To deliver your applications to millions of users you need to scale your network across thousands of VPCs. AWS Transit Gateway helps scale your workloads and vastly simplifies how you connect your AWS networks. AWS Transit Gateway also makes it easier to connect your on-premises networks across those VPCs. Using secure operational controls, you can implement and maintain centralized policies to connect Amazon VPCs with each other and with your on-premises networks. This session will enable you to get started quickly and get an insight into the various capabilities that AWS Transit Gateway introduces.
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...Amazon Web Services
In this session, we will review the new AWS Transit Gateway and new networking features. We compare AWS Transit Gateway and Transit VPCs and discuss how to architect your accounts and VPCs. This session will be helpful if the developers have been let loose, and you are planning lots of VPCs or accounts. How should you connect them; what limits do you need to be aware of; and how does routing work with many VPCs? We dive into the details of recent launches and how to work with concepts like Transit VPCs, account strategies, scaling services, using firewalls, and direct connect gateways to solve problems of many VPCs.
In this session, we discuss the need for AWS Transit Gateway, dive into common use cases, and discuss reference architectures. The session will prepare you with the fundamentals to understand AWS Transit Gateway operations and create advanced architectures. Learn how AWS Transit Gateway interacts with other services, like Amazon Route 53 Resolver and AWS PrivateLink, to provide enterprise scale service in large operating environments.
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)Amazon Web Services
As enterprises move to the cloud, robust connectivity is often an early consideration. AWS Direct Connect provides a more consistent network experience for accessing your AWS resources, typically with greater bandwidth and reduced network costs. This session dives deep into the features of AWS Direct Connect and VPNs. We discuss deployment architectures and demonstrate the process from start to finish. We show you how to configure public and private virtual interfaces, configure routers, use VPN backup, and provide secure communication between sites by using the AWS VPN CloudHub.
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon Web Services
With Amazon Virtual Private Cloud (Amazon VPC) you can build your own virtual data center networks in seconds. Every VPC is free, but it comes with enterprise-grade capabilities that would cost millions of dollars in a traditional data center. How is this possible? Come hear how Amazon VPC works under the hood. We uncover how we use Amazon-designed hardware to deliver high-assurance security and ultra-fast performance that makes the speed of light feel slow. Leave with insights and tips for how to optimize your own applications, and even whole organizations, to deliver faster than ever.
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPCs, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition to different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how you can connect VPCs with your offices and current data center footprint.
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...Amazon Web Services
In this session, we will review the new AWS Transit Gateway and new networking features. We compare AWS Transit Gateway and Transit VPCs and discuss how to architect your accounts and VPCs. This session will be helpful if the developers have been let loose, and you are planning lots of VPCs or accounts. How should you connect them; what limits do you need to be aware of; and how does routing work with many VPCs? We dive into the details of recent launches and how to work with concepts like Transit VPCs, account strategies, scaling services, using firewalls, and direct connect gateways to solve problems of many VPCs.
In this session, we discuss the need for AWS Transit Gateway, dive into common use cases, and discuss reference architectures. The session will prepare you with the fundamentals to understand AWS Transit Gateway operations and create advanced architectures. Learn how AWS Transit Gateway interacts with other services, like Amazon Route 53 Resolver and AWS PrivateLink, to provide enterprise scale service in large operating environments.
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)Amazon Web Services
As enterprises move to the cloud, robust connectivity is often an early consideration. AWS Direct Connect provides a more consistent network experience for accessing your AWS resources, typically with greater bandwidth and reduced network costs. This session dives deep into the features of AWS Direct Connect and VPNs. We discuss deployment architectures and demonstrate the process from start to finish. We show you how to configure public and private virtual interfaces, configure routers, use VPN backup, and provide secure communication between sites by using the AWS VPN CloudHub.
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon Web Services
With Amazon Virtual Private Cloud (Amazon VPC) you can build your own virtual data center networks in seconds. Every VPC is free, but it comes with enterprise-grade capabilities that would cost millions of dollars in a traditional data center. How is this possible? Come hear how Amazon VPC works under the hood. We uncover how we use Amazon-designed hardware to deliver high-assurance security and ultra-fast performance that makes the speed of light feel slow. Leave with insights and tips for how to optimize your own applications, and even whole organizations, to deliver faster than ever.
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPCs, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition to different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how you can connect VPCs with your offices and current data center footprint.
