.
Availability Zone A Availability Zone B
Private subnet Private subnet
Data tier
security group
app App tier
security group
app
data data
app app
28. How Security Groups Are Configured
§ By default, all newly created security groups allow all outbound
traffic to all destinations.
Modifying the default outbound rule on security groups increases
complexity and is not recommended unless required for compliance.
§ Most organizations create security groups with inbound rules for
each functional tier (web/app/data/etc.) within an application.
29. Availability Zone A Availability Zone B
Web tier
security group
App tier
security group
Web tier ELB
security group
Data tier
security group
App tier ELB
security group
Security Group Chaining Diagram
Security group rules per application tier
web web
app app
data data
Inbound Rule
Allow TCP Port 443
Source: 0.0.0.0/0 (Any)
Inbound Rule
Allow TCP Port 80
Source: Web tier ELB
Inbound Rule
Allow TCP Port 8080
Source: Web tier
Inbound Rule
Allow TCP Port 8080
Source: App tier ELB
Inbound Rule
Allow TCP Port 3306
Source: App tier
30. Network ACLs
§ Are optional virtual firewalls that control traffic in and out of a subnet.
§ Allow all incoming/outgoing traffic by default and use stateless rules
to allow or deny traffic.
"Stateless rules" inspect all inbound and outbound traffic and do not keep track
of connections.
§ Enforce rules only at the boundary of the subnet, not at the instance-
level, like security groups.
31. Internet gateways
§ Allow communication between
instances in your VPC and the
Internet.
§ Are horizontally scaled, redundant,
and highly available by default.
§ Provide a target in your VPC route
tables for Internet-routable traffic.
10.0.10.0/24
Public Subnet
Instance A
with public IP
10.0.0.0/16
Internet
gateway
users
Directing Traffic To Your VPC
32. Directing Traffic To Your VPC
§ Attach an Internet gateway to your VPC
§ Ensure that your subnet's route table points to the Internet gateway
§ Ensure that instances in your subnet have public IP addresses or
Elastic IP addresses
§ Ensure that your NACLs and security groups allow the relevant
traffic to flow to and from your instance
To enable access to or from the Internet for instances in a VPC subnet, you must:
33. What About Outbound Traffic From Private Instances?
Network Address Translation services:
§ Enable instances in the private subnet to initiate
outbound traffic to the Internet or other AWS
services.
§ Prevent private instances from receiving inbound
traffic from the Internet.
10.0.10.0/24
Public subnet
NAT instance
with public IP
10.0.0.0/16
Internet
gateway
users
10.0.20.0/24
Private subnet
Private instance
with private IP
Destination Target
10.0.0.0/16 local
0.0.0.0/0 NAT
Two primary options:
§ Amazon EC2 instance set up as a NAT in a
public subnet
§ VPC NAT Gateway
34. What About Outbound Traffic From Private Instances ?
Internet
gateway
users
10.0.20.0/24
Private subnet
Private instance
with private IP
VPC NAT
gateway
10.0.10.0/24
Public subnet
10.0.0.0/16
Network Address Translation services:
§ Enable instances in the private subnet to initiate
outbound traffic to the Internet or other AWS
services.
§ Prevent private instances from receiving inbound
traffic from the Internet.
