Module 4 # Learning objectives In this module, you will learn how to: * Describe the basic concepts of networking. * Describe the difference between public and private networking resources. * Explain a virtual private gateway using a real life scenario. * Explain a virtual private network (VPN) using a real life scenario. * Describe the benefit of AWS Direct Connect. * Describe the benefit of hybrid deployments. * Describe the layers of security used in an IT strategy. * Describe the services customers use to interact with the AWS global network. ## Connectivity to AWS ### Amazon Virtual Private Cloud (Amazon VPC) **A networking service that you can use to establish boundaries around your AWS resources** >Amazon VPC enables you to provision an isolated section of the AWS Cloud. In this isolated section, you can launch resources in a virtual network that you define. >Within a virtual private cloud (VPC), you can organize your resources into subnets. **A subnet is a section of a VPC that can contain resources such as Amazon EC2 instances.** ### Internet Gateway :1234: **To allow public traffic from the internet to access your VPC, you attach an internet gateway to the VPC** >An internet gateway is a connection between a VPC and the internet. ### Virtual private gateway **To access private resources in a VPC, you can use a virtual private gateway.** >virtual private network (VPN) connection that encrypts (or protects) your internet traffic from all the other requests around it. >A virtual private gateway enables you to establish a virtual private network (VPN) connection between your VPC and a private network, such as an on-premises data center or internal corporate network. A virtual private gateway **allows traffic into the VPC only if it is coming from an approved network**. ## AWS Direct Connect **is a service that enables you to establish a dedicated private connection between your data center and a VPC.** > Suppose that there is an apartment building with a hallway directly linking the building to the coffee shop. Only the residents of the apartment building can travel through this hallway. > This private hallway provides the same type of dedicated connection as AWS Direct Connect. Residents are able to get into the coffee shop without needing to use the public road shared with other customers. > The private connection that AWS Direct Connect provides helps you to reduce network costs and increase the amount of bandwidth that can travel through your network. ### Subnets and network access control lists ##### Subnets :100: **A subnet is a section of a VPC in which you can group resources based on security or operational needs. Subnets can be public or private** ###### Public Subnets :1234: **contain resources that need to be accessible by the public, such as an online store’s website.** ###### Private subnets :1234: **ontain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.** ## Network traffic in a VPC **The VPC component that checks packet permissions for subnets is a network access control list (ACL).** > A network access control list (ACL) is a virtual firewall that controls inbound and outbound traffic at the subnet level. > Each AWS account includes a default network ACL. When configuring your VPC, you can use your account’s default network ACL or create custom network ACLs. >By default, your account’s default network ACL allows all inbound and outbound traffic > but you can modify it by adding your own rules. For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic to allow > **all network ACLs have an explicit deny rule. This rule ensures that if a packet doesn’t match any of the other rules on the list, the packet is denied.** ## Stateless packet filtering **They remember nothing and check packets that cross the subnet border each way: inbound and outbound.** ### Security groups **A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.** **By default, a security group denies all inbound traffic and allows all outbound traffic. You can add custom rules to configure which traffic to allow or deny.** #### Stateful packet filtering **Security groups perform stateful packet filtering. They remember previous decisions made for incoming packets.** ## Domain Name System (DNS) :+1: ### Amazon Route 53 : **s a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications hosted in AWS.** > Amazon Route 53 connects user requests to infrastructure running in AWS (such as Amazon EC2 instances and load balancers). It can route users to infrastructure outside of AWS. > Another feature of Route 53 is the ability to manage the DNS records for domain names. You can register new domain names directly in Route 53. You can also transfer DNS records for existing domain names managed by other domain registrars. This enables you to manage all of your domain names within a single location.