- Overview
- Architecture
- Internet Gateway/Virtual Private Gateway > Router > Route Table > Network ACL > Security Group > Instance (public or private subnet)
- The VPC CIDR will range from a /16 to /28
- Default VPC and Custom VPC
- All subnets in default VPC have a route to the internet
- Each EC2 instance in a default VPC has a public and private IP address
- VPC Peering – Allows you to connect one VPC to another VPC via a direct network route using private addresses
- Instances behave as if they were on the same private network
- You can peer VPCs in the same account, between regions, and other AWS accounts
- Peering is in a star configuration with one central VPC which peers with four others (no transitive peering)
- Architecture
- VPC Flow Logs – A feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs. After you’ve created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs.
- Created at the following three levels
- VPC, subnet, network interface
- Created at the following three levels
- Bastion Host – A bastion station is used to securely administer EC2 instances using SSH or RDP. Also called a jump box.
- Direct Connect – Useful for high throughput workloads or if you need a stable and reliable secure connection
- Global Accelerator – A service in which you create accelerators to improve availability and performance of your applications for local and global users. Global Accelerator directs traffic to optimal endpoints over the AWS global network. This improves the availability and performance of your internet applications that are used by a global audience. You are assigned two static IP addresses (or alternatively you can bring your own). You can control traffic using traffic dials (this is done within the endpoint group)
- By default, Global Accelerator provides you with two static IP addresses that you associate with your accelerator. Alternatively, you can bring your own.
- Accelerator – Directs traffic to optimal endpoints over the AWS global network to improve the availability and performance of your internet applications. Each accelerator includes one or more listeners.
- DNS Name – Global accelerator assigns each accelerator a default DNS name that points to the static IP addresses that Global Accelerator assigns to you
- Network Zone – A network zone services the static IP addresses for your accelerator from a unique IP subnet. Similar to an AWS availability zone, a network zone is an isolated unit with its own set of physical infrastructure
- Listener – A listener processes inbound connections from clients to Global Accelerator, based on the port (or port range) and protocol that you configure. Global Accelerator supports both TCP and UDP protocols. Each listener has one or more endpoint groups associated with it, and traffic is forwarded to endpoints in one of the groups. You associate endpoint groups with listeners by specifying the regions that you want to distribute traffic to. Traffic is distributed to optimal endpoints withing the endpoint groups associated with a listener.
- Endpoint Group – Each endpoint group is associated with a specific region. Endpoint groups include one or more endpoints in the region. You can increase or reduce the percentage of traffic that would be other directed to an endpoint group by adjusting a setting called a traffic dial.
- Endpoint – Endpoints can be network load balancers, EC2 instances, or Elastic IP addresses
- VPC Endpoint – A VPC Endpoint enables you to privately connect your VPC to supported AWS services and VPC Endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.
- Interface Endpoints – An ENI with a private IP address that serves as an entry point for traffic destined to a supported service
- Gateway Endpoints
-
Recent Posts
Categories
- Amazon CloudWatch
- Amazon Elastic Compute Cloud
- Amazon Virtual Private Cloud
- Amazon Web Services
- Ansible
- Apache
- Architecture
- Automation
- AWS Command Line Interface
- AWS Identity and Access Management
- Backups
- Barracuda Networks
- BIND
- BIOS
- Brocade
- Certification
- Cisco
- Cisco Unified Computing System
- Dell
- Dell Compellent
- Dell Lifecycle Controller
- Dell OpenManage Essentials 2.1
- Dell PowerEdge R630
- Distributed File System
- Documentation
- Domain Name System
- Dynamic Host Configuration Protocol
- EIGRP
- Fibre Channel
- File Services
- GitHub
- IEEE 802.1q
- Integrated Dell Remote Access Controller 8
- Intel
- Internet Information Services
- iSCSI
- Linksys
- Linktree
- Linux
- Microsoft Active Directory
- Microsoft Deployment Toolkit 2013
- Microsoft Exchange Management Shell
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Failover Clustering
- Microsoft Group Policy Object
- Microsoft Hyper-V
- Microsoft Office 365
- Microsoft Windows 10
- Microsoft Windows Command Prompt
- Microsoft Windows PowerShell
- Microsoft Windows Server 2016
- Microsoft Windows Storage Server 2012
- Migration
- Multipath I/O
- Network
- Network Time Protocol
- Notepad++
- OSPF
- Python
- Red Hat Enterprise Linux 7
- RIP
- Scripting
- Service Account
- Services
- Storage Area Network
- Symantec Backup Exec 2012
- Symantec Endpoint Protection
- Technical Utilities
- Telnet
- Terraform
- Ubuntu
- Uncategorized
- Virtualization
- VLANS and Trunking
- VMware
- VMware ESXi 5.5
- VMware ESXi 6.0
- VMware ESXi 6.5
- VMware ESXi 6.7
- VMware PowerCLI
- VMware vCenter Converter
- VMware vCenter Server 5.0
- VMware vCenter Server 6
- VMware vCenter Server 6.0
- VMware vCenter Server 6.5
- VMware vCenter Server 6.7
- VMware vSphere 5.0
- VMware vSphere 6.0
- VMware vSphere 6.5
- VMware vSphere Update Manager 6.0
- VMware Workstation 11
- Windows Server 2019
- Windows Server Update Services
- Wireless Networking
Archives
- April 2023
- June 2022
- March 2022
- February 2022
- November 2020
- September 2020
- July 2020
- May 2020
- April 2020
- March 2020
- January 2020
- November 2019
- October 2019
- September 2019
- June 2019
- May 2019
- April 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- November 2017
- September 2017
- July 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- December 2015
- November 2015
- October 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- January 2015
- December 2014
- November 2014
- October 2014
- August 2014
- July 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- December 2012
- November 2012
- June 2012
- May 2012
- April 2012
Meta