AWS VPC Fundamentals- Webinar

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Mv – Marcus Vinicius Ferreira / Claick Oliveira
Solution Architect Team, Public Sector, Education
Junho/2019
AWS: VPC Fundamentals
VPC, Subnets, Security Groups

Mv – Marcus Vinicius Ferreira
mvferr@amazon.com
SolutionsArchitect
BR, Public Sector, Education
Mv

Claick Oliveira
claicko@amazon.com
SolutionsArchitect
BR, Public Sector, Education
Claick

AWS Agenda
AWS VPC
AWS Global Infrastructure
AWS Subnets
AWS Security Groups
AWS VPC Best Practices
AWS DevOps: CloudFormation

AWS VPC: Getting Started
https://aws.amazon.com/vpc/details/

AWS Global Infrastructure
https://infrastructure.aws/

Region
New Region
Coming Soon
Edge Location
Region &
Number of Availability Zones#
The Global Infrastructure

REGION
~ 2ms latency
AZa
AZc
AZb
DC
DC
DC
DC
DCDC
DC
DC
DC

AWS VPC: reference architecture
172.31.0.0/16
sa-east-1a sa-east-1b sa-east-1c

Logical Layer
Availability Zone Availability Zone Availability Zone

Creating your VPC
10.100.0.0/16

Private Network
https://en.wikipedia.org/wiki/Private_network

Creating your VPC
172.31.0.0/16

Creating your VPC
192.168.0.0/16

172.31.11.0/24 172.31.21.0/24 172.31.31.0/24
Creating your VPC
172.31.0.0/16
VPC subnet VPC subnet VPC subnet

172.31.11.0/24 172.31.21.0/24 172.31.31.0/24
Creating your VPC
172.31.0.0/16
VPC subnet
VPC subnet VPC subnet
VPC subnet
172.31.12.0/24 172.31.22.0/24 172.31.32.0/24

172.31.11.0/24 172.31.21.0/24 172.31.31.0/24
Creating your VPC
172.31.0.0/16
VPC subnet
172.31.13.0/24 172.31.23.0/24 172.31.33.0/24
172.31.12.0/24 172.31.22.0/24 172.31.32.0/24

VPC: Routing
https://github.com/mv/mv-aws-cloudformation-coding/tree/master/templates/vpc

VPC: Routing: Internet 2-way

VPC: Routing: Internet 1-way

VPC Routing: Locally
172.31.0.0/16
Public
Private
DB

Security Groups: Multi-AZ by default
172.31.0.0/16

Security Groups: Grouping and Securing
172.31.0.0/16
sg-web
sg-app
sg-db

Open HTTPS port access from anywhere
Open backend access to a specific security-group
ID Port Range Source
sg-web 443 (HTTPS) 0.0.0.0/0
sg-app 22 (SSH) sg-web
Open database access to a specific security-group
sg-db 3306 (MySQL) sg-app
Security Groups - Examples

Security Groups: Multi-AZ as a feature
172.31.0.0/16

2.1 ELB access or Public IP access?
user access

2.1 ELB access or Public IP access?
user access user access?
EIP/Public IPEIP/Public IP

2.2 ELB access: use Private Subnet
user access
Private IPPrivate IP
Bastion Host/
SSH Gateway

3.1 Security Groups: problems
sgPrivate

3.1 Security Groups: problems

Highly-Available Architecture
Access: via NAT
Availability Zone 1 Availability Zone 2
Amazon S3
User
Amazon
CloudFront
Amazon
Route 53
Internet Gateway
Public Subnet
Private Subnet
Public Subnet
Private Subnet
Private Subnet Private Subnet
Private Subnet
Private Subnet
RDS Read
Replica
RDS Read
Replica
RDS Read
Master
RDS
Standby
Static
Assets
Public load
balancer
Private load
balancer
NAT

Highly-Available Architecture
Access: via VPN
Availability Zone 1 Availability Zone 2
Amazon S3
User
Amazon
CloudFront
Amazon
Route 53
Internet Gateway
Public Subnet
Private Subnet
Public Subnet
Private Subnet
Private Subnet Private Subnet
Private Subnet
Private Subnet
RDS Read
Replica
RDS Read
Replica
RDS Read
Master
RDS
Standby
Static
Assets
Public load
balancer
Private load
balancer
VPN
NAT

DevOps: What is AWS CloudFormation?
Declarative programming language for deploying AWS resources.
Uses templates and stacks to provision resources.
Create, update, and delete a set of resources as a single unit (stack).
Create/delete
AWS CloudFormation
Create/delete AWS
resources
Template Stack
- Basic definition of
resources to create
- JSON text file
- Collection of AWS
resources

Example
Environment
Templates
Dev Apps
Stack
Dev Base
Stack
Test Apps
Stack
Test Base
Stack
Private
Subnet
App tier
Private
Subnet
DB tier
Master
Public
Subnet
Private
Subnet
Web tier
Private
Subnet
App tier
Private
Subnet
DB tier
NAT
Master
AMIs Amazon EBS
snapshots
Internet Gateway Internet Gateway
Development Account Production Account
Private
Subnet
Web tier
NAT
Public
Subnet

Many Environments
Development
QA 1
QA 2

VPC: Cloudformation example
https://github.com/mv/mv-aws-cloudformation-coding/blob/master/templates/vpc/vpc-3-az.cloudformation.yml

S U M M I T
São Paulo
https://www.cvent.com/events/aws-summit-sao-paulo/registration-89802b17e4ab403db6baeed7ba5917cc.aspx?lang=pt-
BR&fqp=true&refid=sp_summit_2019

Questions?
Mv – mvferr@amazon.com
Claick – claicko@amazon.com

Obrigado!
Mv – mvferr@amazon.com
Claick – claicko@amazon.com

AWS VPC Fundamentals- Webinar

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to AWS VPC Fundamentals- Webinar

Similar to AWS VPC Fundamentals- Webinar (20)

More from Amazon Web Services LATAM

More from Amazon Web Services LATAM (20)

Recently uploaded

Recently uploaded (20)

AWS VPC Fundamentals- Webinar

Editor's Notes