SlideShare a Scribd company logo

Networking 101 AWS - VPCs, Subnets, NAT Gateways, etc

Download as PPTX, PDF
Stenio Ferreira
Stenio Ferreira

Overview of different elements composing a network architecture

Engineering
1 of 15
Stenio Ferreira - CrossMarket June 2017
• • •
• • • • • • security group security group Ec2 Ec2 private IP
• • security group security group security group security group
Each subnet has: • CIDR Range (e.g. 10.1.0.0/16) /8 255.0.0.0 /16 255.255.0.0 /24 255.255.255.0 /32 255.255.255.255 0.0.0.0/0 -> catch all • •
Public Subnets: • Attach an Internet gateway to your VPC. • Subnet's route table points to the Internet gateway • Instances in subnet have a globally unique IP address • Network ACL and security group rules allow the relevant traffic to flow to and from instance Private Subnets: NAT Gateway allows one-way traffic for instances in the private subnet – they can access the internet, but not the other way around. NAT Gateway • Located in the public subnet • Needs elastic ip • Update route in private subnet to send relevant traffic to NAT Gateway c
Default VPC: • Create a VPC with a size /16 IPv4 CIDR block. • Create a default subnet in each Availability Zone. • Create an Internet gateway and connect it to your default VPC. • Create a main route table for your default VPC with a rule that sends all IPv4 traffic destined for the Internet to the Internet gateway. • Create a default security group and associate it with your default VPC. • Create a default network access control list (ACL) and associate it with your default VPC. • Associate the default DHCP options set for your AWS account with your default VPC.
• • security group security group VPC peering Route table Route table VPC peering Route table Ec2 Ec2 private IP Ec2 Ec2 public IP Internet Gateway
• • VPN connection Route table VPN connection
IPSect Stages: 1. Interesting traffic initiates the IPSec process 2. IKE phase one: authenticates, sets secure channel for phase two. 3. IKE phase two: IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers. 4. Data transfer 5. IPSec tunnel termination: through deletion or by timing out
Thank you! Stenio.ferreira@slalom.com
TCPDump Commands TCPDump can also be used to evaluate traffic received # Shows traffic received in port 22 $ tcpdump -i eth0 port 22 # Shows traffic originating from specified IP $ tcpdump -i eth0 src 192.168.0.2 On the VPN EC2 instances, ensure that Source/ Dest. check is false. IPSec Commands # Bring a tunnel up or down: $ ipsec auto --down <tunnel_name> # Check status: # If you do not see "erouted", it signifies that there might be an issue # Anything 4500 is success, 500 might indicate a failure in one of the sides $ ip xfrm state $ ip xfrm monitor

Recommended

Configuring Site-to-Site VPN's on ASA Firewalls
Configuring Site-to-Site VPN's on ASA FirewallsConfiguring Site-to-Site VPN's on ASA Firewalls
Configuring Site-to-Site VPN's on ASA FirewallsKelvin Charles
 
Midokura Gluecon 2014 - Level up your OpenStack Neutron Networking
Midokura Gluecon 2014 - Level up your OpenStack Neutron NetworkingMidokura Gluecon 2014 - Level up your OpenStack Neutron Networking
Midokura Gluecon 2014 - Level up your OpenStack Neutron NetworkingAdam Johnson
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardCentral Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardAndrew Denner
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)Andrew Denner
 
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...eNovance
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
OpenStack Summit Pluggable IPAM
OpenStack Summit Pluggable IPAMOpenStack Summit Pluggable IPAM
OpenStack Summit Pluggable IPAMRomana Project
 
OpenStack Neutron 201 1hr
OpenStack Neutron 201 1hr OpenStack Neutron 201 1hr
OpenStack Neutron 201 1hr David Lenwell
 

Recommended

Configuring Site-to-Site VPN's on ASA Firewalls
Configuring Site-to-Site VPN's on ASA FirewallsConfiguring Site-to-Site VPN's on ASA Firewalls
Configuring Site-to-Site VPN's on ASA FirewallsKelvin Charles
 
Midokura Gluecon 2014 - Level up your OpenStack Neutron Networking
Midokura Gluecon 2014 - Level up your OpenStack Neutron NetworkingMidokura Gluecon 2014 - Level up your OpenStack Neutron Networking
Midokura Gluecon 2014 - Level up your OpenStack Neutron NetworkingAdam Johnson
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardCentral Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardAndrew Denner
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)Andrew Denner
 
