Amazon Web Services Networking
Home »
Webinars
»
Cloud Computing and Networking »
Amazon Web Services Networking
This webinar will help demystify the networking aspects of Amazon Web Services. We'll start with the high-level concepts, cover security aspects, and conclude with inter-VPC routing and hybrid cloud implementations.
Last modified on 2023-06-22
(release notes )
ARF
PDF
MP4
ZIP
Amazon Web Services Networking
New AWS Services and Features
9.5K
2022-12-21
This document lists the new AWS services and new features of existing AWS services that are not yet covered in the webinar materials. If you're planning a bleeding-edge deployment, you might want to read it first.
We'll start with high-level concepts:
What AWS services are relevant to a networking engineer?
What are regions and availability zones?
How do you implement high availability in AWS environment?
AWS Services and Components
19:56
2022-12-21
Regions and Availability Zones
10:14
2019-05-25
High Availability in AWS
16:10
2019-05-25
Local Zones and Outposts
15:03
2020-12-18
AWS Services that Support IPv6
AWS Outposts
AWS Fault Isolation Boundaries
Improved IPv6 Support
AWS Network Firewall supports IPv6-only subnets
AWS Gateway Load Balancer supports IPv6 traffic
Virtual Private Cloud (VPC) service is the foundation of
AWS networking. This section describes VPC concepts,
subnets within VPCs, and VPC/subnet addressing.
Virtual Private Cloud
9:33
2023-01-04
VPC Subnets
5:03
2019-05-25
VPC and Subnet Addressing
14:16
2022-12-21
VPC Sharing
9:05
2020-12-18
VPC Scenarios and Examples
User Guide: Working with VPCs
VPC Sharing across AWS Accounts
New AWS Features
Amazon VPC supports multiple IPv6 CIDR blocks
Designing Large-Scale VPN Networks
Designing hyperscale Amazon VPC networks
Network Address Usage for your VPC
Subnets are useless without servers connected to them.
In this section we'll focus on AWS implementation of
VM network interfaces, network interface addressing,
and supporting services like DNS and DHCP.
The section also covers advanced concepts like public
and private IP addresses, elastic IP addresses, and
elastic network interfaces.
Network Interfaces
7:45
2019-05-25
Interface Addressing
16:31
2021-10-11
Bring Your Own Addresses
7:29
2021-10-11
IP Multicast Support
11:47
2021-10-11
DNS and DHCP
7:30
2022-12-21
Sample Deployments
13:07
2019-06-14
Automation Examples
IP Multicast Example
Working with IP Addresses
Working with IP Addresses for Your EC2 Instance
Working with Network Interfaces
Working with Elastic IP Addresses
Bring Your Own IP Addresses
Bring Your Own IPv6 Addresses
IP Multicast implemented in Transit Gateway
Viewing DNS Hostnames for Your EC2 Instance
Working with DHCP Option Sets
Worth Reading
Testing IP Multicast in AWS by Thomas Edwards
New AWS Features
Amazon VPC IPAM
The transfer of Elastic IP addresses between AWS accounts
The IPv6 Subnet default gateway router supports multiple addresses
AWS offeres several layers of network security within a VPC:
Stateful security groups applied to VM interfaces;
Stateless network ACLs applied to subnets;
Validation of source and destination IP addresses.
All these mechanisms (and the logging and mirroring functionality
available with flow logs and VPC traffic mirroring ) are
described in this section.
