Open in app

Sign in

Write

Sign in

AWS ReInvent 2023 — Day 5— Friday

Aaron Kalair
2 min readDec 9, 2023

Watch today as a Vlog with a recap of the whole event — https://youtu.be/z9z5sn1p08M

Advanced VPC Designs and new Capabilities

Youtube — https://www.youtube.com/watch?v=cRdDCkbE4es

Foundations

  • EC2 classic global public network
  • VPC — Private network in the cloud, assumed everyone would just have one

IP address management

Why is it important?

  • v4 exhaustion
  • Cost optimisation
  • Global expansion

IP address manager IPAM

  • Address management at scale
  • Automate IP assignment
  • Monitor usage
  • Has a new free tier
  • Public IP insights in the free tier
  • IPv4 makes it easy to summarise IP space
  • IPv6 is harder, IPAM will give you contigious IPv6 space

Expand VPCs or make the existing ones bigger?

  • Can use a mix of both
  • Large VPCs can hit quota limits
  • Smaller VPCs needed to be connected
  • Blast Radius size differences

Multi ENI Attachments

  • 1 EC2 instance can be in multiple VPCs

NAT Gateways

  • Can have up to 8 IP addresses associated with a a NAT Gateway to enable more connections

Private link

  • Consume services from other VPCs
  • Or private connections to AWS services

CloudWAN

  • The latest AWS product for building global networks
  • Define a JSON document that connects VPCs over multiple regions and also allows connections from VPNs etc
  • Attachments can be done automatically based on tags

Application Networking

  • ALBs support Mutual TLS
  • NLBs can have security groups, have a lot of limitations, can only be attached at creation time

VPC Lattice

  • 0 trust service to service communication without having to worry about networking
  • Services can run on all AWS compute platforms
  • VPC lattice abstracts network addressing so services in VPCs with overlapping CIDR ranges can communicate

EC2 Instance Connect

  • Public IPv4 IPs no longer needed on EC2 instances

Network Firewall

  • Cloudnative traffic inspection
  • TLS inspection support

VPN-Less Application Access

  • Zero Trust access to applications inside a VPC

Gen AI

  • Can ask an AI assistant why your network doesn’t work

Ask the experts: Edge Compute with Amazon Cloudfront

  • After CDNs were provided people came up requirements to run compute on the edges
  • Altered cache keys on images to improve hit ratio ratio
  • Call LaunchDarkly when a request comes in to apply feature flags
  • Redirect multitentant SASS users to a specific EC2 instance for that customer
  • Originless less URL shortners

Lambda@Edge

  • Long running workloads
  • Complex use cases
  • Cloudfront functions
  • Lightweight
  • Low latency

State Management

  • Key Value store has seconds of replication time to all edge locations
  • Can store up to 5MB of data there
  • Microseconds read time
  • Ideal use case is write infrequently read frequently

Redirection at the edge

  • CF injects a header with the viewer country

CF function runs at the edge locations

Lambda @ Edge runs on the regional edge cache

DevOps
AWS
Tech Conference
Programming

--

--

Aaron Kalair

Written by Aaron Kalair

158 Followers

Operations / Software Engineer

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams