AWS VPC and Networking

There are many configurations and related use cases with the AWS VPC

» AWS Direct Connect & Direct Connect Gateway
AWS Direct Connect (DX) provides a dedicated private connection between remote network to the AWS VPC
» AWS Network Firewall
AWS Network Firewall is a feature to protect traffic at VPC level from level 3 to level 7
» AWS Route Tables
Route tables is a table that helps to define all routes, and determine where the traffic from the subnet or gateway will be directed.
» AWS Site to Site VPN, VPG, Customer Gateway
AWS Site to Site VPC as known as IPsec VPN connection is a way to setup and establish the connection between VPC and other customer resources.
» AWS Subnets
**Subnets is the sub range of the ip addresses**. AWS reserve 5 ip address and cannot be used by EC2 instances
» AWS Transit Gateway
In the case we have multiple VPCs, and peer them each others, so the network topology will be more complicated. So AWS Transit Gateway allows them to connect together.
» AWS VPN CloudHub
AWS VPN CloudHub uses an AWS VPC with multiple customer gateways in a setup
» AWS VPN
Virtual Private gateway is the endpoint of VPN connection on AWS
» Bastion Host
A bastion host is special-purpose computer on a network that is designed and configured to withstand attacks.
» CIDR AWS, public and private ip addreses
CIDR is **a method** for allocation IP addresses, helpful for defining the ip address range**Classless inter-domain routing**
» Egress-only Gateway
Egress only gateway is the gateway that allows traffic from services that's assigned with ipv6 address to connect to the public internet but prevents access from outside to VPC.
» Interface Endpoint, Gateway Endpoint, GWLB Endpoint
Differences between the interface Endpoint, Gateway Endpoint, GWLB Endpoint
» Internet Gateway
Internet gateway is a VPC component, that is horizontal scaled, that allow connections between VPC and public internet,
» NAT Devices
NAT Devices is the device to allow resources in the private subnet to connect to public internet, other VPCs, or on-premise networks
» Network ACL and security groups
Network ACL is kinda similar with the security group, it will help to define and add another layer to allow or deny traffic that comes to the subnet.
» Networking Cost
Some important notes about the networking cost on AWS
» Shared services VPC
In the case we want to reduce administrative overhead and the cost while providing shared access to services requires by workloads in each of VPCs, we can use sharedservice VPC
» VPC Flow logs
**VPC Flow log is the AWS feature** to allow to capture the traffic informations going to and from the network interfaces in the VPC.
» VPC IPv6
IPv6 on AWS
» VPC Peering
VPC peering is a networking connection between two VPCs, and the traffics between those VPC is private. VPC peering can be created between 2 VPC in the same region of different regions and in another AWS accounts.
» VPC Sharing
VPC sharing is the part of Resource access manager
» VPC Traffic mirroring
VPC traffic mirroring is a feature/mechanism that allows to capture and inspect network traffic in the VPC.