Network Security
11:19
2019-06-14
Security Groups
12:53
2019-06-14
Managed Prefix Lists
8:54
2021-10-11
Network ACLs
8:41
2019-06-14
VPC Flow Logs
2:45
2019-06-14
VPC Traffic Mirroring
9:49
2020-12-18
Security Summary
4:21
2019-06-14
Working with Security Groups
Use Prefix Lists to Simplify Configuration of Security Groups
Working with Network ACLs
Example: Controlling Access to Instances in a Subnet
Working with Flow Logs
VPC Traffic Mirroring
The Security Design of the AWS Nitro System
When you want to secure traffic entering or leaving a VPC, you could use a
number of AWS services, including:
Network Firewall: scale-out layer-4 firewall combined with Suricata IPS
Web Application Firewall: a Layer-7 HTTP(S) firewall
AWS Shield: a rudimentary DDoS protection service
Web Application Firewall
13:58
2020-12-18
AWS Shield
4:31
2020-12-18
1:17:18
AWS Network Firewall
AWS Network Firewall Overview
17:14
2021-04-27
Intra-VPC Network Firewall Insertion
7:44
2023-06-08
Configuring Network Firewall
12:49
2021-04-27
Complex Intra-VPC Network Firewall Deployments
24:58
2023-06-08
Complex Network Firewall Deployments
14:33
2021-04-27
Automation Examples
Web Application Firewall Example
New AWS Features
AWS Network Firewall now supports IPv6-only subnets
Ingress TLS inspection on AWS Network Firewall
Tag-based resource groups on AWS Network Firewall
AWS WAF increases web ACL capacity units limits
AWS Network Firewall adds reject action for TCP traffic
AWS Network Firewall now supports VPC prefix lists
AWS Network Firewall now supports AWS Managed Rules
AWS Shield Advanced now supports Application Load Balancer for automatic application layer DDoS mitigation
AWS Shield Advanced introduces automatic application-layer DDoS mitigation
VPC Route Tables are almost like VRFs with a few significant
differences:
Route tables are applied to subnets;
All route tables share the entry for local VPC CIDR block.
This section describes the route tables and details
of packet forwarding within VPC.
Route Tables Overview
13:46
2021-10-11
Working with Route Tables
14:14
2021-10-11
VPC Forwarding Behind the Scenes
14:13
2022-12-21
4:25
From the ipSpace.net Design Clinic
Subnet Routing in AWS VPC
4:25
2021-10-01
Working with Route Tables
Managed Prefix Lists
Synchronize routes between main route table and custom route tables
Elastic Network Adapter (ENA) Express
A Cloud-Optimized Transport Protocol for Elastic and Scalable HPC
Scalable Reliable Datagram (SRD) Protocol Used By Elastic Fabric Adapter
The Security Design of the AWS Nitro System
VPC Internet connectivity is usually provided through an
Internet gateway. IPv6 hosts that don't provide services
to outside clients can use egress-only gateway; similar
IPv4 hosts can access Internet through NAT gateway or
NAT instance.
This section describes all three mechanisms, and the
adjustments to route tables that have to be made to
support them.
Internet Connectivity
7:29
2019-12-11
NAT Gateways and Instances
12:08
2022-12-21
VPC Ingress Routing
7:44
2020-12-18
Creating a VPC with an Internet Gateway
Working with Egress-Only Internet Gateways
Working with NAT Gateways
Ingress VPC Routing
New AWS Features
Increased number of concurrent connections on NAT Gateway
This section describes other external connectivity
options available in AWS VPC - IPsec VPN connections,
router-to-router VLAN connections (Direct Connect),
inter-VPC peering, and Transit Gateways.
VPN Connectivity
21:16
2022-12-21
Direct Connect
20:30
2019-06-14
VPC Peering
9:43
2019-06-14
Transit Gateway
24:22
2022-12-21
Transit Gateway Connect
13:55
2021-11-15
AWS Private Link
35:49
2022-12-21
41:46
Amazon VPC Lattice
Amazon VPC Lattice Overview
19:09
2023-06-08
Configuring and Securing Amazon VPC Lattice
22:37
2023-06-08
Automation Examples
Inter-Region VPC Peering Example
19:45
From the ipSpace.net Design Clinic
Impact of Transit Gateway on Application Performance
4:59
2022-03-01
Direct or VPN Access to a Public Cloud
14:46
2023-04-04
Site-to-Site VPN Single and Multiple Connection Examples
VPC Peering Scenarios
Working with VPC Peering Connections
Getting Started with AWS Direct Connect
Working with Transit Gateways
Inter-region VPC peering with Transit Gateways
Inter-region Transit Gateway Peering
AWS Transit Gateway Network Manager
Related AWS Architecture Blog Posts
How to integrate third-party firewall appliances into an AWS environment
Building a Scalable and Secure Multi-VPC Network Infrastructure
AWS Transit Gateway and Multi-VPC Design Options for Hybrid Cloud Architecture
Improve VPN Network Performance of AWS Hybrid Cloud with Global Accelerator
Direct Connect Failover Testing
New AWS Features
AWS Site-to-Site VPN supports IKEv2
Multi-account support for Direct Connect gateway
VPN connections using AWS Global Accelerator
Private IP addresses as endpoints of Site-to-Site VPN
AWS Transit Gateway Intra-Region Peering
AWS announces Amazon VPC Lattice (Preview)
peerd: AWS VPC Peering Connection management tool
AWS Cloud WAN is a managed WAN service that you can use to build a WAN backbone based on enhanced
AWS transit gateways. AWS Cloud WAN supports VRF-like segmentation and EBGP routing.
