Amazon VPC
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
Amazon VPC enables you to provision an isolated section of the AWS Cloud. In this isolated section, you can launch resources in a virtual network that you define.
Within a virtual private cloud (VPC), you can organize your resources into subnets.
Internet gateway
is a connection between a VPC and the internet. Without an internet gateway, no one can access the resources within your VPC.
Virtual private Gateway
To access private resources in a VPC, you can use a virtual private gateway.
virtual private network (VPN)is a connection that encrypts (or protects) your internet traffic from all the other requests around it.
A virtual private gateway enables you to establish a virtual private network (VPN) connection between your VPC and a private network, such as an on-premises data center or internal corporate network.
A virtual private gateway allows traffic into the VPC only if it is coming from an approved network.
AWS Direct Connect
AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an AWS Direct Connect router. With this connection, you can create virtual interfaces directly to public AWS services
Aws Direct connect is a service that enables you to establish a dedicated private connection between your data center and a VPC. The private connection that AWS Direct Connect provides helps you to reduce network costs and increase the amount of bandwidth that can travel through your network.
AWS Direct Connect
AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an AWS Direct Connect router. With this connection, you can create virtual interfaces directly to public AWS services
The private connection that AWS Direct Connect provides helps you to reduce network costs and increase the amount of bandwidth that can travel through your network.
Subnets and network access control lists
Subnets
A subnet is a section of a VPC in which you can group resources based on security or operational needs. Subnets can be public or private.
Subnets
A subnet is a section of a VPC in which you can group resources based on security or operational needs. Subnets can be public or private.
Public subnets contain resources that need to be accessible by the public, such as an online store’s website.Private subnets contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.
In a VPC, subnets can communicate with each other. For example, you might have an application that involves Amazon EC2 instances in a public subnet communicating with databases that are located in a private subnet.
Private subnets contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.
In a VPC, subnets can communicate with each other. For example, you might have an application that involves Amazon EC2 instances in a public subnet communicating with databases that are located in a private subnet.
Network traffic in a VPC
When a customer requests data from an application hosted in the AWS Cloud, this request is sent as a packet.
A packet is a unit of data sent over the internet or a network.It enters into a VPC through an internet gateway.
Before a packet can enter into a subnet or exit from a subnet, it checks for permissions. These permissions indicate who sent the packet and how the packet is trying to communicate with the resources in a subnet.
The VPC component that checks packet permissions for subnets is a Network access control List. Network access control lists (ACLs)
Network access control lists (ACLs)
Security group
Network ACL
Operates at the instance level
Operates at the subnet level
Supports allow rules only
Supports allow rules and deny rules
Is stateful: Return traffic is automatically allowed, regardless of any
rules
Is stateless: Return traffic must be explicitly allowed by rules
We evaluate all rules before deciding whether to allow traffic
We process rules in order, starting with the lowest numbered rule, when deciding
whether to allow traffic
Applies to an
instance only if someone specifies the security group when
launching the
instance, or associates the security group with the instance later
on
Automatically applies
to all instances in the subnets that it's associated with
(therefore, it
provides an additional layer of defense if the security group rules
are too permissive)
By default, denies all inbound traffic and allows all outbound traffic
A network access control list (ACL) is a virtual firewall that controls inbound and outbound traffic at the subnet level.
Each AWS account includes a default network ACL. When configuring your VPC, you can use your account’s default network ACL or create custom network ACLs.
By default, your account’s default network ACL allows all inbound and outbound traffic, but you can modify it by adding your own rules.
For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic to allow. Additionally, all network ACLs have an explicit deny rule. This rule ensures that if a packet doesn’t match any of the other rules on the list, the packet is denied.
Network traffic in a VPC
When a customer requests data from an application hosted in the AWS Cloud, this request is sent as a packet.
A packet is a unit of data sent over the internet or a network.It enters into a VPC through an internet gateway.
Before a packet can enter into a subnet or exit from a subnet, it checks for permissions. These permissions indicate who sent the packet and how the packet is trying to communicate with the resources in a subnet.
