A brief and simplified introduction to VPC and Networking within AWS.
Michael Pearce, DevOps Engineer @ Peak AI.
Disclaimer: Due to fast moving nature of AWS, may be out of date!
The document discusses Amazon Virtual Private Cloud (Amazon VPC), which allows users to define virtual networks within the AWS cloud. It describes benefits of using VPC such as security, IP address management, and network access control. It then covers VPC capabilities, architecture scenarios, configuration options for public/private subnets, security features like security groups and network ACLs, and additional topics such as dedicated hardware, VPC peering, and default VPC configuration.
VPC allows users to create a virtual network in AWS that is logically isolated from other networks. It includes IP addresses, subnets, route tables, internet gateways, and security features. VPC supports private IP addresses that can only communicate within the VPC, public IP addresses reachable from the internet, and elastic IP addresses that can be attached and detached from instances. Subnets divide the VPC into distinct regions and cannot span availability zones. They can be configured as public or private depending on internet access. Route tables and security groups control network traffic flow. Network ACLs provide optional subnet level firewalls.
A brief introduction to Amazon Virtual Private Cloud (VPC).
Amazon VPC is a very important service that provides a logically isolated area of the AWS cloud where you can launch AWS resources in a virtual network that you define.
VPC allows users to create a virtual private cloud within AWS that is logically isolated from other virtual networks. It provides users control over networking and security similar to managing their own datacenter, including custom subnets, routing tables, and network access control lists. VPC supports both public and private subnets, with private subnets only accessible through mechanisms like NAT, VPN, or bastion hosts.
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...Amazon Web Services
This document discusses various network architectures and connectivity options for connecting an on-premises customer network to the AWS cloud. It presents diagrams of virtual private cloud (VPC) subnet and availability zone configurations, the use of security groups and network access control lists to control traffic, and options for internet VPN, AWS Direct Connect, load balancing, and remote access. The goal is to help customers reinvent their network by extending it to AWS securely and with high availability.
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks
Use this VNS3 set up guide to get started in the Amazon Cloud (AWS) VPC public cloud environments.
About VNS3:
VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API.
VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more.
VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.
AWS Virtual Private Cloud (VPC) in nutshellMohit Kumar
This document provides an overview of AWS Virtual Private Cloud (VPC), including how to launch AWS resources in a virtual network. It describes VPC components like public and private subnets, and connectivity options such as internet gateways, NAT gateways, VPC endpoints, and site-to-site VPN. The document also discusses security features including network access control lists, security groups, and VPC flow logs. It concludes by listing some limits on VPC resources.
The document discusses Amazon Virtual Private Cloud (Amazon VPC), which allows users to define virtual networks within the AWS cloud. It describes benefits of using VPC such as security, IP address management, and network access control. It then covers VPC capabilities, architecture scenarios, configuration options for public/private subnets, security features like security groups and network ACLs, and additional topics such as dedicated hardware, VPC peering, and default VPC configuration.
VPC allows users to create a virtual network in AWS that is logically isolated from other networks. It includes IP addresses, subnets, route tables, internet gateways, and security features. VPC supports private IP addresses that can only communicate within the VPC, public IP addresses reachable from the internet, and elastic IP addresses that can be attached and detached from instances. Subnets divide the VPC into distinct regions and cannot span availability zones. They can be configured as public or private depending on internet access. Route tables and security groups control network traffic flow. Network ACLs provide optional subnet level firewalls.
A brief introduction to Amazon Virtual Private Cloud (VPC).
Amazon VPC is a very important service that provides a logically isolated area of the AWS cloud where you can launch AWS resources in a virtual network that you define.
VPC allows users to create a virtual private cloud within AWS that is logically isolated from other virtual networks. It provides users control over networking and security similar to managing their own datacenter, including custom subnets, routing tables, and network access control lists. VPC supports both public and private subnets, with private subnets only accessible through mechanisms like NAT, VPN, or bastion hosts.
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...Amazon Web Services
This document discusses various network architectures and connectivity options for connecting an on-premises customer network to the AWS cloud. It presents diagrams of virtual private cloud (VPC) subnet and availability zone configurations, the use of security groups and network access control lists to control traffic, and options for internet VPN, AWS Direct Connect, load balancing, and remote access. The goal is to help customers reinvent their network by extending it to AWS securely and with high availability.
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks
Use this VNS3 set up guide to get started in the Amazon Cloud (AWS) VPC public cloud environments.