AWS Black Belt Online Seminarの最新コンテンツ: https://aws.amazon.com/jp/aws-jp-introduction/#new
過去に開催されたオンラインセミナーのコンテンツ一覧: https://aws.amazon.com/jp/aws-jp-introduction/aws-jp-webinar-service-cut/
금융 회사를 위한 클라우드 이용 가이드 – 신은수 AWS 솔루션즈 아키텍트, 김호영 AWS 정책협력 담당:: AWS Cloud Week ...Amazon Web Services Korea
금융 회사가 클라우드를 이용하기 위해서 알아야 할 금융규제와 클라우드 사업자에 대한 안전성 평가 방법에 대해 알려드립니다. 또한, AWS Well Architected Framework 를 이용하여 금융회사에서 보다 안전한 AWS 클라우드 환경을 구성하는 방법에 대해서도 살펴보도록 하겠습니다.
In this session, we first cover build-out and design fundamentals for VPCs, including selecting your IP space, subnetting, routing, security, and more. We then discuss different approaches and scenarios for connecting your VPC to your data center with AWS VPN or AWS Direct Connect. Throughout this presentation, we discuss our latest networking services and updates, including AWS Transit Gateway and AWS PrivateLink. This mid-level architecture discussion is for architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how to connect VPCs with your offices and data center footprint.
Distributed denial of service (DDoS) can have an impact on the availability, security and resources consumption for your web application. AWS Web Application Firewall and AWS Shield allow to protect web applications from these attacks.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
Do you have questions on how to best use Microsoft Active Directory with your AWS Windows workloads? Do you need a deep-dive on securely setting up trusts between your on-premises Active Directory and your AWS Directory Services for Microsoft Active Directory? This session will help you understand the differences between AWS Directory Service for Microsoft AD, building your own Microsoft Active Directory on Amazon EC2, or joining your cloud resources to your on-premises Active Directory over a direct network connection. After this session you will be an expert on how to setup single sign-on for your cloud applications and resources, using Group Policy for your EC2 systems, and how to securely configure trusts across your on-premises and AWS Cloud Active Directories.
AWS Direct Connect provides low latency and high performance connectivity to the AWS cloud by allowing the provision of physical fiber from the customer’s location or data center into AWS Direct Connect points of presence. This session covers design considerations around AWS Direct Connect solutions. We will discuss how to design and configure physical and logical redundancy using both physically redundant fibers and logical VPN connectivity, and includes a live demo showing both the configuration and the failure of a doubly redundant connectivity solution. This session is for network engineers/architects, technical professionals, and infrastructure managers who have a working knowledge of Amazon VPC, Amazon EC2, general networking, and routing protocols.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
성능과 비용을 최적화하고 상황에 맞게 인프라를 조정하고자 할 때 Amazon EC2는 적절한 워크로드 선택을 위한 다양한 컴퓨팅 옵션 포트폴리오를 제공합니다. 2023년 신규 Amazon EC2의 기능, 제품 업데이트와 신규 포트폴리오를 통해 Amazon EC2 옵션들이 고성능 및 특화된 서비스를 요구하는 고객의 서비스 변화에 어떻게 도움을 드릴 수 있는지 살펴봅니다. 최적의 Amazon EC2 도입을 통해 비용 절감 효과에 대한 고객 사례도 살펴봅니다.
Whether you are a traditional enterprise exploring migrating workloads to the cloud or are already “all-in” on AWS, performing common tasks of inventory collection, OS patch management, and image creation at scale is increasingly complicated in hybrid infrastructure environments. Amazon EC2 Systems Manager allows you to perform automated configuration and ongoing management of your hybrid environment systems at scale. This session provides an overview of key EC2 Systems Manager capabilities that help you define and track system configurations, prevent drift, and maintain software compliance of your EC2 and on-premises configurations. We will also discuss common use cases for EC2 Systems Manager and give you a demonstration of a hybrid-cloud management scenario.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
Many enterprises on their journey to the cloud require consistent and highly secure connectivity among their existing data center, their staff, and AWS environments. In this session, we walk through the different architecture options for establishing this connectivity using AWS VPN solutions. With each option, we evaluate the considerations and discuss risk, performance, high availability, encryption, and cost.
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS SummitAmazon Web Services
Securely access services hosted on AWS using AWS PrivateLink. Come to this session and learn the fundamentals of AWS PrivateLink, including VPC design, VPC endpoint, Network Load Balancer, and more. Discover the benefits and use cases for connecting your VPC with AWS-based services over AWS PrivateLink, and hear about the technologies that are related to AWS PrivateLink, such as AWS Direct Connect, Amazon Route 53, and other AWS services. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding how to connect their Amazon VPCs to SaaS services in a secure and scalable manner.
