Mastering the Cloud: Module 5-Networking & Content Delivery
A computer network usually comprises a group of systems or network devices to provide communication within and outside the network region and are categorized into various subnets and comprised of routers and switches.
An Internet protocol (IP) address is a unique number upon which we can easily identify a particular device from the network system.
It is a 32-bit binary address called an Ipv4 address and Ipv6 is a 128-bit binary address ranging from 0 to ffff and consisting of 8 dots.
Classless inter-domain routing (CIDR) is expressed as an IP address consisting of the first address of the network called the (network address) followed by a ‘/’ character Usually used to represent the consecutive IP addresses.
Example: 192.0.2.0/24, where 24 means that the first 24 bits are fixed and cannot be changed, only the last 8 bits are allowed to change from 0 to 255.
Amazon VPC
-> Amazon virtual private cloud is a service that lets us manage logically isolated sections of Aws cloud, to launch the Aws resources. It lets us create a virtual network within Aws.
-> It will give us control over the virtual networking resources
1. Selecting the IP address range.
2. creation of Subnets
3. configuration of route tables and network gateways
-> Enables us to customize the network configuration for our VPC and Enables us to use multiple layers of Security.
-> When you create a vpc, a route table is created by default and we need to manually create subnets and internet gateway and also allows you to carve out a portion of Aws cloud
Aws cloud -> Region -> VPC -> Availability Zones -> Subnets
-> Vpc’s belong to a single Aws region and can span multiple availability zones.
-> After the creation of vpc they are divided into subnets, which belong to a single availability zone and classified as either public or Private.
-> When you create a vpc an IPv4 CIDR block is assigned to it to mention its IP address once created we cannot change the address range. (Largest-16, smallest CIDR block-28).
-> The CIDR blocks of subnets cannot Overlap.
-> There is a possibility for having the Size of the CIDR block of a Subnet Same as the size of the CIDR block of a vpc.
-> For each CIDR block assigned for each Specific Subnet Aws reserves five IP addresses within the block that aren’t available to use:
1. First -> Network Address
2. Second -> Local routing & internal communication
3. Third -> Domain name system(DNS) resolution
4. Fourth -> Future use
5. Fifth -> Network broadcast address
Public IP Address Types
1. Manually assigned through an Elastic IP address
2. Automatically assigned through auto-assign public IP address settings at the subnet level.
3. An elastic IP address is a static public IPv4 address and can be allocated, and remapped into our network system.
-> A route table contains a set of rules (routes that you can configure to direct network traffic from your Subnet)
-> Each subnet must be associated with a route table that Species a destination, and has a local route by default in VPc
-> A Subnet can be associated with only one route table, but multiple subnets can be associated with a single same route table
Internet Gateway
-> It is a Scalable, redundant, and highly available vpc Component that allows communication between instances of your vpc and the public internet
1. To provide a target in our vpc route table for internet traffic.
2. To perform network address Translation for instances that were assigned public IPv4 addresses.
-> To make a Subnet public, we need to attach an internet gateway to our vpc and add a route entry to the route table associated with the Subnet.
-> An NAT (network address Translation) gateway enables instances in a private subnet to connect to the internet / AWS services.
-> To create a NAT gateway we must specify the public Subnet. in which the NAT gateway should live and also specify an elastic IP address to associate with the NAT gateway and then update, the route table.
-> NAT gateway provides better availability, higher bandwidth, and less administrative effort.
VPC Sharing
-> It enables customers to share Subnets with other Aws accounts in some organizations and also enables multiple Aws accounts to create their application resources.
VPC Peering
-> This connection enables us to privately route traffic between two VPCs.
-> Instances in either vpc can communicate with each other as if they are on the Same network.
-> For vpc peering you can connect multiple vpcs in your own Aws account, between Aws accounts (or) between Aws regions.
–> There are some restrictions like:
1. IP spaces cannot overlap
2. Transitive Peering is not Supported.
3. you can only have peering resources between the Same two vpc’s
Aws Direct Connect
-> It enables you to establish a dedicated private connection between your network and one of the direct connect locations. It can increase bandwidth, and throughput and provide a more consistent network experience than internet-based VPN connections.
-> A vpc endpoint is a virtual device that enables you to Privately connect your vpc to these supported Aws Services and there are two types:
1. Gateway and endpoints
2. Interface endpoints
Aws Transit Gateway
-> It is a network transit, Hub that you use to interconnect your virtual private clouds and also connect the on-premises network
-> Only Amazon S3 and Amazon dynomoDB Support vpc gateway endpoints remaining all use vpc interface endpoints.
VPC Security
1. Security Groups
-> A Security group acts as a virtual firewall that controls inbound and outbound traffic to and from our instance. It acts at the instance level and It has only, allow rules of traffic.
-> Security groups have rules to manage instance traffic.
-> Default Security groups are Sealed Shut to inbound traffic
-> Security groups are stateful, The outbound traffic is allowed.
2. Network access control list (ACL’s)
-> These will work at the Subnet level, and control traffic in and out of the Subnet.
-> A network ACL has Separate inbound and outbound rules, and each rule can either allow or deny traffic.
-> Default networks Act’s allow all inbound & outbound ipv4 traffic and these are stateless
-> We can associate a network ACL with multiple subnets, but a subnet is associated with only one network ACL (i.e. one-one).
-> Rules are evaluated in number order before the decision to allow traffic.
Amazon Route 53
-> DNS Resolution is the process of translating an internal name to the corresponding IP address.
-> It is a highly available and Scalable DNS web Service.
-> Fully compliant with IPv4 and IPv6.
-> connects user requests to infrastructure running in Aws and outside of Aws and is mainly used to check the health of your resources
-> Features traffic flow and Enables you to register domain names
-> Amazon Route 53 is most useful when a disaster recovery method is triggered in AWS
1. Simple routing-> used in Single server environments.
2. weighted routing-> Assign weights to resource record sets to Specify the frequency.
3. Latency routing-> Help improve our global applications
4. Geolocation routing-> Route traffic based on locations of users
5. Failover routing-> Failover to a backup site if your primary site becomes unreachable.
6. Multi value answer routing-> Respond to DNS Queries with up to eight healthy records Selected at random.
Amazon Route 53 DNS Failover
-> Configuring backup and failover Scenarios for our applications.
-> Enabling highly available multi-region architecture on Aws
-> Creating health checks
Amazon Cloud Front
-> It is a fast content delivery Service that securely delivers data to customers at high transfer speeds
-> cloud front delivers files to users over a global network of edge locations and regional edge caches
-> It is a Self-Service offering with pay-as-you-go pricing
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Congratulations! You’ve mastered the art of building secure and efficient networking architectures within the AWS cloud. This knowledge empowers you to deliver content seamlessly and optimize network performance for your cloud applications.
Leave a comment below with any questions or cloud computing concepts you’d like to explore further!
In the next module, Module 6: Compute, we’ll delve deeper into the world of AWS compute services. Get ready to explore various compute options and strategies for running your applications on the cloud!
Episode 4: https://medium.com/@harshithavineni81/mastering-the-cloud-module-4-aws-cloud-security-7bb5d40793bd
Episode 6: https://medium.com/@harshithavineni81/mastering-the-cloud-module-6-compute-f8d5e66484bf