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...eNovance
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
OpenStack Summit Pluggable IPAM
OpenStack Summit Pluggable IPAMOpenStack Summit Pluggable IPAM
OpenStack Summit Pluggable IPAMRomana Project
 
OpenStack Neutron 201 1hr
OpenStack Neutron 201 1hr OpenStack Neutron 201 1hr
OpenStack Neutron 201 1hr David Lenwell
 
SF Kubernetes Meetup Lightning Talk
SF Kubernetes Meetup Lightning TalkSF Kubernetes Meetup Lightning Talk
SF Kubernetes Meetup Lightning TalkRomana Project
 
OpenStack Neutron Advanced Services by Akanda
OpenStack Neutron Advanced Services by AkandaOpenStack Neutron Advanced Services by Akanda
OpenStack Neutron Advanced Services by AkandaSean Roberts
 
NaaS in OpenStack - CloudCamp Moscow
NaaS in OpenStack - CloudCamp MoscowNaaS in OpenStack - CloudCamp Moscow
NaaS in OpenStack - CloudCamp MoscowIlya Alekseyev
 
KRACK attack
KRACK attackKRACK attack
KRACK attackVadimDavydov3
 
Bay Area Network Virtualization Meetup
Bay Area Network Virtualization MeetupBay Area Network Virtualization Meetup
Bay Area Network Virtualization MeetupRomana Project
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and AutomationAdam Johnson
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaSimplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaJuergen Brendel
 
OpenStack Ops Meetup
OpenStack Ops MeetupOpenStack Ops Meetup
OpenStack Ops MeetupRomana Project
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron) CREATE-NET
 
VPNaaS in Neutron
VPNaaS in NeutronVPNaaS in Neutron
VPNaaS in NeutronKazunori Takeuchi
 
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...Liz Warner
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation KishoreTs3
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with NeutronKwonSun Bae
 
Introduction to istio
Introduction to istioIntroduction to istio
Introduction to istioAndrea Monacchi
 
Terminal Access Controller
Terminal Access ControllerTerminal Access Controller
Terminal Access ControllerKHNOG
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNICIndonesia Network Operators Group
 
How Microsoft will MiTM your network
How Microsoft will MiTM your networkHow Microsoft will MiTM your network
How Microsoft will MiTM your networkBrandon DeVault
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)NetProtocol Xpert
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to HeroDhruv Sharma
 
Icnd210 s04l02
Icnd210 s04l02Icnd210 s04l02
Icnd210 s04l02computerlenguyen
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPROIDEA
 

More Related Content

What's hot

SF Kubernetes Meetup Lightning Talk
SF Kubernetes Meetup Lightning TalkSF Kubernetes Meetup Lightning Talk
SF Kubernetes Meetup Lightning TalkRomana Project
 
OpenStack Neutron Advanced Services by Akanda
OpenStack Neutron Advanced Services by AkandaOpenStack Neutron Advanced Services by Akanda
OpenStack Neutron Advanced Services by AkandaSean Roberts
 
NaaS in OpenStack - CloudCamp Moscow
NaaS in OpenStack - CloudCamp MoscowNaaS in OpenStack - CloudCamp Moscow
NaaS in OpenStack - CloudCamp MoscowIlya Alekseyev
 
Bay Area Network Virtualization Meetup
Bay Area Network Virtualization MeetupBay Area Network Virtualization Meetup
Bay Area Network Virtualization MeetupRomana Project
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and AutomationAdam Johnson
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaSimplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaJuergen Brendel
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron) CREATE-NET
 
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...Liz Warner
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation KishoreTs3
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with NeutronKwonSun Bae
 
Terminal Access Controller
Terminal Access ControllerTerminal Access Controller
Terminal Access ControllerKHNOG
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNICIndonesia Network Operators Group
 
How Microsoft will MiTM your network
How Microsoft will MiTM your networkHow Microsoft will MiTM your network
How Microsoft will MiTM your networkBrandon DeVault
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)NetProtocol Xpert
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to HeroDhruv Sharma
 

What's hot (20)

SF Kubernetes Meetup Lightning Talk
SF Kubernetes Meetup Lightning TalkSF Kubernetes Meetup Lightning Talk
SF Kubernetes Meetup Lightning Talk
 
OpenStack Neutron Advanced Services by Akanda
OpenStack Neutron Advanced Services by AkandaOpenStack Neutron Advanced Services by Akanda
OpenStack Neutron Advanced Services by Akanda
 
NaaS in OpenStack - CloudCamp Moscow
NaaS in OpenStack - CloudCamp MoscowNaaS in OpenStack - CloudCamp Moscow
NaaS in OpenStack - CloudCamp Moscow
 