AWS Black Belt Online Seminarの最新コンテンツ: https://aws.amazon.com/jp/aws-jp-introduction/#new
過去に開催されたオンラインセミナーのコンテンツ一覧: https://aws.amazon.com/jp/aws-jp-introduction/aws-jp-webinar-service-cut/
금융 회사를 위한 클라우드 이용 가이드 – 신은수 AWS 솔루션즈 아키텍트, 김호영 AWS 정책협력 담당:: AWS Cloud Week ...Amazon Web Services Korea
금융 회사가 클라우드를 이용하기 위해서 알아야 할 금융규제와 클라우드 사업자에 대한 안전성 평가 방법에 대해 알려드립니다. 또한, AWS Well Architected Framework 를 이용하여 금융회사에서 보다 안전한 AWS 클라우드 환경을 구성하는 방법에 대해서도 살펴보도록 하겠습니다.
In this session, we first cover build-out and design fundamentals for VPCs, including selecting your IP space, subnetting, routing, security, and more. We then discuss different approaches and scenarios for connecting your VPC to your data center with AWS VPN or AWS Direct Connect. Throughout this presentation, we discuss our latest networking services and updates, including AWS Transit Gateway and AWS PrivateLink. This mid-level architecture discussion is for architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how to connect VPCs with your offices and data center footprint.
Distributed denial of service (DDoS) can have an impact on the availability, security and resources consumption for your web application. AWS Web Application Firewall and AWS Shield allow to protect web applications from these attacks.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
Do you have questions on how to best use Microsoft Active Directory with your AWS Windows workloads? Do you need a deep-dive on securely setting up trusts between your on-premises Active Directory and your AWS Directory Services for Microsoft Active Directory? This session will help you understand the differences between AWS Directory Service for Microsoft AD, building your own Microsoft Active Directory on Amazon EC2, or joining your cloud resources to your on-premises Active Directory over a direct network connection. After this session you will be an expert on how to setup single sign-on for your cloud applications and resources, using Group Policy for your EC2 systems, and how to securely configure trusts across your on-premises and AWS Cloud Active Directories.
AWS Direct Connect provides low latency and high performance connectivity to the AWS cloud by allowing the provision of physical fiber from the customer’s location or data center into AWS Direct Connect points of presence. This session covers design considerations around AWS Direct Connect solutions. We will discuss how to design and configure physical and logical redundancy using both physically redundant fibers and logical VPN connectivity, and includes a live demo showing both the configuration and the failure of a doubly redundant connectivity solution. This session is for network engineers/architects, technical professionals, and infrastructure managers who have a working knowledge of Amazon VPC, Amazon EC2, general networking, and routing protocols.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
성능과 비용을 최적화하고 상황에 맞게 인프라를 조정하고자 할 때 Amazon EC2는 적절한 워크로드 선택을 위한 다양한 컴퓨팅 옵션 포트폴리오를 제공합니다. 2023년 신규 Amazon EC2의 기능, 제품 업데이트와 신규 포트폴리오를 통해 Amazon EC2 옵션들이 고성능 및 특화된 서비스를 요구하는 고객의 서비스 변화에 어떻게 도움을 드릴 수 있는지 살펴봅니다. 최적의 Amazon EC2 도입을 통해 비용 절감 효과에 대한 고객 사례도 살펴봅니다.
Whether you are a traditional enterprise exploring migrating workloads to the cloud or are already “all-in” on AWS, performing common tasks of inventory collection, OS patch management, and image creation at scale is increasingly complicated in hybrid infrastructure environments. Amazon EC2 Systems Manager allows you to perform automated configuration and ongoing management of your hybrid environment systems at scale. This session provides an overview of key EC2 Systems Manager capabilities that help you define and track system configurations, prevent drift, and maintain software compliance of your EC2 and on-premises configurations. We will also discuss common use cases for EC2 Systems Manager and give you a demonstration of a hybrid-cloud management scenario.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
Many enterprises on their journey to the cloud require consistent and highly secure connectivity among their existing data center, their staff, and AWS environments. In this session, we walk through the different architecture options for establishing this connectivity using AWS VPN solutions. With each option, we evaluate the considerations and discuss risk, performance, high availability, encryption, and cost.
