Amazon Web Services Networking
Home » Webinars » Cloud Computing and Networking » Amazon Web Services Networking
Last modified on 2023-01-30 (release notes)
Amazon Web Services Networking
Free items Read This First |
||
New AWS Services and Features
|
9.5K | 2022-12-21 |
This document lists the new AWS services and new features of existing AWS services that are not yet covered in the webinar materials. If you're planning a bleeding-edge deployment, you might want to read it first. |
||
1:01:23 AWS Concepts |
||
|
We'll start with high-level concepts:
|
||
| AWS Services and Components | 19:56 | 2022-12-21 |
| Regions and Availability Zones | 10:14 | 2019-05-25 |
| High Availability in AWS | 16:10 | 2019-05-25 |
| Local Zones and Outposts | 15:03 | 2020-12-18 |
Related AWS Documentation |
||
| AWS Services that Support IPv6 | ||
| AWS Outposts | ||
| AWS Fault Isolation Boundaries | ||
37:57 Virtual Private Cloud (VPC) |
||
|
Virtual Private Cloud (VPC) service is the foundation of AWS networking. This section describes VPC concepts, subnets within VPCs, and VPC/subnet addressing. |
||
| Virtual Private Cloud | 9:33 | 2023-01-04 |
| VPC Subnets | 5:03 | 2019-05-25 |
| VPC and Subnet Addressing | 14:16 | 2022-12-21 |
| VPC Sharing | 9:05 | 2020-12-18 |
Related AWS Documentation |
||
| VPC Scenarios and Examples | ||
| User Guide: Working with VPCs | ||
| VPC Sharing across AWS Accounts | ||
New AWS Features |
||
| Amazon VPC supports multiple IPv6 CIDR blocks | ||
Designing Large-Scale VPN Networks |
||
| Designing hyperscale Amazon VPC networks | ||
| Network Address Usage for your VPC | ||
1:04:09 Interfaces and Addresses |
||
|
Subnets are useless without servers connected to them. In this section we'll focus on AWS implementation of VM network interfaces, network interface addressing, and supporting services like DNS and DHCP. The section also covers advanced concepts like public and private IP addresses, elastic IP addresses, and elastic network interfaces. |
||
| Network Interfaces | 7:45 | 2019-05-25 |
| Interface Addressing | 16:31 | 2021-10-11 |
| Bring Your Own Addresses | 7:29 | 2021-10-11 |
| IP Multicast Support | 11:47 | 2021-10-11 |
| DNS and DHCP | 7:30 | 2022-12-21 |
| Sample Deployments | 13:07 | 2019-06-14 |
Automation Examples |
||
| IP Multicast Example | ||
Related AWS Documentation |
||
| Working with IP Addresses | ||
| Working with IP Addresses for Your EC2 Instance | ||
| Working with Network Interfaces | ||
| Working with Elastic IP Addresses | ||
| Bring Your Own IP Addresses | ||
| Bring Your Own IPv6 Addresses | ||
| IP Multicast implemented in Transit Gateway | ||
| Viewing DNS Hostnames for Your EC2 Instance | ||
| Working with DHCP Option Sets | ||
Worth Reading |
||
| Testing IP Multicast in AWS by Thomas Edwards | ||
New AWS Features |
||
| The transfer of Elastic IP addresses between AWS accounts | ||
| The IPv6 Subnet default gateway router supports multiple addresses | ||
58:42 Intra-VPC Network Security |
||
|
AWS offeres several layers of network security within a VPC:
All these mechanisms (and the logging and mirroring functionality available with flow logs and VPC traffic mirroring) are described in this section. |
||
| Network Security | 11:19 | 2019-06-14 |
| Security Groups | 12:53 | 2019-06-14 |
| Managed Prefix Lists | 8:54 | 2021-10-11 |
| Network ACLs | 8:41 | 2019-06-14 |
| VPC Flow Logs | 2:45 | 2019-06-14 |
| VPC Traffic Mirroring | 9:49 | 2020-12-18 |
| Security Summary | 4:21 | 2019-06-14 |
Related AWS Documentation |
||
| Working with Security Groups | ||
| Use Prefix Lists to Simplify Configuration of Security Groups | ||
| Working with Network ACLs | ||
| Example: Controlling Access to Instances in a Subnet | ||
| Working with Flow Logs | ||
| VPC Traffic Mirroring | ||
More Information |
||
| The Security Design of the AWS Nitro System | ||
1:03:05 Securing External Network Traffic |
||
|
When you want to secure traffic entering or leaving a VPC, you could use a number of AWS services, including:
