Amazon Web Services Networking
Home » Webinars » Cloud Computing and Networking » Amazon Web Services Networking
Last modified on 2021-04-27 (release notes)
Amazon Web Services Networking
52:30 AWS Concepts |
||
|
We'll start with high-level concepts:
|
||
| AWS Services and Components | 11:03 | 2019-05-25 |
| Regions and Availability Zones | 10:14 | 2019-05-25 |
| High Availability in AWS | 16:10 | 2019-05-25 |
| Local Zones and Outposts | 15:03 | 2020-12-18 |
Related AWS Documentation |
||
| AWS Outposts | ||
37:34 Virtual Private Cloud (VPC) |
||
|
Virtual Private Cloud (VPC) service is the foundation of AWS networking. This section describes VPC concepts, subnets within VPCs, and VPC/subnet addressing. |
||
| Virtual Private Cloud | 10:43 | 2019-05-25 |
| VPC Subnets | 5:03 | 2019-05-25 |
| VPC and Subnet Addressing | 12:43 | 2019-05-25 |
| VPC Sharing | 9:05 | 2020-12-18 |
Related AWS Documentation |
||
| VPC Scenarios and Examples | ||
| User Guide: Working with VPCs | ||
| VPC Sharing across AWS Accounts | ||
51:02 Interfaces and Addresses |
||
|
Subnets are useless without servers connected to them. In this section we'll focus on AWS implementation of VM network interfaces, network interface addressing, and supporting services like DNS and DHCP. The section also covers advanced concepts like public and private IP addresses, elastic IP addresses, and elastic network interfaces. |
||
| Network Interfaces | 7:45 | 2019-05-25 |
| Interface Addressing | 11:53 | 2019-05-25 |
| Bring Your Own Addresses | 7:24 | 2020-12-18 |
| IP Multicast Support | 6:50 | 2020-12-18 |
| DNS and DHCP | 4:03 | 2019-05-25 |
| Sample Deployments | 13:07 | 2019-06-14 |
Automation Examples |
||
| IP Multicast Example | ||
Related AWS Documentation |
||
| Working with IP Addresses | ||
| Working with IP Addresses for Your EC2 Instance | ||
| Working with Network Interfaces | ||
| Working with Elastic IP Addresses | ||
| Bring Your Own IP Addresses | ||
| Bring Your Own IPv6 Addresses | ||
| IP Multicast implemented in Transit Gateway | ||
| Viewing DNS Hostnames for Your EC2 Instance | ||
| Working with DHCP Option Sets | ||
Worth Reading |
||
| Testing IP Multicast in AWS by Thomas Edwards | ||
58:37 Intra-VPC Network Security |
||
|
AWS offeres several layers of network security within a VPC:
All these mechanisms (and the logging and mirroring functionality available with flow logs and VPC traffic mirroring) are described in this section. |
||
| Network Security | 11:19 | 2019-06-14 |
| Security Groups | 12:53 | 2019-06-14 |
| Managed Prefix Lists | 8:49 | 2020-12-18 |
| Network ACLs | 8:41 | 2019-06-14 |
| VPC Flow Logs | 2:45 | 2019-06-14 |
| VPC Traffic Mirroring | 9:49 | 2020-12-18 |
| Security Summary | 4:21 | 2019-06-14 |
Related AWS Documentation |
||
| Working with Security Groups | ||
| Use Prefix Lists to Simplify Configuration of Security Groups | ||
| Working with Network ACLs | ||
| Example: Controlling Access to Instances in a Subnet | ||
| Working with Flow Logs | ||
| VPC Traffic Mirroring | ||
New AWS Features |
||
| VPC Endpoint Policies | ||
1:03:05 Securing External Network Traffic |
||
|
When you want to secure traffic entering or leaving a VPC, you could use a number of AWS services, including:
|
||
| Web Application Firewall | 13:58 | 2020-12-18 |
| AWS Shield | 4:31 | 2020-12-18 |
44:36 AWS Network Firewall |
||
| AWS Network Firewall Overview | 17:14 | 2021-04-27 |
| Configuring Network Firewall | 12:49 | 2021-04-27 |
| Complex Network Firewall Deployments | 14:33 | 2021-04-27 |
Automation Examples |
||
| Web Application Firewall Example | ||
26:35 Route Tables |
||
|
VPC Route Tables are almost like VRFs with a few significant differences:
This section describes the route tables and details of packet forwarding within VPC. |
||
| Route Tables Overview | 12:40 | 2020-12-18 |
| Working with Route Tables | 7:47 | 2019-06-14 |
| VPC Forwarding Behind the Scenes | 6:08 | 2019-06-14 |
Related AWS Documentation |
||
| Working with Route Tables | ||
| Managed Prefix Lists | ||
Useful Tools |
||
| Synchronize routes between main route table and custom route tables | ||
21:30 Internet Connectivity |
||
|
VPC Internet connectivity is usually provided through an Internet gateway. IPv6 hosts that don't provide services to outside clients can use egress-only gateway; similar IPv4 hosts can access Internet through NAT gateway or NAT instance. This section describes all three mechanisms, and the adjustments to route tables that have to be made to support them. |
||
| Internet Connectivity | 7:29 | 2019-12-11 |
| NAT Gateways and Instances | 6:17 | 2019-06-14 |
| VPC Ingress Routing | 7:44 | 2020-12-18 |
Related AWS Documentation |
||
| Creating a VPC with an Internet Gateway | ||
| Working with Egress-Only Internet Gateways | ||
| Working with NAT Gateways | ||
| Ingress VPC Routing | ||
1:12:14 External Connectivity |
||