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS SummitAmazon Web Services
Securely access services hosted on AWS using AWS PrivateLink. Come to this session and learn the fundamentals of AWS PrivateLink, including VPC design, VPC endpoint, Network Load Balancer, and more. Discover the benefits and use cases for connecting your VPC with AWS-based services over AWS PrivateLink, and hear about the technologies that are related to AWS PrivateLink, such as AWS Direct Connect, Amazon Route 53, and other AWS services. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding how to connect their Amazon VPCs to SaaS services in a secure and scalable manner.
Extending Data Centers to the Cloud: Connectivity Options and Best Practices ...Amazon Web Services
Many enterprises on their journey to the cloud require consistent and highly secure connectivity between their existing data center and AWS footprints. In this session, we walk through the different architecture options for establishing this connectivity using AWS Direct Connect and VPN. With each option, we evaluate the considerations and discuss risk, performance, high availability, encryption, and cost. As we walk through these options, we discuss the associated best practices and answer some of the common questions that arise from enterprises that tackle design and implementation. Learn how to make connectivity decisions that are suitable for your workloads and how to best prepare against business impact in the event of failure.
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) enables you to have complete control over your AWS virtual networking environment. Given this control, have you ever wondered how new Amazon VPC features might affect the way you design your AWS networking infrastructure, or even change existing architectures that you use today? In this session, we explore the new design and capabilities of Amazon VPC and how you might use them. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)Amazon Web Services
As customers progress through their cloud journeys, sensitive and regulated IT workloads, and data migrations could necessitate the use of AWS GovCloud (US). But how do you get started? What do you need to know before expanding your footprint to the AWS GovCloud (US) region? Is extending the footprint from standard AWS regions different than extending from on-premise environments and datacenters? Join us to learn the technical and operational considerations, approaches, best practices and tools to successfully extend your IT environments and technology footprint and migrate assets to the AWS GovCloud (US) Region.
AWS PrivateLink enables you to securely access services hosted on AWS. Come to this session and learn the fundamentals of AWS PrivateLink, including VPC design, VPC endpoint, Network Load Balancer, and more. Discover the benefits and use cases for connecting your VPC with services based on AWS over AWS PrivateLink, and hear about the AWS services that are related to AWS PrivateLink, including AWS Direct Connect, Amazon Route 53, and others. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers who want to understand how to connect their Amazon VPCs to SaaS services in a secure and scalable manner.
Securely access services hosted on AWS using AWS PrivateLink. Come to this session and learn the fundamentals of AWS PrivateLink, including VPC design, VPC endpoint, Network Load Balancer, and more. Discover the benefits and use cases for connecting your VPC with AWS-based services over AWS PrivateLink, and hear about the technologies that are related to AWS PrivateLink, such as AWS Direct Connect, Amazon Route 53, and other AWS services. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding how to connect their Amazon VPCs to SaaS services in a secure and scalable manner.
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS SummitAmazon Web Services
In this mid-level session, we explore the fundamentals of AWS PrivateLink, including VPC design, VPC endpoints, and Network Load Balancer. Discover the benefits and use cases for connecting your VPCs with services in AWS over AWS PrivateLink, and hear about related technologies such as AWS Direct Connect, Amazon Route 53, and other AWS services. This architecture discussion is designed for architects, network administrators, and technology decision makers interested in understanding how to connect their Amazon VPCs to SaaS services in a secure and scalable manner.
In this session, we will review the new AWS Transit Gateway and new networking features. We compare AWS Transit Gateway and Transit VPCs and discuss how to architect your accounts and VPCs. This session will be helpful if the developers have been let loose, and you are planning lots of VPCs or accounts. How should you connect them; what limits do you need to be aware of; and how does routing work with many VPCs? We dive into the details of recent launches and how to work with concepts like Transit VPCs, account strategies, scaling services, using firewalls, and direct connect gateways to solve problems of many VPCs.
"
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Amazon Web Services
In this session, we'll walk through the fundamentals of Amazon VPC, including: build-out, design details, picking your IP space, subnetting, routing, security and NAT. Then, we'll look at different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This session is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks that AWS makes available with Amazon VPC.
[NEW LAUNCH!] How to Architect for Multi-Region Redundancy Using Anycast IPs ...Amazon Web Services
Deployed globally in multiple edge locations, AWS Global Accelerator helps you manage traffic destined to your multi-regional applications with further higher levels of availability and performance. This session comprises ways in which Ubiquity helps you build fault tolerant and highly performant systems across AWS regions using anycast static IP addresses. In this session, you will learn about Global Accelerator’s shuffle sharding technique used for its static IPs, benefits of anycast and more.
