Sidebar

Amazon Web Services Networking

Home » Webinars » Cloud Computing and Networking » Amazon Web Services Networking

This webinar will help demystify the networking aspects of Amazon Web Services. We'll start with the high-level concepts, cover security aspects, and conclude with inter-VPC routing and hybrid cloud implementations.

Last modified on 2024-01-07 (release notes)

ARF PDF MP4 ZIP

Amazon Web Services Networking

Read This First

New AWS Services and Features 9.4K 2023-11-27

This document lists the new AWS services and new features of existing AWS services that are not yet covered in the webinar materials. If you're planning a bleeding-edge deployment, you might want to read it first.

1:01:23 AWS Concepts

We'll start with high-level concepts:

  • What AWS services are relevant to a networking engineer?
  • What are regions and availability zones?
  • How do you implement high availability in AWS environment?

37:57 Virtual Private Cloud (VPC)

Virtual Private Cloud (VPC) service is the foundation of AWS networking. This section describes VPC concepts, subnets within VPCs, and VPC/subnet addressing.

1:04:09 Interfaces and Addresses

Subnets are useless without servers connected to them. In this section we'll focus on AWS implementation of VM network interfaces, network interface addressing, and supporting services like DNS and DHCP.

The section also covers advanced concepts like public and private IP addresses, elastic IP addresses, and elastic network interfaces.

58:42 Intra-VPC Network Security

AWS offeres several layers of network security within a VPC:

  • Stateful security groups applied to VM interfaces;
  • Stateless network ACLs applied to subnets;
  • Validation of source and destination IP addresses.

All these mechanisms (and the logging and mirroring functionality available with flow logs and VPC traffic mirroring) are described in this section.

1:29:13 Securing External Network Traffic

When you want to secure traffic entering or leaving a VPC, you could use a number of AWS services, including:

  • Network Firewall: scale-out layer-4 firewall combined with Suricata IPS
  • Web Application Firewall: a Layer-7 HTTP(S) firewall
  • AWS Shield: a rudimentary DDoS protection service

46:38 Route Tables

VPC Route Tables are almost like VRFs with a few significant differences:

  • Route tables are applied to subnets;
  • All route tables share the entry for local VPC CIDR block.

This section describes the route tables and details of packet forwarding within VPC.

27:21 Internet Connectivity

VPC Internet connectivity is usually provided through an Internet gateway. IPv6 hosts that don't provide services to outside clients can use egress-only gateway; similar IPv4 hosts can access Internet through NAT gateway or NAT instance.

This section describes all three mechanisms, and the adjustments to route tables that have to be made to support them.

3:03:55 External Connectivity

This section describes other external connectivity options available in AWS VPC - IPsec VPN connections, router-to-router VLAN connections (Direct Connect), inter-VPC peering, and Transit Gateways.

1:24:29 AWS Cloud WAN

AWS Cloud WAN is a managed WAN service that you can use to build a WAN backbone based on enhanced AWS transit gateways. AWS Cloud WAN supports VRF-like segmentation and EBGP routing.

1:49:23 Load Balancing

AWS provides a variety of load balancing mechanisms, from local L4 load balancing (Network Load Balancing) and HTTP (Application) load balancing to service insertion with Gateway Load Balancer, global load balancing with DNS, and anycast IP addresses.

1:57:43 Automating AWS Deployments

AWS API has numerous idiosyncrasies: it's a strict Create/Read/Update/Delete API, you need multiple API calls to create an object, objects can be referenced by IDs, but not by names...

This section explains the peculiarities of AWS API, and describes how to use bash scripts, Ansible playbooks, CloudFormation templates, and Terraform configuration files to create, update, or delete anything from a single AWS object to a full-blown application stack.

More Information

This section contains links to interesting third-party blog posts, articles or presentations.

5:56 Summary

Summary 5:56 2019-06-14

Slide Decks

Amazon Web Services Networking 4.3M 2022-12-21
AWS Load Balancing 4.0M 2023-06-06
AWS Firewalls 8.2M 2023-06-06
AWS External Connectivity 9.8M 2023-06-06
Automating AWS Deployments 12M 2020-01-12
AWS Cloud WAN 3.2M 2023-05-22
%arc%
%arc%
%arc%
You started this section on %started% Mark completed