Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

AWS VPC Fundamentals- Webinar

169 visualizaciones

Publicado el

Apresentação utilizada no Webinar Tech Talks de Junho

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

AWS VPC Fundamentals- Webinar

  1. 1. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Mv – Marcus Vinicius Ferreira / Claick Oliveira Solution Architect Team, Public Sector, Education Junho/2019 AWS: VPC Fundamentals VPC, Subnets, Security Groups
  2. 2. Mv – Marcus Vinicius Ferreira mvferr@amazon.com SolutionsArchitect BR, Public Sector, Education Mv
  3. 3. Claick Oliveira claicko@amazon.com SolutionsArchitect BR, Public Sector, Education Claick
  4. 4. AWS Agenda AWS VPC AWS Global Infrastructure AWS Subnets AWS Security Groups AWS VPC Best Practices AWS DevOps: CloudFormation
  5. 5. AWS VPC
  6. 6. AWS VPC: Getting Started https://aws.amazon.com/vpc/details/
  7. 7. AWS Global Infrastructure
  8. 8. AWS Global Infrastructure https://infrastructure.aws/
  9. 9. Region New Region Coming Soon Edge Location Region & Number of Availability Zones# The Global Infrastructure
  10. 10. REGION ~ 2ms latency AZa AZc AZb DC DC DC DC DCDC DC DC DC
  11. 11. AWS VPC: reference architecture 172.31.0.0/16 sa-east-1a sa-east-1b sa-east-1c
  12. 12. AWS Subnets
  13. 13. Logical Layer Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c
  14. 14. Creating your VPC 10.100.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c
  15. 15. Private Network https://en.wikipedia.org/wiki/Private_network
  16. 16. Private Network https://en.wikipedia.org/wiki/Private_network
  17. 17. Creating your VPC 10.100.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c
  18. 18. Creating your VPC 172.31.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c
  19. 19. Creating your VPC 192.168.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c
  20. 20. 172.31.11.0/24 172.31.21.0/24 172.31.31.0/24 Creating your VPC 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet sa-east-1a sa-east-1b sa-east-1c
  21. 21. 172.31.11.0/24 172.31.21.0/24 172.31.31.0/24 Creating your VPC 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet sa-east-1a sa-east-1b sa-east-1c VPC subnet VPC subnet VPC subnet 172.31.12.0/24 172.31.22.0/24 172.31.32.0/24
  22. 22. 172.31.11.0/24 172.31.21.0/24 172.31.31.0/24 Creating your VPC 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet sa-east-1a sa-east-1b sa-east-1c VPC subnet VPC subnet 172.31.13.0/24 172.31.23.0/24 172.31.33.0/24 172.31.12.0/24 172.31.22.0/24 172.31.32.0/24
  23. 23. 172.31.11.0/24 172.31.21.0/24 172.31.31.0/24 Creating your VPC 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet sa-east-1a sa-east-1b sa-east-1c VPC subnet VPC subnet 172.31.13.0/24 172.31.23.0/24 172.31.33.0/24 172.31.12.0/24 172.31.22.0/24 172.31.32.0/24
  24. 24. 172.31.11.0/24 172.31.21.0/24 172.31.31.0/24 Creating your VPC 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet sa-east-1a sa-east-1b sa-east-1c VPC subnet VPC subnet 172.31.13.0/24 172.31.23.0/24 172.31.33.0/24 172.31.12.0/24 172.31.22.0/24 172.31.32.0/24
  25. 25. VPC: Routing https://github.com/mv/mv-aws-cloudformation-coding/tree/master/templates/vpc
  26. 26. VPC: Routing: Internet 2-way https://github.com/mv/mv-aws-cloudformation-coding/tree/master/templates/vpc
  27. 27. VPC: Routing: Internet 1-way https://github.com/mv/mv-aws-cloudformation-coding/tree/master/templates/vpc
  28. 28. VPC Routing: Locally 172.31.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c Public Private DB
  29. 29. AWS Security Groups
  30. 30. Security Groups: Multi-AZ by default 172.31.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c
  31. 31. Security Groups: Grouping and Securing 172.31.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c sg-web sg-app sg-db
