Network
Last updated
Was this helpful?
Last updated
Was this helpful?
All new account have their default VPC. Default VPC has the interconnectivity and all EC2 instances inside it have public IP address
The max CIDR per VPC is 5, min size is /28 (16 IP addresses), max size is /16 (65536 IP addresses)
For each subnet, AWS reserves 5 IP address. e.g: for 10.0.0.0/24, 10.0.0.0, 10.0.0.1, 10.0.0.2, 10.0.0.3 and 10.0.0.255 are reserved
Allow resources to connect to internet
Needed to edit route table to define which ip should be passed through the gateway
Created separately from VPC
Act as a firewall of application
Contain inbound and outbound rule to manage which kind of traffic can go in or go out (base on the ip ,port, protocol type)
It is an interface containing public ip address and private ip address, but also the corresponding subnet that attach to the device
Using the host to connect to EC2 with private subnet
The host must be in public subnet
Allow EC2 with private subnet to connect to internet
You need to manage EC2 instance and Security groups
Managed NAT with higher bandwidth and availability
Must create multiple NAT gateways in multiple AZs for fault tolerance
NACL is like a firewall which control the traffic from and to the subnet
One NACL per subnet
Rules: higher number -> lower priority, the last rule is an * and deny the request if no rule is matched
Privately connect 2 VPCs using AWS network
Route tables must be updated
Using private link instead of public subnet and internet gateway
2 types of endpoint - interface endpoint and gateway endpoint
Interface endpoint - Support most of AWS service but not free
Gateway endpoint - Free but only support S3 and DynamoDB
Help to monitor the connection issue
The log data can go to S3, Cloud Watch log, Data Firehose
Virtual Private Gateway is needed to be created
Public IP is needed
VPN CloudHub can be used if needed to provide secure communication between multiple sites
Provide private connection from remote network to VPC
Need to set up Virtual Private Gateway on VPC
Access public (S3) and private resources on the same connection
If needed to setup direct connect to multiple VPC, Direct Connect Gateway is needed
Having transitive peering between VPCs, on-premise and hub-and-spoke connection
Regional resource, can work cross-region
Capture and inspect network traffic in VPC
Route the traffic to appliances that you manage
Support IPv6 only
For outbound connection of instance with private subnet
Protect the entire VPC
From layer 3 to layer 7 protection
Internally, the firewall uses gateway load balancer
Create EC2 Instance to perform replication tasks
Can use schema conversion tool to convert database schema from one engine to another before migration
automate backup across service
Supported Service: EC2/EBS, S3, RDS/Aurora/Dynamo DB, Document DB/ Neptune
Support cross-region backup
Need to create backup plan including backup frequency, window, transition to cold storage
Simplify the migration from on-premise to aws
