WS7 - Cloud Amazon AWS -

Networking and Content Delivery

Module: Cybersecurity for Business and Cloud

Management
Session Learning Objectives

Session Learning Objectives:

❑Describe Amazon Virtual Private Cloud (VPC).

❑Discuss VPC security.

❑Demonstrate Amazon Route 53

❑Implement Amazon CloudFront.

2
Amazon Virtual Private Cloud
What is Amazon Virtual Private Cloud?

❑ Resembles a traditional network that you would

normally operate in your own data centre.

❑ Offers full control over your virtual networking

environment, including resource placement,
connectivity, and security.

Source :
https://docs.aws.amazon.com/vpc/latest/userguide/what
-is-amazon-vpc.html
3
Features of Amazon Virtual Private Cloud

What are features of Amazon Virtual Private Cloud?

❑ Virtual private clouds (VPC) – After you create VPC, you can add subnets.

❑ Subnets - A subnet is a range of IP addresses in your VPC.

❑ IP addressing - You can assign IP addresses, both IPv4 and IPv6, to your VPCs and subnets.

❑ Gateways and endpoints - A gateway connects your VPC to another network.

VPN Connections - Connect your VPCs to your on-premises networks using AWS Virtual
Private Network (AWS VPN). 4
Features of Amazon Virtual Private Cloud

Other features of Amazon Virtual Private Cloud?

Routing - Use route tables to determine where network traffic from your subnet or gateway is directed.

Peering connections - Use a VPC peering connection to route traffic between the resources in two VPCs.

Transit gateways - Use a transit gateway, which acts as a central hub, to route traffic between your VPCs, VPN
connections, and AWS Direct Connect connections.

VPC Flow Logs - A flow log captures information about the IP traffic going to and from network interfaces in your
VPC.

VPN Connections - Connect your VPCs to your on-premises networks using AWS Virtual
Private Network (AWS VPN). 5
How Amazon Virtual Private Cloud works
❑ Get started by setting up your VPC in the AWS service console. How does it work?
❑ Next, add resources to it such as Amazon Elastic Compute
Cloud (EC2) and Amazon Relational Database Service (RDS)
instances.
❑
❑ Finally, define how your VPCs communicate with each other
across accounts, Availability Zones, or AWS Regions.

❑ In the example below, network traffic is being shared between

two VPCs within each Region.

❑ VPCs can communicate with each other across accounts,

Availability Zones, and AWS Regions.

❑ This diagram shows one possible configuration where, within

Region 1, network traffic is shared between a VPC in availability
zone 1 and a VPC in availability zone 2. The same architecture
is shown for Region 2. The VPCs in Regions 1 and 2 are not
able to connect to one another in this example.

6
VPC security
What Is AWS VPC Security ?
❑ AWS VPC security protects critical VPC resources using a variety of methods.
❑ It is essential to maintain VPC security in order to protect cloud resources from unauthorised access, attacks,
etc.
❑ VPC Security is the responsibility of both AWS and the customer.

It uses different methods to implement VPC security in AWS.

▪ VPC Data Protection.

▪ Identity and access management for VPC.

▪ Infrastructure security.

▪ Traffic control using security groups and network ACLs.

▪ Compliance validation.

7
Steps to implement VPC security

Step 1: Data Protection

❑ To implement data protection in VPC, AWS recommends the following practices:

❑ Credentials for AWS accounts must be in standard format, and separate users should be created in
IAM.

❑ Permissions should be set according to the user role of each user.

❑ SSL and TLS certificates must be used in order to connect with AWS resources.

❑ Logging must be implemented for APIs.

❑ You must use encryption in conjunction with default solutions.

8
Steps to implement VPC security
Step 2: Identity and Access Management (IAM) for VPC
❑ Use account types based on work performed in AWS Create user groups for assigning permissions to the
VPC. For example, following accounts can be set of users so that each user is able to access only
created. those resources that are required for their work
providing abstraction to other resources and services.
▪ Service User.
This allows a secure way to access the resources in
▪ Service Administrator. VPC.

