Amazon Virtual Private Cloud - VPC 1

UpScale
13-10-2018
AWS Virtual Private
Cloud (VPC #1)
AWS Riyadh
User Group
Ahmad ElGohary12
@aalgohary85
ELGOHARY AHMAD
aalgohary85@gmail.com

Agenda
• AWS Saudi User Group
• Past and Coming Topics
• Networking Concepts
• AWS VPC Components
• LAB

AWS Riyadh User
Group
• AWS Registered User Group in
Riyadh, Saudi Arabia
• Founded by Ahmed Aziz
• Public Group
• 352 Members
• Connect all AWS Geeks

Past and Coming
Topics
• Storage
• S3
• Compute
• EC2
• Auto Scaling
• Networking
• VPC Session 1
• VPC Session 2
• Route 53
• API Gateway

Past and Coming
Topics Cont’d
• Databases
• RDS
• Dynamo DB
• ElastiCache
• Application Integration
• SNS
• SQS
• SWF
• Management Tools
• Cloud Formation
• Cloud Trail vs Cloud Watch

Past and Coming
Topics Cont’d
• Add-Ons
• Lambda
• Cost Optimization
• Well Architected Framework
• Having Fun with Alexa
• Chatbot
• Machine Learning

NAT and PAT
• Network address
translation (NAT) is a
method of remapping one
IP address space into
another by modifying
network address
information in the IP
header of packets while
they are in transit across a
traffic routing device.

What is Amazon
VPC?
• Amazon VPC is a logically isolated
section of AWS cloud where you
can launch AWS resources in a
virtual network that you define.
• Think of a VPC as a virtual
datacenter in the cloud.

Why do we need a
VPC?
• Control over organization
resources
• Control of security
• Control of traffic between our
services
• Control to keep differing
architectures completely
separate from each other

AWS Default VPC vs
Our VPCs
• CIDR 172.31.0.0/16.
• Reserved by AWS as a default
VPC for any account.
• Our VPC
• Stick to private network
ranges defined in RFC1918
ranges
• 10.0.0.0/8
• 172.16.0.0/12
• 192.168.0.0/16

VPC Creation
• IPv4: Block sizes must be between /16 and /28
• IPv6:
– Amazon assigns /56 IPv6 CIDR block.
– You can not choose the range for IPv6 CIDR block.
• Tenancy:
– Dedicated: Instances launched in this VPC are dedicated tenancy instances
regardless of the tenancy attributes specified at launch.
– Default: Instances launched in this VPC are use the tenancy attribute
specified at launch.

Subnet Creation
• Subnet CIDR block sizes must
be between /16 and /28.
• Subnet size can be the same
size as VPC or subset.
• For each subnet, AWS reserves
5 IPs, the first 4 and the final.
• The 3rd IP address is reserved
for a AWS DNS server that
handles all of this IP address
assignment.

Route Table
• A route table contains a set of rules, called
routes, that are used to determine where
network traffic is directed.
• Each subnet in the VPC must be associated with
a route table.
• VPC automatically comes with a main route table
that you can modify.
• By default any new subnet is associated with the
main route table.
• A subnet can only be associated with one route
table.

Route Table
Subnet
Associations

Internet Gateway
• An internet gateway is a virtual router
that connects a VPC to the internet.
• Private subnets: It can not connect to
the internet.
• Public subnets: It can connect to the
internet.
• A subnet with a Route Table that's not
connected to an internet gateway is
private.
• A subnet that's associated with a Route
Table that's connected to an internet
gateway is public.

NAT Gateways
• You can use a network address translation
(NAT) gateway to enable instances in a
private subnet to connect to the internet or
other AWS services, but prevent the
internet from initiating a connection with
those instances.
• NAT GW is created in the public subnet. It
requires Elastic IP.
• An Elastic IP address is a public IPv4
address, which is reachable from the
internet.
• A route to NAT GW is added in the private
route table.

Network Access Control Lists
• A network ACL is an optional layer of security that
acts as a firewall for controlling traffic in and out of
a subnet.
• A default ACL is created for each new VPC that
allows traffic in and out by default.
• A Network ACL can apply to many subnets, but a
subnet can only belong to one Network ACL.
• Network ACLs are stateless.

Network ACL Subnet Associations

Security Groups
• A security group acts as a
virtual firewall for your
instance to control
inbound and outbound
traffic.
• When you launch an
instance in a VPC, you can
assign up to five security
groups to the instance.
• Security Groups are
Stateful.

LAB: Building Your First Amazon VPC
• https://qwiklabs.com/focuses/359?parent=catalog
• Create an Amazon VPC
• Create public and private subnets
• Create an Internet Gateway
• Create a Route Table and add a route to the Internet
• Create a security group for your web server to only allow HTTP traffic
• Create a security group for your MySQL RDS instance to only allow
MySQL traffic from your public subnets
• Deploy a web server and a MySQL RDS instance
• Configure your application to connect to your MySQL RDS instance

References
• https://docs.aws.amazon.com/
• https://acloud.guru/
• https://start.jcolemorrison.com/aws-vpc-core-
concepts-analogy-guide/
• https://qwiklabs.com/
• http://jodies.de/ipcalc
• https://www.ultratools.com/tools/ipv6CIDRToRange

See You Next Meetup
AWS Riyadh User Group

Amazon Virtual Private Cloud - VPC 1

Recommended

More Related Content

Similar to Amazon Virtual Private Cloud - VPC 1 (20)

More from AWS Riyadh User Group (15)

Recently uploaded (20)

Amazon Virtual Private Cloud - VPC 1

Editor's Notes