AWS X Dicoding LIVE : Networking dan Security di AWS

Slide 1

Slide 1 text

AWS Networking 101 Albert Suwandhi

Slide 2

Slide 2 text

Intro $ whoami AWS Community Builders, IT Lecturer at Universitas IBBI & Universitas Pelita Harapan, AWS Champion Authorized Instructor at SL2 Indonesia

Slide 3

Slide 3 text

Agenda ● VPC Concepts and Fundamentals ● IP Addressing ● Subnets ● Routing on VPC ● DNS in VPC – Amazon Route53 ● Security ● Connectivity Options

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

Virtual Private Cloud (VPC) • Define and launch AWS resources in a logically isolated virtual network • VPC in AWS is Regional Resources • Each region have default VPC • Limits : https://docs.aws.amazon.com/vpc/latest/userguide/amazon- vpc-limits.html

Slide 6

Slide 6 text

IP Addressing • Avoid ranges that overlap with other networks to which you might connect • Recommended : RFC1918 Range • Size : /16 (Maximum) to /28 (Minimum) • Can have a dual-stack VPC by adding an IPv6 CIDR • Fixed sizes for VPC and subnets: /56 for VPC CIDR and /64 for subnets

Slide 7

Slide 7 text

Subnets • A subnet is a range of IP addresses in our VPC. We can launch AWS resources, such as EC2 instances, into a specific subnet. • When we create a subnet, we specify the IPv4/IPv6 CIDR block for the subnet, which is a subset of the VPC CIDR block. • Each subnet must reside entirely within one Availability Zone and cannot span cross zones.

Slide 8

Slide 8 text

VPC Routing • Route tables contain rules for which path packets go to reach the destination • Our VPC has a default route table • But, we can create and assign different route tables to different subnets

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

DNS in VPC

Slide 11

Slide 11 text

DNS – Route53

Slide 12

Slide 12 text

Hybrid DNS Resolution https://aws.amazon.com/ar chitecture/reference- architecture-diagrams/

Slide 13

Slide 13 text

Security • Security Groups • Network ACL • Network Firewall • VPC Flow Logs • Traffic Mirroring

Slide 14

Slide 14 text

Security Groups and Network ACL

Slide 15

Slide 15 text

Security Groups vs Network ACL

Slide 16

Slide 16 text

Network Firewall – Example Use Case https://aws.amazon.com/architecture/ reference-architecture-diagrams/

Slide 17

Slide 17 text

VPC Connectivity Options • Internet Connectivity or NOT • Connecting to other VPCs : VPC Peering and Transit Gateway • Connecting to on premise networks : Site to Site VPN, Direct Connect, Client VPN

Slide 18

Slide 18 text

Public vs Private Subnet

Slide 19

Slide 19 text

Connecting VPCs : VPC Peering

Slide 20

Slide 20 text

Connecting VPCs : VPC Peering and TGW

Slide 21

Slide 21 text

Demo Videos : VPC Peering and TGW

Slide 22

Slide 22 text

AWS Site to Site VPN

Slide 23

Slide 23 text

AWS Direct Connect

Slide 24

Slide 24 text

Demo Videos - VPN Connection

Slide 25

Slide 25 text

Learn more about AWS Networking ● AWS re:Invent 2017: Another Day, Another Billion Flows (NET405) ● AWS re:Invent 2018: AWS Direct Connect: Deep Dive (NET403) ● AWS re:Invent 2019: Deep dive on DNS in the hybrid cloud (NET410) ● WS re:Invent 2019: [REPEAT 1] AWS Transit Gateway reference architectures for many VPCs (NET406-R1) ● AWS re:Invent 2021 - Networking Foundations ● AWS re:Invent 2021 - Advanced Amazon VPC Design and New Capabilities ● AWS Reference Architecture : Hybrid DNS resolution with Amazon Route 53 Resolver Endpoints ● AWS Reference Architecture : Traffic inspection with AWS Network Firewall ● etc