AWS Networking Services

AWS VPC and Networking Quick Notes (Numbers)

  1. NAT Gateways can auto scale upto 10 Gbps.

  2. Flow logs per single network interface, single subnet, or single VPC in a region = 2

  3. VPCs per region = 5

  4. Elastic IP addresses per region = 5

  5. Egress-only Internet gateways per region = 5

  6. Internet gateways per region = 5

Amazon VPC Default Limits

These are only the defaults. Many of these can be changed by contacting AWS or other ways. Refer to the reference link for details.

 

  1. Flow logs per single network interface, single subnet, or single VPC in a region = 2

  2. VPCs per region = 5

  3. Elastic IP addresses per region = 5

  4. Egress-only Internet gateways per region = 5

[Lab] VPC Security with Network ACLs

This is a continuation of the previous VPC lab.

 

Steps:

  1. Go to VPC Dashboard and click on Network ACLs tab.

  2. Verify current Network ACLs and all inbound and outbound rules.

  3. Create New Network ACL

    1. Provide a name (e.g. BuddyACL) and select our VPC.

    2. Click Create

VPC Security - Security Groups vs. Network Access Control Lists (ACLs)

Amazon VPC provides following features to increase and monitor the security for your VPC:

  1. Security groups - Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level.

  2. Network access control lists (ACLs) - Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level.

[Lab] Amazon VPC - Using NAT Instance & NAT Gateway

This is a continuation to the lab ‘Creating and Using Amazon VPC – Part 1’. We will use NAT instance and NAT gateway to allow the private server to access internet in a secure way.

 

Steps:

  1. Launch a new EC2 instance as NAT instance

    1. Select an AMI with NAT configuration (e.g. one that starts with amzn-ami-vpc-nat from community AMIs).

    2. Select our VPV and select our public subnet.

Network Address translation (NAT) in Amazon VPC

NAT is a method of remapping one IP address space into another. Advanced NAT implementations feature IP masquerading, which allows to share one Internet-routable IP address of a NAT gateway for an entire private network. In AWS, you can either use a NAT instance or a NAT gateway.

[Lab] Amazon VPC – Public and Private Subnets

We will create a VPC with a public and private subnet and try accessing them both from internet. We will be creating the VPC without using the Wizard available.

 

Steps:

  1. Log in to the AWS console and go to VPC dashboard.

  2. Go to ‘Your VPCs’ and click on ‘Create VPC’

    1. Provide a name (e.g. BuddyVPC), CIDR (e.g. 10.0.0.0/16) and select ‘Default’ Tenancy.

Amazon VPC Use Cases Summary from AWS website

  1. Host a simple, public-facing website

    1. Can create security group rules which allow the webserver to respond to inbound HTTP and SSL requests from the Internet while simultaneously prohibiting the webserver from initiating outbound connections to the Internet.

    2. Can select "VPC with a Single Public Subnet Only".

  2. Host multi-tier web applications

Amazon Virtual Private Cloud (VPC) Overview

Amazon VPC lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define.  You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC.

VPC Prerequisites - Networking Basics Part 2

We will see topics such as DMZ, jump server, bastion host, NAT etc.

 

Pages