About VNS3:
VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API.
VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more.
VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.
AWS Virtual Private Cloud (VPC) in nutshellMohit Kumar
This document provides an overview of AWS Virtual Private Cloud (VPC), including how to launch AWS resources in a virtual network. It describes VPC components like public and private subnets, and connectivity options such as internet gateways, NAT gateways, VPC endpoints, and site-to-site VPN. The document also discusses security features including network access control lists, security groups, and VPC flow logs. It concludes by listing some limits on VPC resources.
For more training on AWS, visit: https://www.qa.com/amazon
AWS Loft | London - Amazon Virtual Private Cloud by Andrew Kane, Solution Architect
April 18, 2016
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information on Enhanced Networking and on migrating from EC2-Classic to VPC.
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveAmazon Web Services
In this session, we explore AWS support for IPv6 for full end-to-end connectivity for EC2 instances inside of a VPC. IPv6 on EC2 instances introduces new capabilities and interesting new wrinkles into the VPC model. Customer VPCs receive IPv6 addresses from an Amazon address block, and existing features such as security groups, network ACLs, route tables, peering, and gateways have been enhanced to support IPv6. Finally, we look at some future capabilities planned for IPv6 in VPC.
This document discusses evolving VPC designs from a single VPC to multiple interconnected VPCs. It begins with a basic single VPC design and evolves it to incorporate multiple subnets, NAT gateways, VPC endpoints and peering. The document explores use cases for separating resources into multiple VPCs and presents a hub-and-spoke design using VPC peering to interconnect VPCs and provide shared services while maintaining isolation and control.
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...Amazon Web Services
This document discusses moving workloads from multiple physical data centers to AWS to improve scalability and the user experience. It recommends a highly available multi-region hybrid solution using AWS services like Direct Connect, VPC, EC2, S3, Glacier, Route 53, ELB, and SNS. The solution would have disaster recovery in a separate region and integrate an on-premises Oracle RAC. It also emphasizes establishing a rigorous security model and centralized monitoring, backup, and incident tracking to meet governance and compliance requirements.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
As more customers adopt Amazon Virtual Private Cloud architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multi-tenant VPCs, conducting VPC-to-VPC traffic, extending corporate federation and name services into VPC, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multi-region VPCs.
"What if weather or any other major event prevents a large number of your users from coming into the office? Does your VPN or remote connectivity solution scale?
Deploying solutions in AWS gives you access to agility, cost savings, elasticity, breadth of functionality, and the ability to deploy globally in minutes. With access to these benefits through the AWS platform, administrators can launch global, scalable and resilient VPN solutions to support your business at a moments notice.
In this session, learn how to build a flexible, elastic, highly secure VPN infrastructure by using Amazon Route 53, Amazon EC2, Auto Scaling, and 3rd party solutions to allow hundreds or thousands of users to work remotely as soon as the first snowflakes begin to fall.
To attend this session it is suggested that attendees have a working knowledge of VPC, EC2, general networking and an understanding of routing protocols."
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
This document discusses using Amazon Virtual Private Cloud (VPC) for hybrid IT architectures. It defines hybrid IT and outlines some common AWS services that can be used to build hybrid solutions, including VPC, VPN/Direct Connect networking, IAM policies and virtual images. Specific examples are given for disaster recovery and development/test environments extending on-premises networks to AWS. The presentation concludes with a demonstration of creating a VPC with IPSEC VPN tunnels to an on-premises office and deploying a CMS within the VPC.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of Amazon VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information for current Amazon EC2-Classic network customers and help you prepare to adopt Amazon VPC.
Speakers:
Steve Seymour, AWS Solutions Architect
Eamonn O'Neill, Director, Lemongrass Consulting
Jackie Wong, Head of Networks, Financial Times
The document discusses Amazon Virtual Private Cloud (Amazon VPC), including:
- Amazon VPC allows users to provision a virtual network within AWS similar to a private network. Users have control over IP ranges, subnets, and routing.
- Public subnets route traffic to the internet gateway, while private subnets do not. VPCs contain one public subnet per availability zone by default.
- VPC components include subnets, route tables, security groups, network access control lists, internet gateways, virtual private gateways, elastic IPs, endpoints, and NAT instances/gateways.
- Security groups apply at the instance level and only allow rules, while network access control lists apply at the subnet level and allow both allow and deny rules.
