Amazon Web Services Networking

Home » Webinars » Cloud Computing and Networking » Amazon Web Services Networking

This webinar will help demystify the networking aspects of Amazon Web Services. We'll start with the high-level concepts, cover security aspects, and conclude with inter-VPC routing and hybrid cloud implementations.

Last modified on 2020-10-28 (release notes)

Materials
Roadmap

55:18 AWS Concepts
We'll start with high-level concepts: What AWS services are relevant to a networking engineer? What are regions and availability zones? How do you implement high availability in AWS environment?
AWS Services and Components	11:03	2019-05-25
Regions and Availability Zones	10:14	2019-05-25
High Availability in AWS	16:10	2019-05-25
Local Zones and Outposts	17:51	2020-10-09
Related AWS Documentation
AWS Outposts
38:52 Virtual Private Cloud (VPC)
Virtual Private Cloud (VPC) service is the foundation of AWS networking. This section describes VPC concepts, subnets within VPCs, and VPC/subnet addressing.
Virtual Private Cloud	10:43	2019-05-25
VPC Subnets	5:03	2019-05-25
VPC and Subnet Addressing	12:43	2019-05-25
VPC Sharing	10:23	2020-10-09
Related AWS Documentation
VPC Scenarios and Examples
User Guide: Working with VPCs
VPC Sharing across AWS Accounts
53:09 Interfaces and Addresses
Subnets are useless without servers connected to them. In this section we'll focus on AWS implementation of VM network interfaces, network interface addressing, and supporting services like DNS and DHCP. The section also covers advanced concepts like public and private IP addresses, elastic IP addresses, and elastic network interfaces.
Network Interfaces	7:45	2019-05-25
Interface Addressing	11:53	2019-05-25
Bring Your Own Addresses	8:37	2020-10-09
IP Multicast Support	7:44	2020-10-09
DNS and DHCP	4:03	2019-05-25
Sample Deployments	13:07	2019-06-14
Related AWS Documentation
Working with IP Addresses
Working with IP Addresses for Your EC2 Instance
Working with Network Interfaces
Working with Elastic IP Addresses
Bring Your Own IP Addresses
Bring Your Own IPv6 Addresses
IP Multicast implemented in Transit Gateway
Viewing DNS Hostnames for Your EC2 Instance
Working with DHCP Option Sets
Worth Reading
Testing IP Multicast in AWS by Thomas Edwards
1:24:43 Network Security
AWS offeres several layers of network security: Stateful security groups applied to VM interfaces; Stateless network ACLs applied to subnets; Validation of source and destination IP addresses. Layer-7 HTTP ACLs in Web Application Firewall Rudimentary DDoS protection with AWS Shield All these mechanisms (and the logging and mirroring functionality available with flow logs and VPC traffic mirroring) are described in this section.
Network Security	11:19	2019-06-14
Security Groups	12:53	2019-06-14
Managed Prefix Lists	10:18	2020-10-09
Network ACLs	8:41	2019-06-14
VPC Flow Logs	2:45	2019-06-14
VPC Traffic Mirroring	12:23	2020-10-09
Web Application Firewall	16:38	2020-10-09
AWS Shield	5:25	2020-10-09
Security Summary	4:21	2019-06-14
Related AWS Documentation
Working with Security Groups
Use Prefix Lists to Simplify Configuration of Security Groups
Working with Network ACLs
Example: Controlling Access to Instances in a Subnet
Working with Flow Logs
VPC Traffic Mirroring
New AWS Features
VPC Endpoint Policies
23:07 Route Tables
VPC Route Tables are almost like VRFs with a few significant differences: Route tables are applied to subnets; All route tables share the entry for local VPC CIDR block. This section describes the route tables and details of packet forwarding within VPC.
Route Tables Overview	9:12	2019-06-14
Working with Route Tables	7:47	2019-06-14
VPC Forwarding Behind the Scenes	6:08	2019-06-14
Related AWS Documentation
Working with Route Tables
Managed Prefix Lists
Useful Tools
Synchronize routes between main route table and custom route tables
23:10 Internet Connectivity
