AWS X Dicoding LIVE : Networking dan Security di AWS

Transcript

1. AWS Networking 101 Albert Suwandhi

2. Intro $ whoami AWS Community Builders, IT Lecturer at Universitas

   IBBI & Universitas Pelita Harapan, AWS Champion Authorized Instructor at SL2 Indonesia

3. Agenda • VPC Concepts and Fundamentals • IP Addressing •

   Subnets • Routing on VPC • DNS in VPC – Amazon Route53 • Security • Connectivity Options
4. None

5. Virtual Private Cloud (VPC) • Define and launch AWS resources

   in a logically isolated virtual network • VPC in AWS is Regional Resources • Each region have default VPC • Limits : https://docs.aws.amazon.com/vpc/latest/userguide/amazon- vpc-limits.html

6. IP Addressing • Avoid ranges that overlap with other networks

   to which you might connect • Recommended : RFC1918 Range • Size : /16 (Maximum) to /28 (Minimum) • Can have a dual-stack VPC by adding an IPv6 CIDR • Fixed sizes for VPC and subnets: /56 for VPC CIDR and /64 for subnets

7. Subnets • A subnet is a range of IP addresses

   in our VPC. We can launch AWS resources, such as EC2 instances, into a specific subnet. • When we create a subnet, we specify the IPv4/IPv6 CIDR block for the subnet, which is a subset of the VPC CIDR block. • Each subnet must reside entirely within one Availability Zone and cannot span cross zones.

8. VPC Routing • Route tables contain rules for which path

   packets go to reach the destination • Our VPC has a default route table • But, we can create and assign different route tables to different subnets
9. None

10. DNS in VPC

11. DNS – Route53

12. Hybrid DNS Resolution https://aws.amazon.com/ar chitecture/reference- architecture-diagrams/

13. Security • Security Groups • Network ACL • Network Firewall

    • VPC Flow Logs • Traffic Mirroring

14. Security Groups and Network ACL

15. Security Groups vs Network ACL

16. Network Firewall – Example Use Case https://aws.amazon.com/architecture/ reference-architecture-diagrams/

17. VPC Connectivity Options • Internet Connectivity or NOT • Connecting

    to other VPCs : VPC Peering and Transit Gateway • Connecting to on premise networks : Site to Site VPN, Direct Connect, Client VPN

18. Public vs Private Subnet

19. Connecting VPCs : VPC Peering

20. Connecting VPCs : VPC Peering and TGW

21. Demo Videos : VPC Peering and TGW

22. AWS Site to Site VPN

23. AWS Direct Connect

24. Demo Videos - VPN Connection

25. Learn more about AWS Networking • AWS re:Invent 2017: Another

    Day, Another Billion Flows (NET405) • AWS re:Invent 2018: AWS Direct Connect: Deep Dive (NET403) • AWS re:Invent 2019: Deep dive on DNS in the hybrid cloud (NET410) • WS re:Invent 2019: [REPEAT 1] AWS Transit Gateway reference architectures for many VPCs (NET406-R1) • AWS re:Invent 2021 - Networking Foundations • AWS re:Invent 2021 - Advanced Amazon VPC Design and New Capabilities • AWS Reference Architecture : Hybrid DNS resolution with Amazon Route 53 Resolver Endpoints • AWS Reference Architecture : Traffic inspection with AWS Network Firewall • etc

26. AWS Certifications https://aws.amazon.com/certification/

27. Contact: [email protected] @albertsuwandhi