  32. 32. Security Groups: Grouping and Securing 172.31.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c sg-web sg-app sg-db
  33. 33. Open HTTPS port access from anywhere Open backend access to a specific security-group ID Port Range Source sg-web 443 (HTTPS) 0.0.0.0/0 ID Port Range Source sg-app 22 (SSH) sg-web Open database access to a specific security-group ID Port Range Source sg-db 3306 (MySQL) sg-app Security Groups - Examples
  34. 34. Security Groups: Grouping and Securing 172.31.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c sg-web sg-app sg-db
  35. 35. Security Groups: Multi-AZ as a feature 172.31.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c
  36. 36. AWS VPC Best Practices
  37. 37. Creating your VPC 172.31.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c
  38. 38. Creating your VPC 172.31.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c
  39. 39. Creating your VPC 172.31.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c
  40. 40. Creating your VPC 172.31.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c
  41. 41. Creating your VPC 172.31.0.0/16 Availability Zone Availability Zone Availability Zone sa-east-1a sa-east-1b sa-east-1c
  42. 42. 2.1 ELB access or Public IP access? sa-east-1a sa-east-1b sa-east-1c user access
  43. 43. 2.1 ELB access or Public IP access? sa-east-1a sa-east-1b sa-east-1c user access user access? EIP/Public IPEIP/Public IP
  44. 44. 2.2 ELB access: use Private Subnet sa-east-1a sa-east-1b sa-east-1c user access Private IPPrivate IP Bastion Host/ SSH Gateway
  45. 45. 3.1 Security Groups: problems sa-east-1a sa-east-1b sa-east-1c sgPrivate
  46. 46. 3.1 Security Groups: problems sa-east-1a sa-east-1b sa-east-1c
  47. 47. Highly-Available Architecture Access: via NAT Availability Zone 1 Availability Zone 2 Amazon S3 User Amazon CloudFront Amazon Route 53 Internet Gateway Public Subnet Private Subnet Public Subnet Private Subnet Private Subnet Private Subnet Private Subnet Private Subnet RDS Read Replica RDS Read Replica RDS Read Master RDS Standby Static Assets Public load balancer Private load balancer NAT
  48. 48. Highly-Available Architecture Access: via VPN Availability Zone 1 Availability Zone 2 Amazon S3 User Amazon CloudFront Amazon Route 53 Internet Gateway Public Subnet Private Subnet Public Subnet Private Subnet Private Subnet Private Subnet Private Subnet Private Subnet RDS Read Replica RDS Read Replica RDS Read Master RDS Standby Static Assets Public load balancer Private load balancer VPN NAT
  49. 49. AWS DevOps: Cloudformation
  50. 50. Infrastructure Management
  51. 51. Cloudformation
  52. 52. DevOps: What is AWS CloudFormation? Declarative programming language for deploying AWS resources. Uses templates and stacks to provision resources. Create, update, and delete a set of resources as a single unit (stack). Create/delete AWS CloudFormation Create/delete AWS resources Template Stack - Basic definition of resources to create - JSON text file - Collection of AWS resources
  53. 53. Example Environment Templates Dev Apps Stack Dev Base Stack Test Apps Stack Test Base Stack Private Subnet App tier Private Subnet DB tier Master Public Subnet Private Subnet Web tier Private Subnet App tier Private Subnet DB tier NAT Master AMIs Amazon EBS snapshots Internet Gateway Internet Gateway Development Account Production Account Private Subnet Web tier NAT Public Subnet
  54. 54. Many Environments Development QA 1 QA 2
  55. 55. VPC: Cloudformation example https://github.com/mv/mv-aws-cloudformation-coding/blob/master/templates/vpc/vpc-3-az.cloudformation.yml
  56. 56. S U M M I T São Paulo https://www.cvent.com/events/aws-summit-sao-paulo/registration-89802b17e4ab403db6baeed7ba5917cc.aspx?lang=pt- BR&fqp=true&refid=sp_summit_2019
  57. 57. Questions? Mv – mvferr@amazon.com Claick – claicko@amazon.com
  58. 58. Obrigado! Mv – mvferr@amazon.com Claick – claicko@amazon.com

×