(NET201) Creating Your Virtual Data Center: VPC FundamentalsAmazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)Amazon Web Services
As more customers adopt Amazon VPC architectures, the features and flexibility of the service are squaring off against evolving design requirements. This session follows this evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, securing private access to Amazon S3, managing multi-tenant VPCs, integrating existing customer networks through AWS Direct Connect, and building a full VPC mesh network across global regions.
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...Amazon Web Services
Twilio provides a communications API that enables voice, VoIP, and messaging capabilities for web and mobile apps. They migrated their infrastructure from the isolated EC2-Classic platform to EC2-VPC to enable global routing between regions and services. This reduced complexity, improved performance and latency, and allowed for more frequent and less risky deployments. The migration required bridging traffic between EC2-Classic and EC2-VPC instances and using software routers and service discovery for peering between regions. The new global VPC infrastructure improved customer experience and satisfaction.
In this session from the London AWS Summit 2015 Tech Track Replay, AWS Solutions Architect Steve Seymour dives deep into the Amazon Virtual Private Cloud service, covering features as well as best practices.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
As enterprises move to the cloud, robust connectivity is often an early consideration. AWS Direct Connect provides a more consistent network experience for accessing your AWS resources, typically with greater bandwidth and reduced network costs. This session dives deep into the features of AWS Direct Connect and VPNs. We discuss deployment architectures and demonstrate the process from start to finish. We’ll show you how to configure public and private virtual interfaces, configure routers, use VPN backup, and provide secure communication between sites by using the AWS VPN CloudHub.
Amazon Virtual Private Cloud VPC Architecture AWS Web ServicesRobert Wilson
Amazon Virtual Private Cloud (VPC) allows users to create isolated virtual networks within AWS. The document discusses VPC fundamentals like subnets and security and provides examples of four common VPC architecture scenarios including VPC with public/private subnets and connecting VPC to an on-premise network with hardware VPN. It also outlines options for connecting a corporate network to a VPC like Direct Connect, VPN, and software VPN using EC2 instances.
AWS VPC Zero to Hero in 30 Minutes.pptxujjwalsoni23
Amazon Virtual Private Cloud (Amazon VPC) allows users to launch AWS resources into a virtual network that resembles a traditional data center network. It provides scalability and isolation of AWS resources. To set up a VPC, users create a VPC with an IP address range, then build out the virtual network by creating subnets, security groups, route tables, internet gateways and NAT gateways to control traffic to and from the VPC and internet.
As enterprises move to the cloud, robust connectivity is often an early consideration. AWS Direct Connect provides a more consistent network experience for accessing your AWS resources, typically with greater bandwidth and reduced network costs. This session dives deep into the features of AWS Direct Connect and VPNs. We discuss deployment architectures and demonstrate the process from start to finish. We’ll show you how to configure public and private virtual interfaces, configure routers, use VPN backup, and provide secure communication between sites by using the AWS VPN CloudHub.
This document discusses networking in the AWS cloud. It covers VPC components like security groups, network ACLs, route tables and how they control traffic and routing. It also discusses connectivity options between on-premises networks and VPCs like Direct Connect, VPN connections and VPC peering. The document provides examples of routing and networking tricks that can be used with EC2 instances and VPC configurations.
For more training on AWS, visit: https://www.qa.com/amazon
AWS Loft | London - Amazon Virtual Private Cloud by Andrew Kane, Solution Architect
April 18, 2016
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information on Enhanced Networking and on migrating from EC2-Classic to VPC.
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveAmazon Web Services
In this session, we explore AWS support for IPv6 for full end-to-end connectivity for EC2 instances inside of a VPC. IPv6 on EC2 instances introduces new capabilities and interesting new wrinkles into the VPC model. Customer VPCs receive IPv6 addresses from an Amazon address block, and existing features such as security groups, network ACLs, route tables, peering, and gateways have been enhanced to support IPv6. Finally, we look at some future capabilities planned for IPv6 in VPC.
This document discusses evolving VPC designs from a single VPC to multiple interconnected VPCs. It begins with a basic single VPC design and evolves it to incorporate multiple subnets, NAT gateways, VPC endpoints and peering. The document explores use cases for separating resources into multiple VPCs and presents a hub-and-spoke design using VPC peering to interconnect VPCs and provide shared services while maintaining isolation and control.