The VPC component that checks packet permissions for subnets is a Network access control List. Network access control lists (ACLs)
Network access control lists (ACLs)
| Security group | Network ACL |
|---|---|
|
Operates at the instance level |
Operates at the subnet level |
|
Supports allow rules only |
Supports allow rules and deny rules |
|
Is stateful: Return traffic is automatically allowed, regardless of any rules |
Is stateless: Return traffic must be explicitly allowed by rules |
|
We evaluate all rules before deciding whether to allow traffic |
We process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic |
|
Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance later on |
Automatically applies to all instances in the subnets that it's associated with (therefore, it provides an additional layer of defense if the security group rules are too permissive) |
By default, denies all inbound traffic and allows all outbound traffic
A network access control list (ACL) is a virtual firewall that controls inbound and outbound traffic at the subnet level.
Each AWS account includes a default network ACL. When configuring your VPC, you can use your account’s default network ACL or create custom network ACLs.
By default, your account’s default network ACL allows all inbound and outbound traffic, but you can modify it by adding your own rules.
For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic to allow. Additionally, all network ACLs have an explicit deny rule. This rule ensures that if a packet doesn’t match any of the other rules on the list, the packet is denied.
Stateless packet filtering
Network ACLs perform stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound.
When a packet response for that request comes back to the subnet, the network ACL does not remember your previous request. The network ACL checks the packet response against its list of rules to determine whether to allow or deny.
Stateless packet filtering
Network ACLs perform stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound.
When a packet response for that request comes back to the subnet, the network ACL does not remember your previous request. The network ACL checks the packet response against its list of rules to determine whether to allow or deny.
Security groups
A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.
By default, a security group denies all inbound traffic and allows all outbound traffic. You can add custom rules to configure which traffic to allow or deny.
If you have multiple Amazon EC2 instances within a subnet, you can associate them with the same security group or use different security groups for each instance.
Security groups
A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.
By default, a security group denies all inbound traffic and allows all outbound traffic. You can add custom rules to configure which traffic to allow or deny.
If you have multiple Amazon EC2 instances within a subnet, you can associate them with the same security group or use different security groups for each instance.
Stateful packet filtering
Security groups perform stateful packet filtering. They remember previous decisions made for incoming packets.
When a packet response for that request returns to the instance, the security group remembers your previous request. The security group allows the response to proceed, regardless of inbound security group rules.
Both network ACLs and security groups enable you to configure custom rules for the traffic in your VPC.
Global networking
DNSDNS resolution is the process of translating a domain name to an IP address.
Stateful packet filtering
Security groups perform stateful packet filtering. They remember previous decisions made for incoming packets.
When a packet response for that request returns to the instance, the security group remembers your previous request. The security group allows the response to proceed, regardless of inbound security group rules.
Both network ACLs and security groups enable you to configure custom rules for the traffic in your VPC.
DNS
DNS resolution is the process of translating a domain name to an IP address.
Amazon Route 53
Amazon route 53 is dns webserver.
You can use Route 53 to perform three main functions in any combination:
Domain registration: Route 53 lets you register a name for your website or web application, known as a domain name.
DNS routing: When a user opens a web browser and enters your domain name (example.com) or subdomain name (acme.example.com) in the address bar, Route 53 helps connect the browser with your website or web application.
Check the health of your resources : Route 53 sends automated requests over the internet to a resource, such as a web server, to verify that it's reachable, available, and functional. You also can choose to receive notifications when a resource becomes unavailable and choose to route internet traffic away from unhealthy resources.
Amazon Route 53
Amazon route 53 is dns webserver.
You can use Route 53 to perform three main functions in any combination:
Domain registration: Route 53 lets you register a name for your website or web application, known as a domain name.
DNS routing: When a user opens a web browser and enters your domain name (example.com) or subdomain name (acme.example.com) in the address bar, Route 53 helps connect the browser with your website or web application.
No comments:
Post a Comment