▪ IAM Administrator. Different Roles can be assigned to users based on

their work profile to limit the access to resources in
❑ Use different Identities in IAM based on work role. VPC.
Different identities can be created, and they can
access the portal using the AWS access portal, Some Examples of access can be:
Single Sign On, and Third-Party clients.
▪ Federated user access.
▪ Temporary IAM user permissions.
▪ Cross-account access.
▪ Cross-service access. 9
Steps to implement VPC security
Step 3: Infrastructure Security for VPC
❑AWS VPC is isolated from public access unless a public gateway is configured for
access.

❑AWS also allows the creation of Subnets for creating isolation within the resources of
similar types or projects. This protects resources from invalid access or intra-access
threats.

▪ Step 4 : Traffic control using security groups and network ACLs.

▪ Step 5 : Compliance validation.

10
 Amazon Route 53
What is Amazon Route 53?
❑ Amazon Route 53 is a highly available and
scalable cloud domain name system (DNS) web
service.

❑ Developers and corporations primarily use it to

route end users to Internet applications by
converting human-readable names, such as
www.geeksforgeeks.com, into the numeric IP
addresses that computers use to connect to each
other.

❑ Please note that you cannot use Amazon Route

53 to connect your on-premises network with AWS
Cloud.

11
 Functions of Amazon Route 53
What are functions of Amazon Route 53?
Functions of Amazon Route 53:

❑ If a web application requires a domain name, the

Route53 service helps register the name for the website
(i.e., the domain name).

❑ Whenever a user enters the domain name, Route53

helps connect the user to the website.

❑ It automatically directs the user to a healthy resource if

it detects any failure at any level.

❑ Amazon Route 53 is cost-effective, secure, and

scalable.

❑ Amazon Route 53 is flexible, highly available, and

reliable.

12
Benefits of Amazon Route 53

❑ Highly Reliable: Route53 is built using AWS’s highly available and reliable infrastructure.

❑ Scalable: It automatically scales the resources during large traffic and also handles large queries without the user’s
intervention.

❑ Easy to use: Very user-friendly and easy to configure DNS settings. It can start to answer your DNS queries within minutes.
Can be mapped easily to any resource.

❑ Health Check: Route 53 monitors the application's health. Before the customer can identify the problem, Route 53
automatically redirects them to a healthy resource if it detects any failure.

❑ Flexible: You can decide which policy you want to use at given time.

❑ Simple: Using routing types, Route53 helps to manage traffic globally.

❑ Cost-effective: We only charge for the services we use.

❑ Secure: By integrating it with IAM, the access to Amazon Route53 is secured by giving its permissions to only the authorized
users.
You can use it to map domain names to Amazon EC2 instances, S3 buckets, and
other AWS resources.
13
 Amazon CloudFront
What is Amazon CloudFront?
❑ Amazon CloudFront is a web service that speeds up the distribution of your static and dynamic web
content, such as.html,.css,.js, and image files, to your users.

❑ CloudFront delivers your content through a worldwide network of data centres called edge locations.

❑ CloudFront routes user requests for content to the edge location with the lowest latency (time delay),
ensuring optimal content delivery performance.

❑ If the content is already in the edge location with the lowest latency, CloudFront delivers it
immediately.

❑ If the content is not in that edge location, CloudFront retrieves it from an origin that you've defined—
such as an Amazon S3 bucket, a MediaPackage channel, or an HTTP server (for example, a web
server)—that you have identified as the source for the definitive version of your content.

14
 Amazon CloudFront
What is Amazon CloudFront (cont.)?
❑ CloudFront expedites your content distribution by routing each user request through the AWS backbone
network to the edge location that can best serve it.

❑ Typically, this is a CloudFront edge server that provides the fastest delivery to the viewer.

❑ Using the AWS network dramatically reduces the number of networks that your users' requests must
pass through, which improves performance.