|
||
| Web Application Firewall | 13:58 | 2020-12-18 |
| AWS Shield | 4:31 | 2020-12-18 |
44:36 AWS Network Firewall |
||
| AWS Network Firewall Overview | 17:14 | 2021-04-27 |
| Configuring Network Firewall | 12:49 | 2021-04-27 |
| Complex Network Firewall Deployments | 14:33 | 2021-04-27 |
Automation Examples |
||
| Web Application Firewall Example | ||
New AWS Features |
||
| AWS Network Firewall now supports VPC prefix lists | ||
| AWS Network Firewall now supports AWS Managed Rules | ||
| AWS Shield Advanced now supports Application Load Balancer for automatic application layer DDoS mitigation | ||
| AWS Shield Advanced introduces automatic application-layer DDoS mitigation | ||
46:38 Route Tables |
||
|
VPC Route Tables are almost like VRFs with a few significant differences:
This section describes the route tables and details of packet forwarding within VPC. |
||
| Route Tables Overview | 13:46 | 2021-10-11 |
| Working with Route Tables | 14:14 | 2021-10-11 |
| VPC Forwarding Behind the Scenes | 14:13 | 2022-12-21 |
4:25 From the ipSpace.net Design Clinic |
||
| Subnet Routing in AWS VPC | 4:25 | 2021-10-01 |
Related AWS Documentation |
||
| Working with Route Tables | ||
| Managed Prefix Lists | ||
Useful Tools |
||
| Synchronize routes between main route table and custom route tables | ||
More Information |
||
| Elastic Network Adapter (ENA) Express | ||
| A Cloud-Optimized Transport Protocol for Elastic and Scalable HPC | ||
| Scalable Reliable Datagram (SRD) Protocol Used By Elastic Fabric Adapter | ||
| The Security Design of the AWS Nitro System | ||
27:21 Internet Connectivity |
||
|
VPC Internet connectivity is usually provided through an Internet gateway. IPv6 hosts that don't provide services to outside clients can use egress-only gateway; similar IPv4 hosts can access Internet through NAT gateway or NAT instance. This section describes all three mechanisms, and the adjustments to route tables that have to be made to support them. |
||
| Internet Connectivity | 7:29 | 2019-12-11 |
| NAT Gateways and Instances | 12:08 | 2022-12-21 |
| VPC Ingress Routing | 7:44 | 2020-12-18 |
Related AWS Documentation |
||
| Creating a VPC with an Internet Gateway | ||
| Working with Egress-Only Internet Gateways | ||
| Working with NAT Gateways | ||
| Ingress VPC Routing | ||
New AWS Features |
||
| NAT64 and DNS64 capabilities enable communication between IPv6 and IPv4 services | ||
2:10:34 External Connectivity |
||
|
This section describes other external connectivity options available in AWS VPC - IPsec VPN connections, router-to-router VLAN connections (Direct Connect), inter-VPC peering, and Transit Gateways. |
||
| VPN Connectivity | 21:16 | 2022-12-21 |
| Direct Connect | 20:30 | 2019-06-14 |
| VPC Peering | 9:43 | 2019-06-14 |
| Transit Gateway | 24:22 | 2022-12-21 |
| Transit Gateway Connect | 13:55 | 2021-11-15 |
| AWS Private Link | 35:49 | 2022-12-21 |
Automation Examples |
||
| Inter-Region VPC Peering Example | ||
4:59 From the ipSpace.net Design Clinic |
||
| Impact of Transit Gateway on Application Performance | 4:59 | 2022-03-01 |
Related AWS Documentation |
||
| Site-to-Site VPN Single and Multiple Connection Examples | ||
| VPC Peering Scenarios | ||
| Working with VPC Peering Connections | ||
| Getting Started with AWS Direct Connect | ||
| Working with Transit Gateways | ||
| Inter-region VPC peering with Transit Gateways | ||
| Inter-region Transit Gateway Peering | ||
| AWS Transit Gateway Network Manager | ||
Related AWS Architecture Blog Posts |
||
| How to integrate third-party firewall appliances into an AWS environment | ||
More Information |
||
| Building a Scalable and Secure Multi-VPC Network Infrastructure | ||
| AWS Transit Gateway and Multi-VPC Design Options for Hybrid Cloud Architecture | ||
| Improve VPN Network Performance of AWS Hybrid Cloud with Global Accelerator | ||
| Direct Connect Failover Testing | ||
New AWS Features |
||
| AWS Site-to-Site VPN supports IKEv2 | ||