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...Amazon Web Services
This document discusses moving workloads from multiple physical data centers to AWS to improve scalability and the user experience. It recommends a highly available multi-region hybrid solution using AWS services like Direct Connect, VPC, EC2, S3, Glacier, Route 53, ELB, and SNS. The solution would have disaster recovery in a separate region and integrate an on-premises Oracle RAC. It also emphasizes establishing a rigorous security model and centralized monitoring, backup, and incident tracking to meet governance and compliance requirements.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
As more customers adopt Amazon Virtual Private Cloud architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multi-tenant VPCs, conducting VPC-to-VPC traffic, extending corporate federation and name services into VPC, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multi-region VPCs.
"What if weather or any other major event prevents a large number of your users from coming into the office? Does your VPN or remote connectivity solution scale?
Deploying solutions in AWS gives you access to agility, cost savings, elasticity, breadth of functionality, and the ability to deploy globally in minutes. With access to these benefits through the AWS platform, administrators can launch global, scalable and resilient VPN solutions to support your business at a moments notice.
In this session, learn how to build a flexible, elastic, highly secure VPN infrastructure by using Amazon Route 53, Amazon EC2, Auto Scaling, and 3rd party solutions to allow hundreds or thousands of users to work remotely as soon as the first snowflakes begin to fall.
To attend this session it is suggested that attendees have a working knowledge of VPC, EC2, general networking and an understanding of routing protocols."
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
This document discusses using Amazon Virtual Private Cloud (VPC) for hybrid IT architectures. It defines hybrid IT and outlines some common AWS services that can be used to build hybrid solutions, including VPC, VPN/Direct Connect networking, IAM policies and virtual images. Specific examples are given for disaster recovery and development/test environments extending on-premises networks to AWS. The presentation concludes with a demonstration of creating a VPC with IPSEC VPN tunnels to an on-premises office and deploying a CMS within the VPC.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of Amazon VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information for current Amazon EC2-Classic network customers and help you prepare to adopt Amazon VPC.
Speakers:
Steve Seymour, AWS Solutions Architect
Eamonn O'Neill, Director, Lemongrass Consulting
Jackie Wong, Head of Networks, Financial Times
The document discusses Amazon Virtual Private Cloud (Amazon VPC), including:
- Amazon VPC allows users to provision a virtual network within AWS similar to a private network. Users have control over IP ranges, subnets, and routing.
- Public subnets route traffic to the internet gateway, while private subnets do not. VPCs contain one public subnet per availability zone by default.
- VPC components include subnets, route tables, security groups, network access control lists, internet gateways, virtual private gateways, elastic IPs, endpoints, and NAT instances/gateways.
- Security groups apply at the instance level and only allow rules, while network access control lists apply at the subnet level and allow both allow and deny rules.
(NET201) Creating Your Virtual Data Center: VPC FundamentalsAmazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)Amazon Web Services
As more customers adopt Amazon VPC architectures, the features and flexibility of the service are squaring off against evolving design requirements. This session follows this evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, securing private access to Amazon S3, managing multi-tenant VPCs, integrating existing customer networks through AWS Direct Connect, and building a full VPC mesh network across global regions.
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...Amazon Web Services
Twilio provides a communications API that enables voice, VoIP, and messaging capabilities for web and mobile apps. They migrated their infrastructure from the isolated EC2-Classic platform to EC2-VPC to enable global routing between regions and services. This reduced complexity, improved performance and latency, and allowed for more frequent and less risky deployments. The migration required bridging traffic between EC2-Classic and EC2-VPC instances and using software routers and service discovery for peering between regions. The new global VPC infrastructure improved customer experience and satisfaction.
In this session from the London AWS Summit 2015 Tech Track Replay, AWS Solutions Architect Steve Seymour dives deep into the Amazon Virtual Private Cloud service, covering features as well as best practices.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
As enterprises move to the cloud, robust connectivity is often an early consideration. AWS Direct Connect provides a more consistent network experience for accessing your AWS resources, typically with greater bandwidth and reduced network costs. This session dives deep into the features of AWS Direct Connect and VPNs. We discuss deployment architectures and demonstrate the process from start to finish. We’ll show you how to configure public and private virtual interfaces, configure routers, use VPN backup, and provide secure communication between sites by using the AWS VPN CloudHub.