KRACK attack
KRACK attackKRACK attack
KRACK attack
 
Bay Area Network Virtualization Meetup
Bay Area Network Virtualization MeetupBay Area Network Virtualization Meetup
Bay Area Network Virtualization Meetup
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and Automation
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaSimplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with Romana
 
OpenStack Ops Meetup
OpenStack Ops MeetupOpenStack Ops Meetup
OpenStack Ops Meetup
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron)
 
VPNaaS in Neutron
VPNaaS in NeutronVPNaaS in Neutron
VPNaaS in Neutron
 
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with Neutron
 
Introduction to istio
Introduction to istioIntroduction to istio
Introduction to istio
 
Terminal Access Controller
Terminal Access ControllerTerminal Access Controller
Terminal Access Controller
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
 
How Microsoft will MiTM your network
How Microsoft will MiTM your networkHow Microsoft will MiTM your network
How Microsoft will MiTM your network
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to Hero
 
Icnd210 s04l02
Icnd210 s04l02Icnd210 s04l02
Icnd210 s04l02
 

Similar to Networking 101 AWS - VPCs, Subnets, NAT Gateways, etc

Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPROIDEA
 
Module_2_Slides.pdf
Module_2_Slides.pdfModule_2_Slides.pdf
Module_2_Slides.pdfgoldfer1
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...Amazon Web Services
 
"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016Phil Estes
 
7256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
7256 ccna security_chapter_8_vpn_dl3_oz_201304090314557256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
7256 ccna security_chapter_8_vpn_dl3_oz_20130409031455ytrui
 
Creating Your Virtual Data Center: VPC Fundamentals
Creating Your Virtual Data Center: VPC FundamentalsCreating Your Virtual Data Center: VPC Fundamentals
Creating Your Virtual Data Center: VPC FundamentalsAmazon Web Services
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsCreating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsAmazon Web Services
 
(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNsAmazon Web Services
 
Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first partlilliput12
 
VPC - Module 2 Part 2 - AWSome Day 2017
VPC - Module 2 Part 2 - AWSome Day 2017VPC - Module 2 Part 2 - AWSome Day 2017
VPC - Module 2 Part 2 - AWSome Day 2017Amazon Web Services
 
Five Steps to Creating a Secure Hybrid Cloud Architecture
Five Steps to Creating a Secure Hybrid Cloud ArchitectureFive Steps to Creating a Secure Hybrid Cloud Architecture
Five Steps to Creating a Secure Hybrid Cloud ArchitectureAmazon Web Services
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01slavenvvv
 
Amazon Virtual Private Cloud - VPC 1
Amazon Virtual Private Cloud - VPC 1Amazon Virtual Private Cloud - VPC 1
Amazon Virtual Private Cloud - VPC 1AWS Riyadh User Group
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
 

Similar to Networking 101 AWS - VPCs, Subnets, NAT Gateways, etc (20)

Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
 
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
 
Module_2_Slides.pdf
Module_2_Slides.pdfModule_2_Slides.pdf
Module_2_Slides.pdf
 
Amazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Virtual Private Cloud
Amazon Virtual Private Cloud
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
 
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
 
"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016
 
10 sdn-vir-6up
10 sdn-vir-6up10 sdn-vir-6up
10 sdn-vir-6up
 
7256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
7256 ccna security_chapter_8_vpn_dl3_oz_201304090314557256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
7256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
 
Creating Your Virtual Data Center: VPC Fundamentals
Creating Your Virtual Data Center: VPC FundamentalsCreating Your Virtual Data Center: VPC Fundamentals
Creating Your Virtual Data Center: VPC Fundamentals
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsCreating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
 
(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs
 
Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first part
 
AWS network services
AWS network servicesAWS network services
AWS network services
 
VPC - Module 2 Part 2 - AWSome Day 2017
VPC - Module 2 Part 2 - AWSome Day 2017VPC - Module 2 Part 2 - AWSome Day 2017
VPC - Module 2 Part 2 - AWSome Day 2017
 
Five Steps to Creating a Secure Hybrid Cloud Architecture
Five Steps to Creating a Secure Hybrid Cloud ArchitectureFive Steps to Creating a Secure Hybrid Cloud Architecture
Five Steps to Creating a Secure Hybrid Cloud Architecture
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01
 
Amazon Virtual Private Cloud - VPC 1
Amazon Virtual Private Cloud - VPC 1Amazon Virtual Private Cloud - VPC 1
Amazon Virtual Private Cloud - VPC 1
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
 

