Amazon VPC
A virtual private cloud (VPC) is a virtual network dedicated to your AWS account.
It is logically isolated from other virtual networks in the AWS Cloud.
A VPC spans all the Availability Zones in the region.
When you 1st create AWS account a default VPC is created for you in each AWS region.
By default you can create up to 5 VPCs per region.
The default VPC has all-public subnets.
Instances in the default VPC always have both a public and private IP address.
_________________________________________________________________________________
Terms in VPC :
Virtual Private Cloud(VPC):
A logically isolated virtual network in the AWS cloud.
Subnet:
A segment(group)of IP address range where you can place groups
of isolated resources (public subnet, private subnet)
Internet Gateway:
to connect to internet from Public subnet
Nat Gateway: To connect to internet from Private subnet.
(previously Nat instance was used, managed by client )
Direct connect:
AWS Direct Connect is a network service to "avoid" the Internet
to connect a customer’s on-premises sites to AWS.
Data is transmitted through a "private network connection" between AWS and a customer’s data center or corporate network.
_________________________________________________________________________________
Hardware VPN(Virtual private network) connection :
A hardware-based VPN connection between your Amazon VPC and your datacenter
Virtual Private Gateway:
The Amazon VPC side of a VPN connection.
Customer Gateway:
Your side of a VPN connection.
Peering Connection:
A peering connection enables you to route traffic via
private IP addresses between "two peered VPCs".
VPC Endpoints:
Enables private connectivity to services hosted in AWS, from within your VPC without using an Internet Gateway, VPN, Network Address Translation (NAT)devices, or firewall.
Egress-only Internet Gateway:
A stateful gateway to provide egress only access for IPv6 traffic from the VPC to the Internet.
AWS Transit Gateway:
connects "Multiple VPCs" and on-premises networks through a central hub.
AWS PrivateLink:
AWS PrivateLink establishes private connectivity between VPCs and
services hosted on AWS or on-premises, without exposing data to the internet.
AWS VPN CloudHub:
uses an Amazon VPC virtual private gateway with multiple customer gateways
________________________________________________________________________________
Options for securely connecting to a VPC are:
AWS managed VPN – fast to setup.
Direct Connect – high bandwidth, low-latency but takes weeks to months to setup.
VPN CloudHub – used for connecting multiple sites to AWS.
Software VPN – use 3rd party software.
Firewalls:
Security group :
operates at instance level
supports allow rules only
Stateful (remembers who came in)
evalutates all rules
applies to instance, ONLY if associated with group.
Network ACL :
Operates at network level
supports allow and deny rules
stateless (forgets who came in)
processes in order.
Automatically applies to all resource in Network.
Use VPC wizard 4 types of configuration in VPC:
VPC with a Single Public Subnet
VPC with Public and Private Subnets
VPC with Public and Private Subnets and Hardware VPN Access
VPC with a Private Subnet Only and Hardware VPN Access
No comments:
Post a Comment