AWS Networking

--- title: Networking on AWS --- Networking on AWS === Networking services on AWS :::warning [toc] ::: ### Keywords :::info - Load Balancing - Public vs Private IPs - Dynamic and Static IPs - Firewalls - Access groups - NAT - CDN - DNS - Routing - VLAN <> Subnets - Customer Gateway - Application Gateway (Layer 7 LB in Azure) - WAF ::: ### Single Network on AWS [VPC] :::success **Routing** - Subnet (Public or Private) - Route Tables - Internet Gateway (IGW) - NAT Gateway --> external communication for resources in private subnets - ENI - Elastic Network Interface | [NIC-->vNIC-->ENI] - Elastic IPs --> Static IPs on AWS **Security** - Security Groups - Firewall at the instance level - Stateful - Default: All incoming blocked; all outgoing allowed - No rules precedence - No deny rules; only allow - Network ACLs - Firewall at the subnet level - Stateless - Default: All incoming and outgoing allowed - Rules precedence applicable - Allow/deny rules applicable - VPC Flow logs ::: **Basic VPC with Subnets** ![simple-vpc-with-subnets](https://hackmd.io/_uploads/H1BizsV7Zx.png) **Basic VPC with Internet Gateway** ![internet-gateway-basics](https://hackmd.io/_uploads/Bye0MjNX-l.png) **Basic VPC with Internet and NAT Gateway** ![public-nat-gateway-diagram](https://hackmd.io/_uploads/BkJ1mo4QWl.png) #### CIDR notation :::info ``` 10.0.0.0/8 --> 10.{0-255}.{0-255}.{0-255} --> 256x256x256 --> 16,777,216 172.31.0.0/16 --> 172.31.{0-255}.{0-255} --> 256x256 --> 65,536 192.168.0.0/24 --> 192.168.0.{0-255} --> 256 0.0.0.0/0 --> All the possible IPs in the world (Notation for Internet) 1.2.3.4/32 --> CIDR notation for the IP 1.2.3.4 ``` ::: #### AWS IP reservations :::success ``` 172.31.0.0 - Network Identifier .1 - Gateway .2 - DNS .3 - Future/unknown .255 - Broadcast ``` ::: --- ### Multiple/Hybrid Networks on AWS --- :::info - VPN - Direct Connect - VPC Peering - Transit Gateways - Virtual Private Gateways - VPC Endpoints - CloudFront Distribution - Route 53 (DNS) ::: ### Hands-on activities :::danger Lesson 05 - Demo 01 | Creating Key Pair for EC2 Lesson 05 - Demo 02 | Creating a Default VPC Lesson 05 - Demo 03 | Exploring Network ACL Firewall Lesson 05 - Demo 04 Creating a Flow Log in the VPC Lesson 05 - Demo 05 | Configuring Subnets, Route Table, and NAT Complete the Networking section of AWS Workshop: - https://catalog.workshops.aws/general-immersionday/en-US/basic-modules/20-vpc ::: ### References - https://www.rfc-editor.org/rfc/rfc1918