AWS Networking

AWS VPC (Virtual Private Cloud)

Amazon VPC is a logically isolated network in the AWS Cloud where you can launch and manage AWS resources securely. It gives you full control over network configurations, such as IP address ranges, subnets, route tables, and security settings.

---

Subnets in AWS VPC

1. Public Subnets:

   • Definition: Subnets with a route to the internet through an Internet Gateway (IGW).

   • Purpose: Hosts resources like web servers that need direct access to or from the internet.

2. Private Subnets:

   • Definition: Subnets without direct internet access, often used for backend systems.

   • Purpose: Hosts resources like databases or internal services that require higher security and don’t need public access.

   • Access: Resources in private subnets can access the internet via a NAT Gateway if needed.

---

How to Connect to a VPC

AWS offers multiple ways to connect to a VPC, depending on your use case:

1. Internet Gateway (IGW):

   • Enables internet access for resources in public subnets.

   • Ideal for web servers or applications needing public-facing connectivity.

2. Site-to-Site VPN:

   • A secure connection between your on-premises network and your AWS VPC using encrypted tunnels over the public internet.

   • Suitable for hybrid cloud setups & connecting the private subnets

3. AWS Direct Connect:

   • Provides a dedicated, private connection between your on-premises network and AWS.

   • Offers lower latency and higher bandwidth compared to Site-to-Site VPN.

   • Best for high-performance or compliance-sensitive workloads.

---

Security Group & Network ACLs

Security Group

• Definition: A stateful virtual firewall that controls inbound and outbound traffic for AWS resources, such as EC2 instances.

• Key Points:

  • Applied to individual resources (e.g., EC2 instances).

  • Allows only specified traffic (implicit deny for all else).

  • Automatically allows return traffic for inbound rules (stateful).

---

Network ACL (NACL)

• Definition: A stateless firewall that controls inbound and outbound traffic at the subnet level.

• Key Points:

  • Applied at the subnet level, affecting all resources within it.

  • Rules must explicitly allow both request and response traffic (stateless).

  • Evaluates rules in numerical order and stops at the first match.

Key Difference: Security Groups operate at the resource level and are stateful, while Network ACLs work at the subnet level and are stateless.

---

Route53

Amazon Route 53 is a scalable and highly available Domain Name System (DNS) and domain registration service provided by AWS. It routes user requests to applications hosted on AWS or elsewhere on the internet, ensuring low-latency and fault-tolerant access.

---

Key Features of Amazon Route 53

1. Domain Registration:

   • Allows you to register and manage domain names directly within AWS.

2. DNS Management:

   • Translates human-readable domain names (e.g., example.com) into IP addresses required for web servers and applications.

3. Routing Policies:

   • Supports multiple routing policies, including Simple, Weighted, Latency-Based, Geo-Location, Multi-Value Answer, and Failover routing.

4. Health Checks and Monitoring:

   • Continuously monitors endpoints to route traffic to healthy resources automatically.

5. Highly Available and Scalable:

   • Designed for 100% availability, offering a reliable and globally distributed infrastructure.

6. Integration with AWS Services:

   • Works seamlessly with services like EC2, S3, CloudFront, and Elastic Load Balancer to direct traffic efficiently.