Two primary options:
§ Amazon EC2 instance set up as a NAT in a
public subnet
§ VPC NAT Gateway
35. VPC NAT Gateways vs. NAT Instances On Amazon EC2
VPC NAT gateway NAT instance
Availability Highly available by default Use script to manage failover
Bandwidth Bursts to 10 Gbps Based on bandwidth of instance type
Maintenance Managed by AWS Managed by you
Security NACLs Security groups and NACLs
Port forwarding Not supported Supported
36. Availability Zone 2
Availability Zone 1
Subnets, Gateways, and Routes
10.0.2.0/23
Private subnet
10.0.4.0/23
Private subnet
10.0.0.0/24
Public Subnet
Private
Instance
Private IP
NAT Instance
Private
Instance
Private IP
DynamoDB
Region
Public IP
10.0.0.0/20
route table
Destination Target
10.0.0.0/20 local
0.0.0.0/0 NAT
Destination Target
10.0.0.0/20 local
0.0.0.0/0 IGW Internet
gateway
Destination Target
10.0.0.0/20 local
0.0.0.0/0 NAT
security group
security
group
37. Logging VPC Traffic
§ Captures traffic flow details in your VPC
Accepted and rejected traffic
§ Can be enabled for VPCs, subnets, and ENIs
§ Logs published to CloudWatch Logs
Use cases:
• Troubleshoot connectivity issues.
• Test network access rules.
• Monitor traffic.
• Detect and investigate security incidents.
Amazon VPC Flow Logs
44. AWS VPC (Single Public Subnet)
Your instances run in a
private, isolated section
of the AWS cloud with
direct access to the
Internet. Network access
control lists and security
groups can be used to
provide strict control
over inbound and
outbound network traffic
to your instances.
45. AWS VPC (Single Private Subnet H/W VPN)
Your instances run in a
private, isolated section
of the AWS cloud with a
private subnet whose
instances are not
addressable from the
Internet. You can connect
this private subnet to
your corporate data
center via an IPsec
Virtual Private Network
(VPN) tunnel.
46. AWS VPC
— This is a diagram of a typical scenario you can create
full details can be found here.
48. AWS VPC
You will need to create the following security groups
• WebServerSG—For the web servers in the public subnet
• DBServerSG—For the database servers in the private
subnet
49. AWS VPC
— From the Your VPCs screen note the details for your VPC – VPC
ID, DHCP Options set, Main Route table, Default Network ACL.
— Also note the Subnets, Internet Gateways and Elastic IPs that
have been created for your VPC. Your should clearly name your
VPC resources.
50. AWS VPC
— You can choose yourself whether you want to work
with Windows or Linux machines or a mixture of both.
— Launch a web server in the Public subnet in the VPC.
Make sure you enable Auto-Assign Public IP address.
— You should put in some meaningful details in the
Instance details tags key – value screen e.g.
RFwebserver
— Launch the server in the relevant Security Group e.g.
RFWebServerSG
— You will see both the Private and Public IP addresses
assigned to this server. You can configure a webserver
and connect to the Public IP address from your own
desktop.
51. AWS VPC
— Now you can launch a Linux instance – you can choose a basic
AMI - this instance must be launched in the private. This Server
should be launched into the DBServerSG.
— You DO NOT want to Auto-Assign a Public IP address to this
server.
— If you enable ssh from the WebServerSG to the DBServerSG you
will be able to login from the Server in the Public subnet to the
server in the Private subnet.
— Once you ssh from your webserver instance to your
dbinstance you can check your public IP address using wget
http://ipinfo.io/ip -qO –
— What is the Public IP address of the server in your Private
Network ? What does it correspond with?
52. AWS VPC
— When you have investigated this VPC Scenario you can
terminate your instances in the Public and Private subnets.
— In this exercise you created your own VPC with Public and
Private subnets.
— Note you can delete your VPC and all associated resources
(NAT gateway, instances, Elastic IPs, etc.)
53. References
— http://docs.aws.amazon.com/AmazonVPC/latest/Us
erGuide/VPC_Scenario2.html
— How to securely manage AWS credentials
¡ https://blogs.aws.amazon.com/security/post/Tx3D6U6WSFG
OK2H/A-New-and-Standardized-Way-to-Manage-
Credentials-in-the-AWS-SDKs
— How to login securely to Linux AMI in VPC Private
subnet using ssh agent forwarding
¡ https://blogs.aws.amazon.com/security/post/Tx3N8GFK85U
N1G6/Securely-connect-to-Linux-instances-running-in-a-
private-Amazon-VPC