Connectivity Options: VPC Peering, Transit VPC, AWS PrivateLink, AWS Direct C...Amazon Web Services
In this interactive talk, we try to make the decision-making process of each of these options known. We do this by using a decision tree-like method while still capturing the do's and donts of VPC peering, transit VPC, AWS PrivateLink, AWS Direct Connect, and so on.
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...Amazon Web Services
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPCs, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition to different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how you can connect VPCs with your offices and current data center footprint.
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS SummitAmazon Web Services
In this mid-level session, we explore the fundamentals of AWS PrivateLink, including VPC design, VPC endpoints, and Network Load Balancer. Discover the benefits and use cases for connecting your VPCs with services in AWS over AWS PrivateLink, and hear about related technologies such as AWS Direct Connect, Amazon Route 53, and other AWS services. This architecture discussion is designed for architects, network administrators, and technology decision makers interested in understanding how to connect their Amazon VPCs to SaaS services in a secure and scalable manner.
Designing Network Architectures with Direct Connect for Multiple Traffic Stre...Amazon Web Services
In this session, we discuss an AWS network design for multiple traffic streams, such as production, non-production, and PCI data (or regulated data) using AWS Direct Connect and Direct Connect gateway. We show you how to do this while keeping the traffic segregated at the network layer.
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...Amazon Web Services
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPCs, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks that AWS makes available with Amazon VPC.
Best Practices for Building Multi-Region, Active-Active Serverless Applicatio...Amazon Web Services
In this session, we walk through building and deploying a global-scale, multi-region, active-active serverless backend using Amazon Route 53 to route the traffic among AWS Regions, Amazon API Gateway, and AWS Lambda for the backend, and Amazon DynamoDB global tables for handling data storage at a global scale. We provide a demo and a hands-on coding opportunity.
Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018AWS Germany
Containers are an increasingly important way for developers to package and deploy their applications and AWS offers multiple container products to help you deploy, manage, and scale containers in production. In this session we dive deep into Amazon Elastic Container Service for Kubernetes (Amazon EKS), a new managed service for running Kubernetes on AWS. Learn how Amazon EKS works, from provisioning nodes, launching pods, and integrations with AWS services such as Elastic Load Balancing and Auto Scaling.
Learn more about containers here: https://aws.amazon.com/containers/
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018Amazon Web Services
AWS Direct Connect provides a more consistent network experience for accessing your AWS resources, typically with greater bandwidth and reduced network costs. This session dives deep into the features of AWS Direct Connect, including public and private virtual Interfaces, Direct Connect Gateway, global access, local preference communities, and more.
Similar to [NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018 (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
STEVE
Good morning – welcome to this session on the newly announced AWS Transit Gateway.
My name is Steve Seymour, I’m a Principal Solutions Architect at AWS and one of our Networking Specialists.
This is Thomas Spendley, he is the General Manager for Transit Gateway and our VPN Service.
Lets get this out of the way now. This is a Networking session. It’s going to involve Routes and that’s the correct way to say it. I feel though that with Thomas co-presenting his own service with me up here, I should show some respect and at least try to say rowte a few times. We’ll see!
We are both looking forward to sharing the details about a new service that the team have been working on for quite a while and that we know our customers will be excited to use.
STEVE
So lets jump into it.
You may have seen that we have some new Icons – and if not, I think you can decipher the meaning here.
If you take the AWS Cloud and need the ability to provide full routing functionality – the result is AWS Transit Gateway.
This was announced last night by Peter in his Monday night session and is now generally available for use.
It’s a new service that allows customers to interconnect thousands of VPC’s and on-premises networks.
THOMAS
Ok, so what is Transit Gateway
THOMAS
- AWS Transit Gateway is not a physical device – it’s a fully distributed and managed AWS Service.
- It has the capabilities you’d expect to see in order to interconnect thousands of VPC’s, cross accounts, at scale.
- It allows you to make very simple or very complex routing decisions based your requirements.
- It can also help simplify how you share connectivity from your on-premises environments to your VPCs, for example using AWS VPN.
- It provides flexibility with the use of multiple route tables – creating the concept of routing domains which we will talk about more later.
STEVE
Ok, so lets examine at a very high level how Transit Gateway could immediately help with some of the Architectures we see you as our customers deploying.