VPC Internet connectivity is usually provided through an Internet gateway. IPv6 hosts that don't provide services to outside clients can use egress-only gateway; similar IPv4 hosts can access Internet through NAT gateway or NAT instance. This section describes all three mechanisms, and the adjustments to route tables that have to be made to support them.
Internet Connectivity	7:29	2019-12-11
NAT Gateways and Instances	6:17	2019-06-14
VPC Ingress Routing	9:24	2020-10-09
Related AWS Documentation
Creating a VPC with an Internet Gateway
Working with Egress-Only Internet Gateways
Working with NAT Gateways
Ingress VPC Routing
1:07:56 External Connectivity
This section describes other external connectivity options available in AWS VPC - IPsec VPN connections, router-to-router VLAN connections (Direct Connect), inter-VPC peering, and Transit Gateways.
VPN Connectivity	19:55	2019-06-17
Direct Connect	20:30	2019-06-14
VPC Peering	9:43	2019-06-14
Transit Gateway	17:48	2019-06-14
Related AWS Documentation
Site-to-Site VPN Single and Multiple Connection Examples
VPC Peering Scenarios
Working with VPC Peering Connections
Getting Started with AWS Direct Connect
Working with Transit Gateways
Inter-region VPC peering with Transit Gateways
Inter-region Transit Gateway Peering
AWS Transit Gateway Network Manager
More Information
Building a Scalable and Secure Multi-VPC Network Infrastructure
AWS Transit Gateway and Multi-VPC Design Options for Hybrid Cloud Architecture
Improve VPN Network Performance of AWS Hybrid Cloud with Global Accelerator
Direct Connect Failover Testing
New AWS Features
AWS Site-to-Site VPN supports IKEv2
Multi-account support for Direct Connect gateway
AWS Private Link supports VPC peering
VPN connections using AWS Global Accelerator
Inter-Region VPC Peering Supports IPv6
Useful Tools
peerd: AWS VPC Peering Connection management tool
54:54 Load Balancing
AWS provides a variety of load balancing mechanisms, from local L4 load balancing (Network Load Balancing) and HTTP load balancing to global load balancing with DNS and anycast IP addresses.
Elastic Load Balancing	11:46	2019-06-14
Network Load Balancer	10:15	2020-10-16
Application Load Balancer	6:38	2020-10-16
Route 53 and CloudFront	15:42	2019-06-14
Global Accelerator	10:33	2020-10-16
Related AWS Documentation
Create an Application Load Balancer
Create a Network Load Balancer
Getting Started with Global Accelerator
New AWS Features
Network Load Balancer Supports UDP
Application Load Balancer supports advanced request routing
CloudFront supports origin failover
Bring Your Own IP Addresses in AWS Global Accelerator
Sample Solutions
Building a high available Anycast service using AWS Global Accelerator
1:57:43 Automating AWS Deployments
AWS API has numerous idiosyncrasies: it's a strict Create/Read/Update/Delete API, you need multiple API calls to create an object, objects can be referenced by IDs, but not by names... This section explains the peculiarities of AWS API, and describes how to use bash scripts, Ansible playbooks, CloudFormation templates, and Terraform configuration files to create, update, or delete anything from a single AWS object to a full-blown application stack.
AWS Automation Principles	18:03	2020-04-13
Creating and Updating a Single Object	19:21	2020-04-13
Example: Create a Single Object with Multiple Automation Tools	11:55	2020-04-13
Creating an Object Hierarchy	18:26	2020-04-13
Using Ansible AWS Modules	11:29	2020-04-13
Example: Use Automation Tools to Create an Object Hierarchy	14:37	2020-04-13
Example: Full Infrastructure Stack Deployment with Ansible	23:52	2020-04-13
New AWS Features
Tag EC2 Resources on Creation
Source Code for Automation Examples
Bash scripts
Ansible playbooks
CloudFormation templates
Terraform configuration files
More Information
This section contains links to interesting third-party blog posts, articles or presentations.
Understanding Data Transfer in AWS
5:56 Summary
Summary	5:56	2019-06-14
8:53 Updates
Read me first: 2020 update session	1.4K	2020-10-16
2020 Update - Other Features	8:53	2020-10-09
Slide Decks
Amazon Web Services Networking	34M	2020-10-06
Automating AWS Deployments	12M	2020-01-12