Amazon Virtual Private Cloud VPC Architecture AWS Web ServicesRobert Wilson
Amazon Virtual Private Cloud (VPC) allows users to create isolated virtual networks within AWS. The document discusses VPC fundamentals like subnets and security and provides examples of four common VPC architecture scenarios including VPC with public/private subnets and connecting VPC to an on-premise network with hardware VPN. It also outlines options for connecting a corporate network to a VPC like Direct Connect, VPN, and software VPN using EC2 instances.
AWS VPC Zero to Hero in 30 Minutes.pptxujjwalsoni23
Amazon Virtual Private Cloud (Amazon VPC) allows users to launch AWS resources into a virtual network that resembles a traditional data center network. It provides scalability and isolation of AWS resources. To set up a VPC, users create a VPC with an IP address range, then build out the virtual network by creating subnets, security groups, route tables, internet gateways and NAT gateways to control traffic to and from the VPC and internet.
As enterprises move to the cloud, robust connectivity is often an early consideration. AWS Direct Connect provides a more consistent network experience for accessing your AWS resources, typically with greater bandwidth and reduced network costs. This session dives deep into the features of AWS Direct Connect and VPNs. We discuss deployment architectures and demonstrate the process from start to finish. We’ll show you how to configure public and private virtual interfaces, configure routers, use VPN backup, and provide secure communication between sites by using the AWS VPN CloudHub.
This document discusses networking in the AWS cloud. It covers VPC components like security groups, network ACLs, route tables and how they control traffic and routing. It also discusses connectivity options between on-premises networks and VPCs like Direct Connect, VPN connections and VPC peering. The document provides examples of routing and networking tricks that can be used with EC2 instances and VPC configurations.
Network Services provides concise summaries of key AWS networking services:
Virtual Private Cloud (VPC) allows users to define their own virtual network space within AWS. A VPC Peer connects two VPCs privately. VPC Endpoints allow private connections between VPCs and supported AWS services.
Route53 is AWS's DNS service. Direct Connect provides dedicated private connectivity between on-premises networks and AWS.
CloudFront is a content delivery network (CDN) that caches and delivers content globally via an edge network for fast performance. Configuring CloudFront involves specifying origins like S3 buckets and distributing files to edge locations worldwide.
The document outlines the agenda for a user group meeting on AWS VPC topics. The agenda includes reviewing default and custom VPCs, NAT instances and gateways, VPC peering, flow logs, endpoints, VPN connections, Direct Connect, limits and pricing, and exam tips. It also lists past topics such as storage, compute, databases, and networking services, as well as upcoming topics such as Lambda, cost optimization, and machine learning.
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)Amazon Web Services
As enterprises move to the cloud, robust connectivity is often an early consideration. AWS Direct Connect provides a more consistent network experience for accessing your AWS resources, typically with greater bandwidth and reduced network costs. This session dives deep into the features of AWS Direct Connect and VPNs. We discuss deployment architectures and demonstrate the process from start to finish. We show you how to configure public and private virtual interfaces, configure routers, use VPN backup, and provide secure communication between sites by using the AWS VPN CloudHub.
The attached is a summary of terms, description of constructs, integration alternatives and more in the networking world of Kubernetes, Openshift and AWS
This document discusses VPC networking concepts in AWS including public and private subnets, internet gateways, NAT gateways, routing, and security. It also provides an overview of establishing IPSec VPN tunnels between VPCs including the phases of IKE negotiation and establishing matching security associations. Troubleshooting tips are included for checking VPN status and network traffic using tcpdump and ipsec commands.
The Getting Started on AWS deck serves to introduce Amazon users and prospective customers to the Amazon VPC, EC2 and the concepts and components that are necessary building Fault Tolerant & High Available environments on AWS. It also serves to introduce services like Direct Connect, Router53 (Amazon DNS Service) and one of our new additions, the Amazon
Application Load Balancer (ALB). After perusing this deck, users should have a better understanding of what these services are and their propose benefits.
This document provides an overview of setting up a private network in AWS called a VPC (Virtual Private Cloud). It discusses choosing an IP address range for the VPC, creating subnets across Availability Zones, setting up a route to the internet, and configuring security. It also covers options for connecting the VPC to on-premises networks, accessing other AWS services from the VPC, and monitoring VPC traffic with Flow Logs.
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual data center that you define. In this session you learn how to leverage the VPC networking constructs to configure a highly available and secure virtual data center on AWS for your application. We cover best practices around choosing an IP range for your VPC, creating subnets, configuring routing, securing your VPC, establishing VPN connectivity, and much more. The session culminates in creating a highly available web application stack inside of VPC and testing its availability with Chaos Monkey.