Concepts
14:03
2023-06-22
Components
28:00
2023-06-22
Segments (Routing Domains)
12:18
2023-06-22
Segmentation Examples
19:09
2023-06-22
Quotas and Pricing
10:59
2023-06-22
AWS provides a variety of load balancing mechanisms,
from local L4 load balancing (Network Load Balancing)
and HTTP (Application) load balancing to service insertion with
Gateway Load Balancer, global load balancing with
DNS, and anycast IP addresses.
Elastic Load Balancing
14:29
2022-12-21
Network Load Balancer
10:15
2022-12-21
Application Load Balancer
9:13
2022-12-21
Route 53 and CloudFront
15:47
2022-12-21
Route 53 ARC Zonal Shift
11:40
2023-06-08
Global Accelerator
17:40
2022-12-21
Gateway Load Balancer
27:21
2021-04-27
Automation Examples
Network Load Balancer Example
4:02
From the ipSpace.net Design Clinic
Scale-Out Cloud DMZ
4:02
2022-05-30
Create an Application Load Balancer
Create a Network Load Balancer
Getting Started with Global Accelerator
What is a Gateway Load Balancer?
Gateway Load Balancer Blog Posts
Introducing AWS Gateway Load Balancer
AWS Gateway Load Balancer: Supported architecture patterns
Integrate your custom logic or appliance with AWS Gateway Load Balancer
Scaling network traffic inspection using AWS Gateway Load Balancer
Centralized inspection architecture with AWS Gateway Load Balancer and AWS Transit Gateway
GWLB Deployment Patterns
New AWS Features
Application Load Balancer supports TLS 1.3
AWS Gateway Load Balancer supports IPv6 traffic
Network Load Balancer Supports UDP
Application Load Balancer supports advanced request routing
CloudFront supports origin failover
Application Load Balancer as a target for Network Load Balancer
Application Load Balancers now support turning off cross zone load balancing per target group
AWS Gateway Load Balancer launches new option to rebalance flows when target fails or deregisters
Amazon Route 53 launches Geolocation and Latency-Based Routing for Private DNS
Sample Solutions
Building a high available Anycast service using AWS Global Accelerator
AWS API has numerous idiosyncrasies: it's a strict Create/Read/Update/Delete API, you need multiple API calls to
create an object, objects can be referenced by IDs, but not by names...
This section explains the peculiarities of AWS API, and describes how to use bash scripts, Ansible playbooks,
CloudFormation templates, and Terraform configuration files to create, update, or delete anything from a single
AWS object to a full-blown application stack.
AWS Automation Principles
18:03
2020-04-13
Creating and Updating a Single Object
19:21
2020-04-13
Example: Create a Single Object with Multiple Automation Tools
11:55
2020-04-13
Creating an Object Hierarchy
18:26
2020-04-13
Using Ansible AWS Modules
11:29
2020-04-13
Example: Use Automation Tools to Create an Object Hierarchy
14:37
2020-04-13
Example: Full Infrastructure Stack Deployment with Ansible
23:52
2020-04-13
New AWS Features
Tag EC2 Resources on Creation
Source Code for Automation Examples
Bash scripts
Ansible playbooks
CloudFormation templates
Terraform configuration files
This section contains links to interesting third-party blog posts, articles or presentations.
Understanding Data Transfer in AWS
Summary
5:56
2019-06-14
Amazon Web Services Networking
4.3M
2022-12-21
AWS Load Balancing
4.0M
2023-06-06
AWS Firewalls
8.2M
2023-06-06
AWS External Connectivity
9.8M
2023-06-06
Automating AWS Deployments
12M
2020-01-12
AWS Cloud WAN
3.2M
2023-05-22
Cloud Computing and Networking