| Multi-account support for Direct Connect gateway | ||
| VPN connections using AWS Global Accelerator | ||
| Private IP addresses as endpoints of Site-to-Site VPN | ||
| AWS Transit Gateway Intra-Region Peering | ||
| AWS announces Amazon VPC Lattice (Preview) | ||
Useful Tools |
||
| peerd: AWS VPC Peering Connection management tool | ||
1:38:47 Load Balancing |
||
|
AWS provides a variety of load balancing mechanisms, from local L4 load balancing (Network Load Balancing) and HTTP (Application) load balancing to service insertion with Gateway Load Balancer, global load balancing with DNS, and anycast IP addresses. |
||
| Elastic Load Balancing | 14:29 | 2022-12-21 |
| Network Load Balancer | 10:15 | 2022-12-21 |
| Application Load Balancer | 9:13 | 2022-12-21 |
| Route 53 and CloudFront | 15:47 | 2022-12-21 |
| Global Accelerator | 17:40 | 2022-12-21 |
| Gateway Load Balancer | 27:21 | 2021-04-27 |
Automation Examples |
||
| Network Load Balancer Example | ||
4:02 From the ipSpace.net Design Clinic |
||
| Scale-Out Cloud DMZ | 4:02 | 2022-05-30 |
Related AWS Documentation |
||
| Create an Application Load Balancer | ||
| Create a Network Load Balancer | ||
| Getting Started with Global Accelerator | ||
| What is a Gateway Load Balancer? | ||
Gateway Load Balancer Blog Posts |
||
| Introducing AWS Gateway Load Balancer | ||
| AWS Gateway Load Balancer: Supported architecture patterns | ||
| Integrate your custom logic or appliance with AWS Gateway Load Balancer | ||
| Scaling network traffic inspection using AWS Gateway Load Balancer | ||
| Centralized inspection architecture with AWS Gateway Load Balancer and AWS Transit Gateway | ||
| GWLB Deployment Patterns | ||
New AWS Features |
||
| Network Load Balancer Supports UDP | ||
| Application Load Balancer supports advanced request routing | ||
| CloudFront supports origin failover | ||
| Application Load Balancer as a target for Network Load Balancer | ||
| Application Load Balancers now support turning off cross zone load balancing per target group | ||
| AWS Gateway Load Balancer launches new option to rebalance flows when target fails or deregisters | ||
| Amazon Route 53 launches Geolocation and Latency-Based Routing for Private DNS | ||
Sample Solutions |
||
| Building a high available Anycast service using AWS Global Accelerator | ||
1:57:43 Automating AWS Deployments |
||
|
AWS API has numerous idiosyncrasies: it's a strict Create/Read/Update/Delete API, you need multiple API calls to create an object, objects can be referenced by IDs, but not by names... This section explains the peculiarities of AWS API, and describes how to use bash scripts, Ansible playbooks, CloudFormation templates, and Terraform configuration files to create, update, or delete anything from a single AWS object to a full-blown application stack. |
||
| AWS Automation Principles | 18:03 | 2020-04-13 |
| Creating and Updating a Single Object | 19:21 | 2020-04-13 |
| Example: Create a Single Object with Multiple Automation Tools | 11:55 | 2020-04-13 |
| Creating an Object Hierarchy | 18:26 | 2020-04-13 |
| Using Ansible AWS Modules | 11:29 | 2020-04-13 |
| Example: Use Automation Tools to Create an Object Hierarchy | 14:37 | 2020-04-13 |
| Example: Full Infrastructure Stack Deployment with Ansible | 23:52 | 2020-04-13 |
New AWS Features |
||
| Tag EC2 Resources on Creation | ||
Source Code for Automation Examples |
||
| Bash scripts | ||
| Ansible playbooks | ||
| CloudFormation templates | ||
| Terraform configuration files | ||
More Information |
||
|
This section contains links to interesting third-party blog posts, articles or presentations. |
||
| Understanding Data Transfer in AWS | ||
5:56 Summary |
||
| Summary | 5:56 | 2019-06-14 |
Slide Decks |
||
| Amazon Web Services Networking | 4.3M | 2022-12-21 |
| AWS Load Balancing | 1.7M | 2022-12-21 |
| AWS Firewalls | 2.0M | 2021-04-13 |
| AWS External Connectivity | 2.9M | 2022-12-21 |
| Automating AWS Deployments | 12M | 2020-01-12 |
Cloud Computing and Networking