Firstly, lets consider a scenario where you have multiple VPC’s deployed – in the same or in multiple accounts
STEVE
Assuming you wanted all 4 of these VPC’s to communicate with each other, you would use VPC Peering to build a full mesh of connectivity between them. This doesn’t introduce any bandwidth limits and is very simple to setup – but you can see that even with just four VPC’s, we have 6 Peering connections to create, accept and configure routing for.
STEVE
When we introduce Transit Gateway into this scenario, it’s as simple as attaching all four VPC’s to the Transit Gateway and they can all reach each other. Further more, we can keep adding VPC’s with a single attachment API call and join them into this fully routed environment.
STEVE
Lets take that same scenario with the full mesh peering and extend that to connect back to an on-premises network via VPN. We are showing a single Customer Gateway – a router – here.
STEVE
Well, we need to create an AWS VPN Connection from a VGW from each VPC back to the customer gateway.
Of course, each VPN Connection is two tunnels for resilience but I’m showing a single line here representing that because all the tunnels are terminating on the same customer gateway.
As we add more VPC’s to the environment, we now need to create more VPN tunnels – which adds increased complexity and configuration requirements for your network.
STEVE
Now, with the Transit Gateway, this is hugely simplified. We can simply create a single VPN Connection (still two tunnels) from the customer gateway to the transit gateway and have full access to all of the VPC”s that are attached.
STEVE
But of course, if there are two tunnels with resilience on the AWS side, the best practice deployment is to build resilience on the customer gateway side of the VPN’s too.
STEVE
… which of course means two customer gateways and another VPN connection per VPC.
This is quickly multiplying for a relatively simple scenario here with just four VPC’s and two Customer Gateways.
STEVE
As you might have guessed by now, this becomes much simpler with the Transit Gateway where you simply add one additional VPN connection to have that full resilient connectivity to all of your VPC’s in the region.
THOMAS
TRANSITION - Ok, so I think you have the concepts – lets move from theory into practice and see what it will take to build the components of a Transit Gateway.
THOMAS
- In this scenario we have four VPC’s that are being used for development - each needing to communicate with each other.
- The whole environment needs to be connected back to our on-premise network perhaps to reach a code repo or be available for users to test against.
- We may need to tear down these VPC’s and create new ones on the fly and don’t want to have the potential delays of building out new VPN’s or re-configuring of our VPN router.
THOMAS
Lets start by simply creating four VPC’s in our development account – all within the 10/8 range – 10.1, 10.2, 10.3 and 10.4.
These VPC’s have been created with subnets in two availability zones.
THOMAS
The first step therefore is to create the new Transit Gateway itself.
You can find this in the VPC console and other than providing a name, we are going to leave all of the defaults for this – our first Transit Gateway.
THOMAS
-Now once the TGW has been successfully created, we see it’s state as available.
-The one thing to remember is that Transit Gateway is a regional object, it’s highly available and created without single points of failure.
-If you were in some of the sessions last year – you might be familiar with the ‘HyperPlane’ technology we mentioned – well Transit Gateway is built using that same scalable and highly available building block.
THOMAS
-Next, we need to attach our VPC’s. As you can see, this is as simple as choosing the TGW and then providing a subnet for each availability zone.
-It is important to remember that TGW is a regional object with Zonal attachments. You only need to connect only ONE subnet for each availability zone in that VPC.
THOMAS
We repeat that attachment process three more times – one per VPC – very quick and simple.
THOMAS
So if we now take a look in the console, we can see all four VPC attachments now in the available state and the various default parameters being applied to each attachment at the bottom.
THOMAS
-Lets jump over to the Transit Gateway Route Table section and take a look there.
-What you should immediately see is that the CIDR ranges for our VPC’s are all listed with their associated attachment ID.
-This confirms that the transit gateway has a route to each of those VPC’s.
THOMAS
-Finally, we always need to consider the return path so lets update the route tables in each of our VPC’s to send traffic for all 10/8 networks via the newly attached TGW.
-Just like other target types, you simply enter the TGW ID into the target field and you are good to go.
THOMAS.
-Now, to prove this is working, I launched an EC2 instance in each of our VPC’s – I put them in the first subnet with .50 as the last octet to keep things simple.
-I then logged into the 10.1 EC2 instance and pinged the other three – as you can see, all of them responded.
-These are real screen shots from a real deployment.
- It really did only take the steps I’ve went through to establish any-to-any connectivity.