AWS PrivateLink allows services running within AWS to connect to other services privately without an internet gateway, VPC peering, or EIPs. It creates private connectivity using interface or gateway endpoints within VPCs. Interface endpoints function like a network interface and support security groups, while gateway endpoints add routes to route tables. PrivateLink eliminates public access and simplifies networking management compared to traditional architectures using internet gateways or VPC peering.
The document discusses a presentation given to the AWS Riyadh User Group on networking concepts and Amazon VPC components. It provides an overview of VPCs and their usage, including how to create a VPC, subnets, route tables, internet gateways, NAT gateways, network access control lists, and security groups. It also describes common networking concepts like the OSI model, IPv4 vs IPv6, subnetting, and NAT. The presentation concludes with instructions for a hands-on lab to build a sample VPC configuration.
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
This document provides an overview of Amazon Virtual Private Cloud (VPC) networking fundamentals and connectivity options. It discusses setting up an internet-connected VPC including choosing an IP address range, creating subnets in availability zones, creating a route to the internet, and authorizing traffic. It also covers VPC peering, virtual private networks (VPNs), AWS Direct Connect, VPC endpoints, AWS PrivateLink, DNS options with Route 53, and VPC flow logs.
Networking Best Practices for Your Serverless ApplicationsChris Munns
Networking plays an important role in your design decisions for building a serverless application and you have many options to consider. What are the the benefits and drawbacks of connecting a Lambda function to a VPC? How should you configure your subnets, route tables, and other networking aspects to best support your application’s needs? In this session we'll cover best practices for security, high availability, and cost. We'll also review service endpoints, cross account access, and provide insight on how to minimize the configuration overhead of a large virtual private network.
The document discusses Amazon Virtual Private Clouds (VPCs). It describes VPCs as isolated virtual networks within the AWS cloud that allow users to define their own virtual networking environments, including IP ranges, subnets, route tables and network gateways. It provides examples of how to configure public and private subnets, security groups, route tables and internet gateways to control traffic within a VPC network.
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easilyakramemohemat
The document discusses Amazon Virtual Private Clouds (VPCs). It describes VPCs as isolated virtual networks within the AWS cloud that allow users to define their own virtual networking environments, including IP ranges, subnets, route tables and network gateways. It provides examples of how to configure public and private subnets, security groups, route tables and internet gateways to control traffic within a VPC network.
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). We will discuss core VPC concepts including picking your IP space, subnetting, routing, security, NAT and VPC Endpoints.
Similar to Introduction to AWS VPC & Networking (20)
MLOps - Getting Machine Learning Into ProductionMichael Pearce
Creating autonomy and self-sufficiency by giving people what they need in order to do the things they need to do! What gets in the way, and how can we overcome those barriers? How do we get started quickly, effectively and safely? We'll come together to look at what MLOps entails, some of the tools available and what common MLOps pipelines look like.
Look mum, no hands! AWS Systems Manager for server management and automation.Michael Pearce
This document discusses server management and automation using AWS Simple Systems Manager (SSM). It describes common use cases for SSM like managing bastion hosts and SSH access. It also discusses potential security issues like exposing secret data or SSH keys. The document then provides solutions to securely manage servers at scale using SSM features like Session Manager, Run Commands, Parameter Store, and Secrets Manager. It demonstrates how to fetch and reference secrets without exposing them. In closing, it recommends Secrets Manager over Parameter Store for automatic secret rotation and generation capabilities.
Infrastructure as Code: Tools of the trade.
Presented in collaboration with Manhattan Partners this is an Introduction to Infrastructure as Code (scripted infrastructure), the pros/cons, examples, popular tools and frameworks.
Michael Pearce, DevOps Engineer @ Peak AI.
Sage Advice: Getting started with Amazon SageMakerMichael Pearce
Presented at AWS Community Summit: Getting started with Amazon SageMaker.
Related Block post - https://medium.com/peak-product/deploy-sagemaker-models-on-aws-adf41e1a1853
Michael Pearce, DevOps Engineer @ Peak AI.
Disclaimer: Due to the fast moving nature of AWS, may be out of date!
