NTA 307 AWS Networking Foundations Lecture Notes

Introduction

• Speaker: Mike Kornstubble, joined by Anoop Taluri and Nayeon Kamuri.
• Importance of networking in applications as they run on networks.
• Focus on building effective networks that enhance customer and operational experiences.
• Target audience: New Amazon users in a Greenfield context.

Agenda Overview

1. AWS Global Infrastructure
2. Getting Started with VPC
3. Expanding Beyond Single VPC
4. Hybrid Connectivity to On-Premise Environments
5. Partner Introductions

AWS Global Infrastructure

• Regions: AWS has 32 regions globally, each containing multiple data centers.
• Availability Zones (AZs):
  • Defined as fully isolated infrastructure units (data centers) within a region.
  • Connected with redundant metro fiber into transit centers.
• Transit Centers: Connect availability zones and global networks.

Starting with a Single VPC

• What is a VPC?
  • A virtual network similar to a traditional data center network.
  • Supports IPv4 and IPv6 addressing.
• VPC Creation Steps:
  1. Choosing a region and defining availability zones.
  2. Building the VPC and subnets.
  3. Setting up routing tables and internet connectivity.
  4. Launching instances (private or public).

VPC Planning Considerations

• CIDR block allocation and subnetting is critical.
• Plan for future scaling and multiple VPCs.
• Avoid overlapping IP spaces to prevent future issues.

Subnets Overview

• Public Subnets:
  • Have a route to the internet gateway.
  • Can have multiple subnets in different AZs but not span across them.
• Private Subnets:
  • No direct route to the internet.
• Network Access Control Lists (ACLs):
  • Secures subnets based on IP addresses and ports (allow/deny rules).

Route Tables

• Define how traffic is routed in and out of subnets.
• Each subnet has an associated route table, which can support multiple subnets but not the other way around.

Internet Gateway

• A component that allows communication between VPC and the internet.
• One internet gateway per VPC; supports both IPv4 and IPv6.

Elastic IP Addressing

• Elastic IP: A static IPv4 address for dynamic cloud computing.
• Can be reassociated to different network interfaces without the need for DNS changes.

NAT Gateways

• Enable outbound internet access for private subnets without inbound access.
• Assists with software updates and external communications.

VPC Endpoints

• Allow private connections to AWS services without using the internet.
• Useful for accessing services like S3 securely.

DNS in VPC

• AWS provides DNS resolution services, including Route 53 Private Hosted Zones.

Expanding Beyond a Single VPC

VPC Peering

• Enables network connection between two VPCs (source and destination).
• Must ensure no overlapping IP addresses.
• Each VPC can connect across AWS accounts and regions.

AWS Transit Gateway

• A hub for connecting multiple VPCs and on-premises networks.
• Simplifies routing and can support up to 1,000 VPCs.

Hybrid Connectivity

AWS VPN

• Supports IPSec VPN connections for secure communication between on-premise and AWS.
• Virtual Private Gateway interfaces with VPC for VPN connections.

AWS Direct Connect

• A dedicated network connection, providing consistent performance and lower latency by avoiding the public internet.
• Offers multiple connection options ranging from 1 Gbps to 100 Gbps.

Combining VPN and Direct Connect

• Use Direct Connect as a primary connection with VPN as a backup for redundancy.
• Enable private IPsec VPN over Direct Connect for enhanced security.

Route 53 Resolver

• For resolving DNS queries between on-premise and AWS environments.

AWS Cloud WAN

• Simplifies multi-region and multi-account network connectivity.

Conclusion

• Recap of key topics: Single VPC setup, multiple VPCs, hybrid connectivity options, and DNS integration.
• Encouragement to explore networking design patterns and connect with AWS for assistance.