03 AWS Networking and Content Delivery

03 AWS Networking and Content Delivery

Networking Basics

A computer network is two or more computers connected to communicate. The network is logically partitioned into subnets and these subnets are connected via networking devices like switch ora router etc. Each machine has an IP (Internet Protocol) that unique address assigned to it each value ranging from 0 to 225. An IP address is a total of four numbers an IP address is 32 bits in binary format. A 32-bit IP address is called an IPV4 address.

IPV6 addresses also exist and use 128 bits. IPV6 addresses can accommodate more user devices when there is a short supply of addresses in using IPV4. IPV6 is composed of 8 groups of four letters and numbers separated by a colon.

CIDR Classless Inter-Domain Routing

CIDR is a way to express a group of IP addresses that are consecutive to each other. Here in the diagram, we have a CIDR address is 192.0.2.0 / 24.

Amazon VPC (Virtual Private Cloud)

Amazon VPC | AWS Cheat Sheet

Amazon VPC enables you to provision a logically isolated AWS Cloud where you can launch AWS resources in a virtual network that you define. Gives you control over your virtual networking resources including a selection of IP address range, creation of subnets and configuration of route tables and network gateways. Enables you to customize the configuration for VPC. Enables you to use multiple layers of security. VPCs belong to a single AWS Region and can span multiple AZs. This VPC is divided into one or more subnets and this subnet represents an isolated segment of your VPC with its very own range of IP addresses. Subnets belong to a single AZ but to meet the demand of high availability we can create subnets in different AZ. And these subnets can be public or private. public subnets have direct access to the internet, but private subnets do not. we can assign IP addresses of range x.x.x.x/16 (Max) to x.x.x.x/28 addresses(Min).

VPC Networking

Internet Gateway

An internet Gateway is a scalable, redundant and highly available VPC component that allows communication between instances in your VPC and the public internet. An internet gateway serves two purposes.

  • To provide a target in your VPC route tables for internet traffic

  • To perform network address translation for instances that were assigned public IPV4 addresses.

To make a subnet Public we attach Internet Gateway to the VPC and add a route entry to the routing table associated with the subnet

Network address translation (NAT) gateway

A NAT gateway enables instances in a private subnet to connect to the internet or other AWS services. But it prevents the public internet from initiating a connection with those instances. To create a NAT gateway we must specify the public subnet in which the NAT gateway should live. And also we must specify an elastic IP address to associate with the NAT gate when you created it.

VPC Sharing

VPC sharing enables customers to share subnets with other AWS accounts in the same organization. VPC sharing enables multiple AWS accounts to create their application resources, such as Amazon EC2 instances, Amazon Relational Database service and AWS Lambda functions into a shared, centrally managed VPC

VPC Security

To secure VPC we have Two amazon VPC firewall options that can use to secure your VPC.

  • Security Groups

    A security group acts as a virtual firewall that controls inbound and outbound traffic, to and from your instance. Security groups act at the instance level

  • Network Access Control Lists

    Network ACLs act at the subnet level and control traffic in and out of the subnet. A network ACL has separate inbound and outbound rules and each rule can either allow or deny traffic. Network ACLs are stateless.

Amazon Route 53

The Aws Route 53 is a highly available and scalable Domain Name System (DNS) web service. Connects user requests to infrastructure running in AWS and also outside of AWS. Enables us to register domain names and features traffic flow.

  • Simple routing - Use in single-server environments.

  • Weighted routing - assign weights to resource record sets to specify the frequency.

  • Latency routing - Helping improve your global applications

  • Geolocation routing - Route traffic based on the location of your users

  • Geoproximity routing - Route traffic based on the location of your resources

  • Failover routing - failover to a backup site if your primary site becomes unreachable.

  • Multivalue answer routing - Respond to DNS queries with up to eight healthy records selected at random.

Let's Connect

GitHub - Manda-supraja26

Linkedin - Linkedin

Did you find this article valuable?

Support Supraja Manda by becoming a sponsor. Any amount is appreciated!