|
This section describes other external connectivity options available in AWS VPC - IPsec VPN connections, router-to-router VLAN connections (Direct Connect), inter-VPC peering, and Transit Gateways. |
||
| VPN Connectivity | 19:55 | 2019-06-17 |
| Direct Connect | 20:30 | 2019-06-14 |
| VPC Peering | 9:43 | 2019-06-14 |
| Transit Gateway | 22:06 | 2020-12-18 |
Automation Examples |
||
| Inter-Region VPC Peering Example | ||
Related AWS Documentation |
||
| Site-to-Site VPN Single and Multiple Connection Examples | ||
| VPC Peering Scenarios | ||
| Working with VPC Peering Connections | ||
| Getting Started with AWS Direct Connect | ||
| Working with Transit Gateways | ||
| Inter-region VPC peering with Transit Gateways | ||
| Inter-region Transit Gateway Peering | ||
| AWS Transit Gateway Network Manager | ||
Related AWS Architecture Blog Posts |
||
| How to integrate third-party firewall appliances into an AWS environment | ||
More Information |
||
| Building a Scalable and Secure Multi-VPC Network Infrastructure | ||
| AWS Transit Gateway and Multi-VPC Design Options for Hybrid Cloud Architecture | ||
| Improve VPN Network Performance of AWS Hybrid Cloud with Global Accelerator | ||
| Direct Connect Failover Testing | ||
New AWS Features |
||
| AWS Site-to-Site VPN supports IKEv2 | ||
| Multi-account support for Direct Connect gateway | ||
| AWS Private Link supports VPC peering | ||
| VPN connections using AWS Global Accelerator | ||
| Inter-Region VPC Peering Supports IPv6 | ||
Useful Tools |
||
| peerd: AWS VPC Peering Connection management tool | ||
1:22:15 Load Balancing |
||
|
AWS provides a variety of load balancing mechanisms, from local L4 load balancing (Network Load Balancing) and HTTP (Application) load balancing to service insertion with Gateway Load Balancer, global load balancing with DNS, and anycast IP addresses. |
||
| Elastic Load Balancing | 11:46 | 2019-06-14 |
| Network Load Balancer | 10:15 | 2020-10-16 |
| Application Load Balancer | 6:38 | 2020-10-16 |
| Route 53 and CloudFront | 15:42 | 2019-06-14 |
| Global Accelerator | 10:33 | 2020-10-16 |
| Gateway Load Balancer | 27:21 | 2021-04-27 |
Automation Examples |
||
| Network Load Balancer Example | ||
Related AWS Documentation |
||
| Create an Application Load Balancer | ||
| Create a Network Load Balancer | ||
| Getting Started with Global Accelerator | ||
| What is a Gateway Load Balancer? | ||
Gateway Load Balancer Blog Posts |
||
| Introducing AWS Gateway Load Balancer | ||
| AWS Gateway Load Balancer: Supported architecture patterns | ||
| Integrate your custom logic or appliance with AWS Gateway Load Balancer | ||
| Scaling network traffic inspection using AWS Gateway Load Balancer | ||
| Centralized inspection architecture with AWS Gateway Load Balancer and AWS Transit Gateway | ||
New AWS Features |
||
| Network Load Balancer Supports UDP | ||
| Application Load Balancer supports advanced request routing | ||
| CloudFront supports origin failover | ||
| Bring Your Own IP Addresses in AWS Global Accelerator | ||
Sample Solutions |
||
| Building a high available Anycast service using AWS Global Accelerator | ||
1:57:43 Automating AWS Deployments |
||
|
AWS API has numerous idiosyncrasies: it's a strict Create/Read/Update/Delete API, you need multiple API calls to create an object, objects can be referenced by IDs, but not by names... This section explains the peculiarities of AWS API, and describes how to use bash scripts, Ansible playbooks, CloudFormation templates, and Terraform configuration files to create, update, or delete anything from a single AWS object to a full-blown application stack. |
||
| AWS Automation Principles | 18:03 | 2020-04-13 |
| Creating and Updating a Single Object | 19:21 | 2020-04-13 |
| Example: Create a Single Object with Multiple Automation Tools | 11:55 | 2020-04-13 |
| Creating an Object Hierarchy | 18:26 | 2020-04-13 |
| Using Ansible AWS Modules | 11:29 | 2020-04-13 |
| Example: Use Automation Tools to Create an Object Hierarchy | 14:37 | 2020-04-13 |
| Example: Full Infrastructure Stack Deployment with Ansible | 23:52 | 2020-04-13 |
New AWS Features |
||
| Tag EC2 Resources on Creation | ||
Source Code for Automation Examples |
||
| Bash scripts | ||
| Ansible playbooks | ||
| CloudFormation templates | ||
| Terraform configuration files | ||
More Information |
||
|
This section contains links to interesting third-party blog posts, articles or presentations. |
||
| Understanding Data Transfer in AWS | ||
5:56 Summary |
||
| Summary | 5:56 | 2019-06-14 |
Updates and Errata |
||
| Read me first: 2020 update session | 1.4K | 2020-12-18 |
| Errata | 267 | 2020-12-25 |
Slide Decks |
||
| Amazon Web Services Networking | 4.1M | 2021-03-29 |
| AWS Load Balancing | 1.1M | 2021-03-29 |
| AWS Firewalls | 2.0M | 2021-04-13 |
| Automating AWS Deployments | 12M | 2020-01-12 |
Cloud Computing and Networking