Learning, Losing & Lessons Learnt: Cloud Certification the 2nd time aroundMichael Pearce
Following the unfortunate event of failing an AWS certification exam, Michael chose to strategise, adapt and overcome. The presentation goes through the basics of getting cloud certified, what he learnt in the process as well as useful tools and resources to help you succeed.
Michael Pearce, DevOps Engineer @ Peak AI.
Cloud Security and some preferred practicesMichael Pearce
Cloud Security and some preferred practices. Security isn't easy, but here is why it matters, the difference between security and compliance and what we can do to implement it and mitigate some of the risks.
Michael Pearce, DevOps Engineer @ Peak AI.
Building scalable infrastructure for AI & MLMichael Pearce
Starting with a brief history of intelligent systems - the dawn of digital through to the data explosion. To make things scalable we've focussed on utilising cloud, infrastructure as code and automation.
Michael Pearce, Chris Newton & Lauren Rodgers, DevOps Engineers @ Peak AI.
Infrastructure as Code (IaC): Introduction to scripted infrastructureMichael Pearce
An introduction into Infrastructure as Code (scripted infrastructure), covering pros/cons, building, deploying and managing templates.
Michael Pearce, DevOps Engineer @ Peak AI.
A fun learning game covering the basics of some common AWS services such as EC2, Cloudwatch, and Amazon S3. Inspired by the popular TV gameshow Catchphrase.
Michael Pearce, DevOps Engineer @ Peak AI.
Disclaimer: Due to the fast moving nature of AWS, this may be out of date!
An AWS ML Hackathon project by Peak AI demonstrating Amazon Lex, Lambda and SageMaker to analyse a dataset and return insights using a simple classification ML model.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
1. V P C A N D
N E T W O R K I N G
A N I N T R O D U C T I O N T O A W S
2.
3. Virtual Private Cloud
• VIRTUAL (elastic) Servers - e.g. EC2 instances
• Running in OUR (virtual) network
• We have control
• Our IP Ranges
• IP for this, IP for that
• Sub Networks
• Good Security
• High Availability
• Scriptable!
4. We’ll look at…
• Regions, AZ
• Subnets
• Route tables
• Internet gateway
• Security groups
• VPC Peering
• NAT Gateway
• VPC endpoints
5. Setting up a VPC (basic)
• Set an IP address range
• Divide into sub-networks (subnets)
• Add Routing (e.g. make it accessible from the internet)
• Authorise traffic in and out of the VPC
7. Choosing an IP
• 172.31.0.0/16
• /16 means that the top 16 bits stay steady AND the bottom
16 bits can vary
• Loads of space…
• 172 is conventional!
8. Dividing the network
(subnets)
• VPC is in a region
• Which is split into multiple Availability Zones (AZs)
• Subnet is in a specific AZ
• Good practice to create a subnet into ALL AZs!
9. Routing
• i.e. making it accessible from the internet
• Route Tables contain Rules for which packets go where
• You can assign different Route Tables to Different
Subnets
• Default - routed local - Stay within VPC
10. Letting the packets fly
(Authorising traffic to and from the VPC)
• Internet Gateway (IG)
• 0.0.0.0/0 > IG
• IG is only an ABSTRACTION - not a single point of failure.
Therefore you only need ONE IG in a VPC
11. Security Groups
• Internet web server may accept traffic from 0.0.0.0/0
• BUT backend servers only accept traffic from web servers
(source will be SG)
• Principle of least privilege
• Good practice - Add a description!
12. Beyond the Internet
examples
• Subnets restricting internet access
• Connecting to other VPCs (peering)
• Connecting to corporate network
13. Routing with SUBNET
• Instead of just routing by security group you can put web
servers into a subnet with IG access (public subnet)
• but then backend servers don’t have IG access (private
subnet)
14. Outbound Only
• NAT gateway inside public subnet with public ip.
• Internal traffic routed to that nat gateway will appear on the
internet as if it were coming from that IP
15. Both Subnet + SG
• e.g. Bastion host (jump box) - SSH only from known IP
• Private resources allowed SSH from bastion host SG only
17. VPC and the rest of AWS
• Route53 for DNS i.e. ‘rstudio.dev.peak.ai.’ > 172.31.34.50
• Motoring API Load Balancer > eu-west-1a + eu-west-1b
• VPC endpoint - to stop needing to go over the internet to
get to S3 or DynamoDB (or others)
• Remember the Policy
• Inter-region peering - VPC us-east-1 to VPC eu-west-1
• Previously only same region to same region