search
GitHub

Networking & Content Delivery

hashtag
CloudFront

  • Is a global delivery network or (CDN), that securely delivers your frequently requested content to over 100 edge locations across the globe.

  • By doing this, it achieves low latency and high transfer speeds for your end-users.

  • It also provides protection against DDoS attacks.

hashtag
Virtual Private Cloud (VPC)

  • Lets you provision a logically isolated section of the AWS cloud.

  • Lets you launch the AWS resources in that virtual network that you yourself define.

  • This is your own personal private space within AWS cloud, and no one can enter it unless you allow it.

hashtag
Subnets

  • A VPC can span multiple AZ by having subnets in multiple AZ.

  • A VPC cannot span multiple regions (use VPC Peering).

hashtag
Private Subnet

  • It only allows access from within the VPC.

  • They private by default.

  • It does not allow access from the public from outside.

    • Any traffic that tries to access a private subnet from outside will be blocked by default.

hashtag
Public Subnet

  • They can receive traffic from the internet.

    • Receives traffic from an Internet Gateway.

      • There needs to be an internet gateway in the VPC for them to work. (Receive traffic and direct it through to the public subnet)

    • Must have a route defined to an Internet Gateway.

      • For the VPC service to know where to route the traffic to, we need to define a route in a route table, and associate this route table to the public subnet.

hashtag
Route Tables

  • Contains a set of rules (routes), that are used to determine where network traffic from your subnet or gateway is directed.

  • All subnets must be associated with a Route Table.

    • If a route table is not defined then the Main Route Table will be implicitly associated to the subnet.

hashtag
VPC Peering

Used to create VPCs in different regions, that behave as a single VPC.

  • Networking connection between two VPCs.

  • Instances communicate with each other as if they are within the same network.

  • Facilitates high speed transfer of data through the AWS backbone across differenc VPCs, regions and even accounts.

hashtag
Security (EC2 Security Groups)

  • Acts as a virtual firewall to an instance.

  • Only allow rules. Any request not defined in a rule is rejected.

  • Stateful - Responses to requests are automatically allowed.

    • Meaning that there is a state save, if the request was allowed, it's response will be allowed.

  • Can associate multiple security groups to an instance.

  • Default security group:

    • Blocks inbound traffic not using the same security group.

    • Allows all outbound traffic.

hashtag
Network Access Control Listss (NACL)

  • Associated to a subnet.

  • Allow or deny rules. Rules evaluated in number order.

  • Default NACL allows all inbound and outbound traffic.

  • Custom NACL denies all traffic until you add rules.

  • If you don't explicitly associate a subnet with a NACL, the subnet is implicitly associated with the default NACL.

  • Stateless - responses to allowed inbound traffic are subject to the rules for oubound traffic.

hashtag
Web Application Firewall (WAF)

  • Protects your web applications or APIs against common web exploits and bots.

  • AWS Managed Rules for specific applications.

  • Ip Sets to blacklist or whitelist Ip addresses.

  • Can be applied to CloudFront, the Application Load Balancers, Amazon API Gateway, or AWS AppSync.

hashtag
Virtual Private Networking (VPN)

  • It uses a Customer Gateway (CGW), which is in the client end.

    • Tipically a device or a VPN software application running on the client side.

  • And it connect to AWS by hitting a Virtual Private Gateway (VPG), which is in the AWS end.

  • After hitting the VPG, traffic is then directed to the VPC.

  • The VPN Connection is a dual tunnel connection. (2 CGW for redundancy)

hashtag
Direct Connect

  • Is a high speed dedicated network connection to AWS.

  • Enterprises can use it to establish private connections to the cloud in situations where a standard internet connection wont be adequate.

  • Great advantages when combining with VPC Peering.

hashtag
Elastic Load Balancing (ELB)

  • Automatically distributes incoming traffic for applications across multiple EC2 instances and also in multiple availability zones, so if one availability zone goes down, the traffic will still go to the other, and your application will continue to deliver responses.

  • Also allows you to achieve high availability and fault tolerance by distributing traffic evenly amongst those instances, and it can also bypass unhealthy instances.

hashtag
Route 53

  • Is a highly available and scalable domain name system (DNS) and it can handle direct traffic for your domain name and direct that traffic to your back-end web server.

  • Useful to register DNS.

    • Can also buy domains.

hashtag
API Gateway

  • Is a fully managed service that makes it easy for developers to create and deploy secure applications programming interfaces (APIs) at any scale.

  • It handles all of those tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls.

  • It's a serverless service, and as such, you don't need to worry about the underlying infrastructure.

PreviousDeploymentNextManagement & Governance Tools

Last updated