More from Stenio Ferreira

Lgpd webinar hashitalks brasil 2020
Lgpd webinar hashitalks brasil 2020Lgpd webinar hashitalks brasil 2020
Lgpd webinar hashitalks brasil 2020Stenio Ferreira
 
HashiTalks 2020 Latin America Nomad
HashiTalks 2020 Latin America NomadHashiTalks 2020 Latin America Nomad
HashiTalks 2020 Latin America NomadStenio Ferreira
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Stenio Ferreira
 
Hashicorp Webinar - Vault Cloud Security - Spanish
Hashicorp Webinar - Vault Cloud Security - SpanishHashicorp Webinar - Vault Cloud Security - Spanish
Hashicorp Webinar - Vault Cloud Security - SpanishStenio Ferreira
 
Hashicorp Webinar - Vault Cloud Security - Portuguese
Hashicorp Webinar - Vault Cloud Security - PortugueseHashicorp Webinar - Vault Cloud Security - Portuguese
Hashicorp Webinar - Vault Cloud Security - PortugueseStenio Ferreira
 
Hashicorp corporate pitch deck Spanish
Hashicorp corporate pitch deck SpanishHashicorp corporate pitch deck Spanish
Hashicorp corporate pitch deck SpanishStenio Ferreira
 
Vault Digital Transformation
Vault Digital TransformationVault Digital Transformation
Vault Digital TransformationStenio Ferreira
 
Demystifying Terraform 012
Demystifying Terraform 012Demystifying Terraform 012
Demystifying Terraform 012Stenio Ferreira
 
Hashicorp Corporate Pitch Deck Stenio_v2
Hashicorp Corporate Pitch Deck Stenio_v2 Hashicorp Corporate Pitch Deck Stenio_v2
Hashicorp Corporate Pitch Deck Stenio_v2 Stenio Ferreira
 
Hashicorp Terraform Open Source vs Enterprise
Hashicorp Terraform Open Source vs EnterpriseHashicorp Terraform Open Source vs Enterprise
Hashicorp Terraform Open Source vs EnterpriseStenio Ferreira
 
Hashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseHashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseStenio Ferreira
 
Hashicorp Corporate and Product Overview
Hashicorp Corporate and Product OverviewHashicorp Corporate and Product Overview
Hashicorp Corporate and Product OverviewStenio Ferreira
 
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...Stenio Ferreira
 
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Stenio Ferreira
 
Chicago Hashicorp User Group - Terraform Public Module Registry
Chicago Hashicorp User Group - Terraform Public Module RegistryChicago Hashicorp User Group - Terraform Public Module Registry
Chicago Hashicorp User Group - Terraform Public Module RegistryStenio Ferreira
 
Slalom: Introduction to Containers and AWS ECS
Slalom: Introduction to Containers and AWS ECSSlalom: Introduction to Containers and AWS ECS
Slalom: Introduction to Containers and AWS ECSStenio Ferreira
 
Secret Management Architectures
Secret Management Architectures Secret Management Architectures
Secret Management Architectures Stenio Ferreira
 
Like Ruby on Rails for Node - the Sails js framework
Like Ruby on Rails for Node - the Sails js frameworkLike Ruby on Rails for Node - the Sails js framework
Like Ruby on Rails for Node - the Sails js frameworkStenio Ferreira
 
Sales and Marketing in Small Company Environment
Sales and Marketing in Small Company EnvironmentSales and Marketing in Small Company Environment
Sales and Marketing in Small Company EnvironmentStenio Ferreira
 

More from Stenio Ferreira (19)

Lgpd webinar hashitalks brasil 2020
Lgpd webinar hashitalks brasil 2020Lgpd webinar hashitalks brasil 2020
Lgpd webinar hashitalks brasil 2020
 
HashiTalks 2020 Latin America Nomad
HashiTalks 2020 Latin America NomadHashiTalks 2020 Latin America Nomad
HashiTalks 2020 Latin America Nomad
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2
 
Hashicorp Webinar - Vault Cloud Security - Spanish
Hashicorp Webinar - Vault Cloud Security - SpanishHashicorp Webinar - Vault Cloud Security - Spanish
Hashicorp Webinar - Vault Cloud Security - Spanish
 
Hashicorp Webinar - Vault Cloud Security - Portuguese
Hashicorp Webinar - Vault Cloud Security - PortugueseHashicorp Webinar - Vault Cloud Security - Portuguese
Hashicorp Webinar - Vault Cloud Security - Portuguese
 
