Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS X Dicoding LIVE : Networking dan Security di AWS

AWS X Dicoding LIVE : Networking dan Security di AWS

Untuk kamu yang ingin mendapatkan sertifikat kehadiran dan beasiswa kelas Cloud Practitioner Essentials, silakan untuk mendaftar terlebih dahulu dengan klik "Daftar Gratis."

Tetap kembangkan skill-mu di era pandemi. Jadikan hari-harimu lebih produktif dengan asah pengetahuan dan skill di Dicoding Event. Kali ini Dicoding LIVE bersama Amazon Web Service Indonesia akan membahas tentang "Networking dan Security di AWS"

Sesi ini akan membahas mengenai konsep networking dan security di Amazon Web Services. Penasaran kan? Yuk kita cari tahu bagaimana Unicorn dan perusahaan besar mengatur keamanan AWS Virtual Private Cloud untuk menjalankan aplikasi mereka. Cari tahu juga implementasi prevention, detection dan remediation control di network security stream.

Tersedia beasiswa Cloud and Back-End Developer untuk kamu. Kuota beasiswa hingga 100.000 untuk developers dari semua kalangan (Mahasiswa, Siswa SMK, Guru SMK, Dosen, dan Umum). Isi form pendaftaran di link dicoding.id/AWSScholarship

356807ae3e55b3b72ffa70c7749a51d4?s=128

Dicoding Indonesia

March 07, 2022
Tweet

More Decks by Dicoding Indonesia

Other Decks in Education

Transcript

  1. AWS Networking 101 Albert Suwandhi

  2. Intro $ whoami AWS Community Builders, IT Lecturer at Universitas

    IBBI & Universitas Pelita Harapan, AWS Champion Authorized Instructor at SL2 Indonesia
  3. Agenda • VPC Concepts and Fundamentals • IP Addressing •

    Subnets • Routing on VPC • DNS in VPC – Amazon Route53 • Security • Connectivity Options
  4. None
  5. Virtual Private Cloud (VPC) • Define and launch AWS resources

    in a logically isolated virtual network • VPC in AWS is Regional Resources • Each region have default VPC • Limits : https://docs.aws.amazon.com/vpc/latest/userguide/amazon- vpc-limits.html
  6. IP Addressing • Avoid ranges that overlap with other networks

    to which you might connect • Recommended : RFC1918 Range • Size : /16 (Maximum) to /28 (Minimum) • Can have a dual-stack VPC by adding an IPv6 CIDR • Fixed sizes for VPC and subnets: /56 for VPC CIDR and /64 for subnets
  7. Subnets • A subnet is a range of IP addresses

    in our VPC. We can launch AWS resources, such as EC2 instances, into a specific subnet. • When we create a subnet, we specify the IPv4/IPv6 CIDR block for the subnet, which is a subset of the VPC CIDR block. • Each subnet must reside entirely within one Availability Zone and cannot span cross zones.
  8. VPC Routing • Route tables contain rules for which path

    packets go to reach the destination • Our VPC has a default route table • But, we can create and assign different route tables to different subnets
  9. None
  10. DNS in VPC

  11. DNS – Route53

  12. Hybrid DNS Resolution https://aws.amazon.com/ar chitecture/reference- architecture-diagrams/

  13. Security • Security Groups • Network ACL • Network Firewall

    • VPC Flow Logs • Traffic Mirroring
  14. Security Groups and Network ACL

  15. Security Groups vs Network ACL

  16. Network Firewall – Example Use Case https://aws.amazon.com/architecture/ reference-architecture-diagrams/

  17. VPC Connectivity Options • Internet Connectivity or NOT • Connecting

    to other VPCs : VPC Peering and Transit Gateway • Connecting to on premise networks : Site to Site VPN, Direct Connect, Client VPN
  18. Public vs Private Subnet

  19. Connecting VPCs : VPC Peering

  20. Connecting VPCs : VPC Peering and TGW

  21. Demo Videos : VPC Peering and TGW

  22. AWS Site to Site VPN

  23. AWS Direct Connect

  24. Demo Videos - VPN Connection

  25. Learn more about AWS Networking • AWS re:Invent 2017: Another

    Day, Another Billion Flows (NET405) • AWS re:Invent 2018: AWS Direct Connect: Deep Dive (NET403) • AWS re:Invent 2019: Deep dive on DNS in the hybrid cloud (NET410) • WS re:Invent 2019: [REPEAT 1] AWS Transit Gateway reference architectures for many VPCs (NET406-R1) • AWS re:Invent 2021 - Networking Foundations • AWS re:Invent 2021 - Advanced Amazon VPC Design and New Capabilities • AWS Reference Architecture : Hybrid DNS resolution with Amazon Route 53 Resolver Endpoints • AWS Reference Architecture : Traffic inspection with AWS Network Firewall • etc
  26. AWS Certifications https://aws.amazon.com/certification/

  27. Contact: albert.suwandhi@gmail.com @albertsuwandhi