THOMAS
-Now in our original scenario, we talked about the requirement to connect to an on-prem network via VPN.
-As you might have noticed, this is simply another attachment type.
-We choose VPN and then select either an existing defined Customer Gateway or a new one.
-The definition of the Customer Gateway identifies the remote IP Address and AS Number for BGP.
THOMAS
After it’s created, we switch to the VPN console and simply download our configuration template as normal and apply it to our on-premise router.
THOMAS
Looking back at the Transit Gateway Route table, once the VPN Tunnels come up and BGP is established, we see the new 10.99 prefix present in the route table that is coming from our on-prem network via VPN
THOMAS
-Jumping back to our test EC2 instance in the 10.1 VPC, we see we can now ping an on-premise host through the VPN using it’s 10.99 address.
-We don’t need to do any other configuration here, it’s simply immediately reachable.
THOMAS
From the Customer Gateway – which is the on-prem router - if we take a look at it’s BGP route table, we can see the CIDR range being received for each of the attached VPC’s and two paths via the two tunnels that are automatically created for an AWS VPN Connection.
THOMAS
-As you’d expect, all of the actions we just did in the console can be done via the AWS Command Line interface or direct via our API’s.
-I’m showing you the
existing VPN connection API call – all that’s changed is that you can now pass it a Transit Gateway parameter rather than a Virtual Private Gateway.
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
TRANSITION – So, we saw with Transit Gateway you can create routing policies which allow you to build an any-to-any topology and even share a VPN connection with any of those VPCs. But, what if you don’t want east-west traffic between VPCs.
STEVE
- Back to Dave example, how do I get to an instance in the 10.2 VPC?
I look at my VPC1 route table and see an entry for the 10/8 network back to the Transit Gateway
STEVE
But when I look at the TGW route-table-A, I realize there is no path to the 10.2 network so the packet is dropped.
As you can see there is no way for the traffic to get to VPC 10.2 through TGW but I was still able to share my VPM connection with both VPCs
STEVE
TRANSITION – while each of the scenarios can get you started, to get into more complex network setups, we have a session with Nick Matthews on Thursday 12:15-1:15. You will learn how to build complex TGW configurations which allow you to 1) Use a 3rd party partner appliances for Packet Inspection 2) Centralize Egress traffic using a NAT gateway 3) Create High Bandwidth VPN connectivity using ECMP / Equal-Cost Multi-Pathing to your on premise network or network appliances in your VPC.
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
So lets revisit our earlier explorer …
She followed the path from the TGW Route table via the attachment and is now in the VPC.
She actually enters the VPC via one of these ENI’s so when looking for the next hop, it’s actually the route table for those subnets that she consults.
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
STEVE
THOMAS
So, what other features does a Transit Gateway provide?
THOMAS
As I showed you earlier, the process of attaching a VPN connection to a Transit Gateway is simple. All that’s changed is that you now pass a Transit Gateway rather than a Virtual Private Gateway parameter.
A long time ask from our customers is the ability to deliver greater than 1Gig IPSec bandwidth for AWS VPN.
With a Transit Gateway, customers can use Equal Cost Multi-Pathing (ECMP) to do that.
THOMAS
Equal-cost multi-pathing is a routing strategy where next-hop packet forwarding is to a single destination occurs over multiple "best paths"
By advertising the same IP Prefix over all VPN connections, the Transit Gateway will distribute your traffic across those connections.
For example, a customer who wants a backup for a 10Gig Direct Connect could establish 8 VPN connections with ECMP to provide equivalent bandwidth.
THOMAS
TRANSITION – Transit Gateway also supports DNS.
If you have been using DNS resolution for for public names to private addresses over VPC peering, they will continue to work over Transit Gateway attachments.
Also, with the newly launched Route 53 resolver endpoints service you can manage your DNS infrastructure in a centralized service VPC and access it from the attached VPCs and VPN connections.
THOMAS
TRANSITION – To be able to connect VPCs across multiple accounts, the Transit Gateway uses the newly launched Resource Access Manager (RAM) service. RAM is new a service that enables sharing of AWS resources across different accounts in a centralized way.
Step 1, the Transit Gateway Owner Enables sharing by creating a resource share in (RAM) and specifies the principals for who can use it.
It is important to remember that Principals must accept the invitation of this resource share if they’re not in the same organization.
THOMAS
Step 2, the VPC Owner (the Participant) Requests to attach to the Transit Gateway.