Hashicorp corporate pitch deck Spanish
Hashicorp corporate pitch deck SpanishHashicorp corporate pitch deck Spanish
Hashicorp corporate pitch deck Spanish
 
Vault Digital Transformation
Vault Digital TransformationVault Digital Transformation
Vault Digital Transformation
 
Demystifying Terraform 012
Demystifying Terraform 012Demystifying Terraform 012
Demystifying Terraform 012
 
Hashicorp Corporate Pitch Deck Stenio_v2
Hashicorp Corporate Pitch Deck Stenio_v2 Hashicorp Corporate Pitch Deck Stenio_v2
Hashicorp Corporate Pitch Deck Stenio_v2
 
Hashicorp Terraform Open Source vs Enterprise
Hashicorp Terraform Open Source vs EnterpriseHashicorp Terraform Open Source vs Enterprise
Hashicorp Terraform Open Source vs Enterprise
 
Hashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseHashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs Enterprise
 
Hashicorp Corporate and Product Overview
Hashicorp Corporate and Product OverviewHashicorp Corporate and Product Overview
Hashicorp Corporate and Product Overview
 
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
 
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
 
Chicago Hashicorp User Group - Terraform Public Module Registry
Chicago Hashicorp User Group - Terraform Public Module RegistryChicago Hashicorp User Group - Terraform Public Module Registry
Chicago Hashicorp User Group - Terraform Public Module Registry
 
Slalom: Introduction to Containers and AWS ECS
Slalom: Introduction to Containers and AWS ECSSlalom: Introduction to Containers and AWS ECS
Slalom: Introduction to Containers and AWS ECS
 
Secret Management Architectures
Secret Management Architectures Secret Management Architectures
Secret Management Architectures
 
Like Ruby on Rails for Node - the Sails js framework
Like Ruby on Rails for Node - the Sails js frameworkLike Ruby on Rails for Node - the Sails js framework
Like Ruby on Rails for Node - the Sails js framework
 
Sales and Marketing in Small Company Environment
Sales and Marketing in Small Company EnvironmentSales and Marketing in Small Company Environment
Sales and Marketing in Small Company Environment
 

Recently uploaded

VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 

Recently uploaded (20)

VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 

Networking 101 AWS - VPCs, Subnets, NAT Gateways, etc

  • 1. Stenio Ferreira - CrossMarket June 2017
  • 4. • • security group security group security group security group
  • 5. Each subnet has: • CIDR Range (e.g. 10.1.0.0/16) /8 255.0.0.0 /16 255.255.0.0 /24 255.255.255.0 /32 255.255.255.255 0.0.0.0/0 -> catch all • •
  • 6. Public Subnets: • Attach an Internet gateway to your VPC. • Subnet's route table points to the Internet gateway • Instances in subnet have a globally unique IP address • Network ACL and security group rules allow the relevant traffic to flow to and from instance Private Subnets: NAT Gateway allows one-way traffic for instances in the private subnet – they can access the internet, but not the other way around. NAT Gateway • Located in the public subnet • Needs elastic ip • Update route in private subnet to send relevant traffic to NAT Gateway c
  • 7. Default VPC: • Create a VPC with a size /16 IPv4 CIDR block. • Create a default subnet in each Availability Zone. • Create an Internet gateway and connect it to your default VPC. • Create a main route table for your default VPC with a rule that sends all IPv4 traffic destined for the Internet to the Internet gateway. • Create a default security group and associate it with your default VPC. • Create a default network access control list (ACL) and associate it with your default VPC. • Associate the default DHCP options set for your AWS account with your default VPC.
  • 10. IPSect Stages: 1. Interesting traffic initiates the IPSec process 2. IKE phase one: authenticates, sets secure channel for phase two. 3. IKE phase two: IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers. 4. Data transfer 5. IPSec tunnel termination: through deletion or by timing out
  • 11.
  • 12.
  • 14.
  • 15. TCPDump Commands TCPDump can also be used to evaluate traffic received # Shows traffic received in port 22 $ tcpdump -i eth0 port 22 # Shows traffic originating from specified IP $ tcpdump -i eth0 src 192.168.0.2 On the VPN EC2 instances, ensure that Source/ Dest. check is false. IPSec Commands # Bring a tunnel up or down: $ ipsec auto --down <tunnel_name> # Check status: # If you do not see "erouted", it signifies that there might be an issue # Anything 4500 is success, 500 might indicate a failure in one of the sides $ ip xfrm state $ ip xfrm monitor

Editor's Notes

  1. 1- Not deep detail 2- Architecture + workflow 3- Secrets – sensitive strings
  2. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.  You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.