AWS Networking Basics

AWS Networking is complex. The AWS Networking and Content Delivery page lists 19 products grouped into 5 categories. As with so much of AWS, it can be hard to navigate.

VPC

You have a default VPC

CIDR Ranges

CIDR classless

Private IP address ranges

IPv4 /16 to /28

IPv6 /56

10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

Conflicting IP address ranges should be avoided

RFC1918 https://datatracker.ietf.org/doc/html/rfc1918

Subnet

Each AWS region has availability zones

Availability zones are separate risk domains

You need a subnet for each availability zone

Can have multiple subnets in an AZ

Public subnet instances have private and public IP address

Has a route to an internet gateway

Private subnet instance only have private IP address

Elastic IP

Static IPv4 address designed for dynamic cloud computing

Dynamically assigned

Can be associated with an instance or network interface

Can be remapped to another instance in your account

Connecting to the Internet

Internet Gateway

2-way connection point between VPC and internet

1 per VPC

NAT gateway

NAT service

1-way connection point that allows outbound network traffic

Can NAT between subnets

Route Table

Each subnet has a route table

Route tables contain rules for which packets go where

You VPC

Destination Target
/8 Local
0.0.0.0/0 igw_id
Destination Target
/8 Local
0.0.0.0/0 nat_gw_id

Network Security

Security Groups

Distributed firewall

Operates at instance level

Supports allow rules only

Automatically allows return traffic to requests

Network Access Control List

Operates at subnet level

Supports allow and deny rules

Doesn’t automatically allow return traffic to requests

Should be used sparingly

VPC Flow Logs

Record format

Interface source IP destination IP source port destination port bytes condition

Connecting VPCs

VPC Peering

Connects source VPC with destination VPC

Doesn’t automatically connect all subnets

Routing is done through route tables

Transit Gateway

Connects multiple VPCs in the same region

Allows routing

VPC Sharing

Subnets in VPC can be shared with another AWS account

VPC Endpoints

Gateway VPC Endpoints

Used to reach Amazon S3 and DynamoDb from within your VPC

Interface VPC Endpoints

Used to reach other AWS services from within your VPC

Appears as if the service is within your VPC

AWS PrivateLink

Can be used to share your service with other VPCs

They connect to a local IP address that goes to your VPC endpoint




    Enjoy Reading This Article?

    Here are some more articles you might like to read next:

  • 2024 in Film
  • 2024 in Books
  • The Inflection Point of the Exponential Function
  • 2023 in Film
  • Blogging for 4 Years