AWS Transit Gateway is used to simplify your AWS network architecture (topology) by allowing to have transitive peering between hundreds and thousands of VPC and on-premise data centers.Continue reading “[AWS] Transit Gateway”
A VPC Endpoint is a gateway object within a VPC and can be used to connect to AWS public services without the need for Internet Gateway or a public subnet without leaving the AWS network.
- VPC Endpoints are highly available and horizontally scalable virtual devices.
VPC Peering allows direct communication between VPCs using OSI Layer 3 (Network). Once the VPCs are connected, 2 VPCs can communicate using private IP addresses.
- VPC Peers can span AWS accounts and even regions with some limitations.
- Data is encrypted and transits via the AWS global backbone.
This post deals with how to monitor VPC traffics. VPC Flow Logs can capture IP traffic information going from or to the network interfaces in a VPC.Continue reading “[AWS] VPC – VPC Flow Logs”
VPCs can be protected with 2 layers of firewalls; One for a subnet (NACL) and another for an instance (Security Group).Continue reading “[AWS] VPC – Security”
Internet Gateway (IGW)
Internet Gateway (IGW) is an entry point to the VPC from the public.
- IGW provides NAT (Network Address Translation) for instances that have a public IP assigned:
- Translation between public IP to Private IP
- Only 1 IGW can be attached to a VPC.
- The default VPC is already attached to an IGW.
- A subnet is an isolated local network confined in a single AZ.
- Different application tiers are in different subnets.
- 5 IPs are reserved for a subnet (ex. /24 network 251 IPs available)
- 0 (first) – Network, 1 – Router, 2 – DNS, 3 – Future, X (last) – Broadcast
- Subnets must be associated with a route table.
- Subnets are by default private unless created in a default VPC.
- The CIDR block of a subnet cannot overlap the CIDR blocks of other subnets in the same VPC.