Please enable JavaScript.
Coggle requires JavaScript to display documents.
Networking - VPC - Coggle Diagram
Networking - VPC
VPC - Virtual Private Cloud
min-max size /28 -> /16 (16 -> 65536) IP
only private IPv4 ranges are allowed
soft limit 5 VPCs per region
Subnet
AWS reserve 5 IP address
(first 4 & last 1)
Internet Gateway (IGW)
Allows resources in a VPC connect to the Internet
Scales horizontally and is highly available and redundant
One VPC can only be attached to one IGW
Bastion hosts
use to SSH into our private EC2 instances
bastion is in the public subnet which is the connected to all other private subnets
Restricted in port 22 CIDR inbound
NAT instance (
outdated
)
Allow EC2 instances in private subnets to connect to the internet
Must be launched in a public subnet
Must disable EC2 setting: Source/ destination Check
Route Tables
NAT gateway
Higher bandwith, high availability, no administration
Pay per hour for usage and bandwith
NACL (Network Access Control List)
Like a firewall which control traffic from subnets
One NACL per subnets
NACL are great way of blocking a specific IP address at the subnet level
Default NACL
Accept every thing inbound/outbound
Ephemeral ports
A port from client expected receive response when connect to server
VPC Peering
Private connect two VPCs using AWS network
Make them behave as if they were in the same network
Must not
overlapping CIRDs
Not
transitive
VPC Endpoint
Way to connect to another AWS services privately
Types
Interface endpoint
Provision an ENI (private IP address)
Support most AWS services
cost per hour + per GB data processed
Preferable if use for on-premises
Gateway endpoint
Provision a gateway and used as target at route table
Support both S3 and DynamoDB
Free
VPC Flow logs
Capture information about IP traffic going to your interfaces
monitering and troubleshooting
Can query with Athena on S3 or CloudWatch Logs Insights
Basic knowledges
CIDR (EX: 10.0.0.0/24)
Public IP
Private IP
10.0.0.0/8 for big networks
172.16.0.0/12
AWS default VPC range
192.168.0.0/16 home networks
Site to site VPN
VGW (VIrtual Private Gatefway)
CGW (Customer Gatewat)
on premises
CloudHub
Direct Connect (DX)