NAT (Network Address Translation)
NAT remaps source IPs or destination IPs. (It translates private IPs to public IPs and vice versa.)
Continue reading “[AWS] VPC – NAT Gateway”
- Static NAT
- A private IP is mapped to a public IP at a 1:1 ratio. (such as Internet Gateway).
- Dynamic NAT
- A range of private IPs are dynamically mapped to one or more public IPs (Home router or NAT Gateways).
- To achieve high availably, create one dynamic NAT per AZ.
AWS Transit Gateway is used to simplify your AWS network architecture (topology) by allowing to have transitive peering between hundreds and thousands of VPC and on-premise data centers.
Continue reading “[AWS] Transit Gateway”
A VPC Endpoint is a gateway object within a VPC and can be used to connect to AWS public services without the need for Internet Gateway or a public subnet without leaving the AWS network.
Continue reading “[AWS] VPC Endpoints”
- VPC Endpoints are highly available and horizontally scalable virtual devices.
VPC Peering allows direct communication between VPCs using OSI Layer 3 (Network). Once the VPCs are connected, 2 VPCs can communicate using private IP addresses.
Continue reading “[AWS] VPC Peering”
- VPC Peers can span AWS accounts and even regions with some limitations.
- Data is encrypted and transits via the AWS global backbone.
This post deals with how to monitor VPC traffics. VPC Flow Logs can capture IP traffic information going from or to the network interfaces in a VPC.
Continue reading “[AWS] VPC – VPC Flow Logs”
VPCs can be protected with 2 layers of firewalls; One for a subnet (NACL) and another for an instance (Security Group).
Continue reading “[AWS] VPC – Security”
Internet Gateway (IGW)
Internet Gateway (IGW) is an entry point to the VPC from the public.
Continue reading “[AWS] VPC – IGW”
- IGW provides NAT (Network Address Translation) for instances that have a public IP assigned:
- Translation between public IP to Private IP
- Only 1 IGW can be attached to a VPC.
- The default VPC is already attached to an IGW.