AWS ReInvent 2023 — Day 5— Friday
2 min readDec 9, 2023
Watch today as a Vlog with a recap of the whole event — https://youtu.be/z9z5sn1p08M
Advanced VPC Designs and new Capabilities
Youtube — https://www.youtube.com/watch?v=cRdDCkbE4es
Foundations
- EC2 classic global public network
- VPC — Private network in the cloud, assumed everyone would just have one
IP address management
Why is it important?
- v4 exhaustion
- Cost optimisation
- Global expansion
IP address manager IPAM
- Address management at scale
- Automate IP assignment
- Monitor usage
- Has a new free tier
- Public IP insights in the free tier
- IPv4 makes it easy to summarise IP space
- IPv6 is harder, IPAM will give you contigious IPv6 space
Expand VPCs or make the existing ones bigger?
- Can use a mix of both
- Large VPCs can hit quota limits
- Smaller VPCs needed to be connected
- Blast Radius size differences
Multi ENI Attachments
- 1 EC2 instance can be in multiple VPCs
NAT Gateways
- Can have up to 8 IP addresses associated with a a NAT Gateway to enable more connections
Private link
- Consume services from other VPCs
- Or private connections to AWS services
CloudWAN
- The latest AWS product for building global networks
- Define a JSON document that connects VPCs over multiple regions and also allows connections from VPNs etc
- Attachments can be done automatically based on tags
Application Networking
- ALBs support Mutual TLS
- NLBs can have security groups, have a lot of limitations, can only be attached at creation time
VPC Lattice
- 0 trust service to service communication without having to worry about networking
- Services can run on all AWS compute platforms
- VPC lattice abstracts network addressing so services in VPCs with overlapping CIDR ranges can communicate
EC2 Instance Connect
- Public IPv4 IPs no longer needed on EC2 instances
Network Firewall
- Cloudnative traffic inspection
- TLS inspection support
VPN-Less Application Access
- Zero Trust access to applications inside a VPC
Gen AI
- Can ask an AI assistant why your network doesn’t work
Ask the experts: Edge Compute with Amazon Cloudfront
- After CDNs were provided people came up requirements to run compute on the edges
- Altered cache keys on images to improve hit ratio ratio
- Call LaunchDarkly when a request comes in to apply feature flags
- Redirect multitentant SASS users to a specific EC2 instance for that customer
- Originless less URL shortners
Lambda@Edge
- Long running workloads
- Complex use cases
- Cloudfront functions
- Lightweight
- Low latency
State Management
- Key Value store has seconds of replication time to all edge locations
- Can store up to 5MB of data there
- Microseconds read time
- Ideal use case is write infrequently read frequently
Redirection at the edge
- CF injects a header with the viewer country
CF function runs at the edge locations
Lambda @ Edge runs on the regional edge cache