Since the Transit Gateway sharing enabled, the Participant account can call describe-transit-gateways. They would call create-transit-gateway-vpc-attachment to attach their VPCs.
Step 3, the Transit Gateway Owner Approves or Rejects the attachment request from the Participant.
The Transit Gateway owner has the ability to see all of these these attachments requests using the describe-transit-gateway-vpc-attachments.
It is important to remember that while Participants can attach to a Transit Gateway, the can not modify the Transit Gateway route tables.
This allows for example a Network team to own the Transit Gateway and manage connectivity from on-premise to VPCs while Application teams can attach to a Transit Gateway to leverage shared network resources. They can consume the network but not change it.
THOMAS
TRANSITION – here is how you would create a new resource-share from the RAM console.
- The first step is to create a new Resource Share itself by providing a name.
- You would then select the resource you want to share, in this case the Transit Gateway.
For Principals, you would provide the accounts or OUs you want to enable sharing with.
It is important to remember here that you can share with any AWS account or your organization.
We now have a new resource-share that can be centrally managed.
.
THOMAS
TRANSITION –Transit Gateway is a fully managed service integrate seamlessly with other AWS services like CloudFormation, CloudWatch, Flow Logs
At launch Transit Gateway will support CloudFormation templates. This allows you to easily automate your network build process.
Cloudwatch metrics supports traffic counters like packets in /out and dropped packets.
You can use Flow Logs by enabling flow logs on the attachment ENIs in the VPC.
THOMAS
TRANSITION - as far as Transit Gateway Pricing
You will be billed hourly for each attachment to a Transit Gateway.
Hourly billing will also start when the AWS Transit Gateway owner accepts your attachment and it stops when the attachment is deleted.
Data processing charges apply for each gigabyte sent from an attachment to the Transit Gateway.
Each partial hour consumed is billed as a full hour.
THOMAS
We are now launched in SIX regions with more to follow by EOY!
THOMAS
TRANSITION – the Transit Gateway was designed to support a large number of attachments and number of routes.
With 5,000 attachments you can create a large network topology that suits your organizational, customer, or partner needs.
A VPC can be connected up to 5 Transit Gateways
You can create up to 20 Route Tables aka Routing Domains which allows you to create routing policies to either Share or Isolate network resources.
THOMAS
TRANSITION – so, what else do we have in the works for Transit Gateway?
THOMAS
You can use Public Direct Connect with AWS VPN to attach to a Transit Gateway
We are working to provide Private Direct Connect support through Direct Connect Gateway in Q1 2019.
We will be providing Cross Region support in 2019. This will allow you to build a global network that connects TGW-TGW across regions.
For example, a branch can establish a private VPN connection to the US East region in N. VA, send traffic to the Asia Pacific region ENCRYPTED out to another private VPN connection to a branch in Mumbai.
We are planning to support other advanced routing features such as Policy Based Routing, this allows routing decisions based on properties of the packet other than the destination address.
THOMAS
Routing
AWS Transit Gateways supports dynamic and static layer 3 routing between Amazon Virtual Private Clouds (VPCs) and site-to-site VPN. Routes determine the next hop depending on the destination IP address of the packet, and can point to an Amazon VPC or to a VPN connection.
Edge connectivity
You can create VPN connections between your AWS Transit Gateway and on-premises gateways using site-to-site VPN.
You can create multiple VPN connections that announce the same prefixes and enable Equal Cost Multipath (ECMP) between these connections. By load-balancing traffic over multiple paths, ECMP can substantially increase the bandwidth.
Amazon VPC feature interoperability
AWS Transit Gateway enables the resolution of public DNS hostnames to private IP addresses when queried from Amazon VPCs that are also attached to the AWS Transit Gateway.
An instance in an Amazon VPC can access a NAT gateway, Network Load Balancer, AWS PrivateLink, and Amazon Elastic File System in others Amazon VPCs that are also attached to the AWS Transit Gateway.
Monitoring
AWS Transit Gateway provides statistics and logs using AWS services, such as Amazon CloudWatch and Amazon VPC Flow Logs. You can use Amazon CloudWatch to get bandwidth usage between Amazon VPCs and a VPN connection, packet flow count, and packet drop count. You can also enable Amazon VPC Flow Logs on AWS Transit Gateway so you can capture information on the IP traffic routed through the AWS Transit Gateway.
Security
AWS Transit Gateway is integrated with Identity and Access Management (IAM), enabling you to manage access to AWS Transit Gateway securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to the AWS Transit Gateway.