❑ Users get lower latency—the time it takes to load the first byte of the file—and higher data transfer
rates.

❑ This is because multiple edge locations around the world now hold (or cache) copies of your files, also
known as objects, you also benefit from increased reliability and availability.

15
Steps to configure Amazon CloudFront
What are steps to configure Amazon CloudFront?
❑ Step 1: You specify origin servers, like an Amazon S3 bucket
or your own HTTP server, from which CloudFront gets your
files which will then be distributed from CloudFront edge
locations all over the world.

▪ An origin server stores the original, definitive version of your

objects. If you're serving content over HTTP, your origin server
is either an Amazon S3 bucket or an HTTP server, such as a
web server.

▪ Your HTTP server can run on an Amazon Elastic Compute

Cloud (Amazon EC2) instance or on a server that you manage;
these servers are also known as custom origins.

16
Steps to configure Amazon CloudFront
What are steps to configure Amazon CloudFront?

❑ Step 2: You then upload your files to your origin servers. You
can serve anything over HTTP with your files, also known as
objects, which typically include web pages, images, and media
files.

▪ If you're using an Amazon S3 bucket as an origin server, you

can make the objects in your bucket publicly readable, so that
anyone who knows the CloudFront URLs for your objects can
access them.

▪ You also have the option of keeping objects private and

controlling who accesses them.

17
Steps to configure Amazon CloudFront
What are steps to configure Amazon CloudFront?

Step 3: You create a CloudFront distribution, which tells

CloudFront which origin servers to get your files from when users
request the files through your web site or application.

▪ Simultaneously, you define specifics like logging all requests

for CloudFront and enabling the distribution immediately upon
creation.

▪ CloudFront assigns a domain name to your new distribution

that you can see in the CloudFront console, or that is returned
in the response to a programmatic request, for example, an
API request. If you like, you can add an alternate domain name
to use instead.
CloudFront sends your distribution's configuration (but not your content) to all of
its edge locations or points of presence (POPs)— collections of servers in
geographically-dispersed data centers where CloudFront caches copies of your 18

files.
Activity 1 : Group Presentation (1 hour) – AWS Management Console.

Cybera Limited is a rapidly growing business-to-business e-commerce

platform that caters to a wide range of customers in the UK. Their platform
experiences fluctuating traffic patterns due to seasonal demands and
marketing campaigns. With the increasing complexity of their
infrastructure, Cybera LTD faces challenges in monitoring and optimising
their system performance to ensure seamless user experiences. Other
concerns they have are lack of visibility, scalability concerns, and resource
optimisation.

19
How this unit links to the Employability Pyramid?

How do you relate the knowledge and skills acquired during this
workshop to your overall employability and enhance your
employability in the current job market?

3
6
Any Questions?

QUESTIONS?

21
Thank you
 References
1. aws.amazon.com(n.d.). Amazon Virtual Private Cloud Available from : https://aws.amazon.com/vpc/ (Accessed 15th April 2024).

2. docs.aws.amazon.com(n.d.). What is Amazon VPC? Available from : https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html/(Accessed 15th April

2024).

3. docs.aws.amazon.com(n.d.). What is Amazon CloudFront? Available form: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html

(Accessed 12th April 2024).

4. geeksforgeeks.org (n.d.). What Is AWS VPC Security? Available form: https://www.geeksforgeeks.org/what-is-aws-vpc-security/(Accessed 12th April 2024).

5. geeksforgeeks.org (2022). Introduction to Amazon Route53. Available form: https://www.geeksforgeeks.org/introduction-to-amazon-route53/(Accessed 12th April 2024).

6. Hiran, K.K. et al. (2019) Cloud computing Master Cloud Computing Concepts, Architecture and applications with Real-world examples and Case studies. BPB
Publications.

7. Prajapati, A., Ruiz, J.C. and Tamassia, M. (2023) AWS Cloud Computing Concepts and Tech Analogies. Packt Publishing Ltd.

23