SlideShare una empresa de Scribd logo

Amazon Virtual Private Cloud - VPC 1

Descargar como PPTX, PDF
AWS Riyadh User Group
AWS Riyadh User Group

Amazon Virtual Private Cloud - VPC 1

Tecnología
1 de 43
UpScale 13-10-2018 AWS Virtual Private Cloud (VPC #1) AWS Riyadh User Group Ahmad ElGohary12 @aalgohary85 ELGOHARY AHMAD aalgohary85@gmail.com
Agenda • AWS Saudi User Group • Past and Coming Topics • Networking Concepts • AWS VPC Components • LAB
AWS Riyadh User Group • AWS Registered User Group in Riyadh, Saudi Arabia • Founded by Ahmed Aziz • Public Group • 352 Members • Connect all AWS Geeks
Past and Coming Topics • Storage • S3 • Compute • EC2 • Auto Scaling • Networking • VPC Session 1 • VPC Session 2 • Route 53 • API Gateway
Past and Coming Topics Cont’d • Databases • RDS • Dynamo DB • ElastiCache • Application Integration • SNS • SQS • SWF • Management Tools • Cloud Formation • Cloud Trail vs Cloud Watch
Past and Coming Topics Cont’d • Add-Ons • Lambda • Cost Optimization • Well Architected Framework • Having Fun with Alexa • Chatbot • Machine Learning
7-Layer OSI Model
7-Layer OSI Model Cont’d
7-Layer OSI Model Cont’d
IPv4 vs IPv6
Subnetting
Subnetting Cont’d
NAT and PAT • Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.
What is Amazon VPC? • Amazon VPC is a logically isolated section of AWS cloud where you can launch AWS resources in a virtual network that you define. • Think of a VPC as a virtual datacenter in the cloud.
Why do we need a VPC? • Control over organization resources • Control of security • Control of traffic between our services • Control to keep differing architectures completely separate from each other
AWS Default VPC vs Our VPCs • CIDR 172.31.0.0/16. • Reserved by AWS as a default VPC for any account. • Our VPC • Stick to private network ranges defined in RFC1918 ranges • 10.0.0.0/8 • 172.16.0.0/12 • 192.168.0.0/16
VPC Creation • IPv4: Block sizes must be between /16 and /28 • IPv6: – Amazon assigns /56 IPv6 CIDR block. – You can not choose the range for IPv6 CIDR block. • Tenancy: – Dedicated: Instances launched in this VPC are dedicated tenancy instances regardless of the tenancy attributes specified at launch. – Default: Instances launched in this VPC are use the tenancy attribute specified at launch.
VPC Creation Cont’d
Subnet Creation • Subnet CIDR block sizes must be between /16 and /28. • Subnet size can be the same size as VPC or subset. • For each subnet, AWS reserves 5 IPs, the first 4 and the final. • The 3rd IP address is reserved for a AWS DNS server that handles all of this IP address assignment.
Subnet Creation Cont’d
Subnet Auto Assign IP
Route Table • A route table contains a set of rules, called routes, that are used to determine where network traffic is directed. • Each subnet in the VPC must be associated with a route table. • VPC automatically comes with a main route table that you can modify. • By default any new subnet is associated with the main route table. • A subnet can only be associated with one route table.
Route Table Creation
Route Table Subnet Associations
Internet Gateway • An internet gateway is a virtual router that connects a VPC to the internet. • Private subnets: It can not connect to the internet. • Public subnets: It can connect to the internet. • A subnet with a Route Table that's not connected to an internet gateway is private. • A subnet that's associated with a Route Table that's connected to an internet gateway is public.
Internet Gateway Creation
Attaching IGW to VPC
Adding Route to Internet
NAT Gateways • You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. • NAT GW is created in the public subnet. It requires Elastic IP. • An Elastic IP address is a public IPv4 address, which is reachable from the internet. • A route to NAT GW is added in the private route table.
NAT GW Creation
Network Access Control Lists • A network ACL is an optional layer of security that acts as a firewall for controlling traffic in and out of a subnet. • A default ACL is created for each new VPC that allows traffic in and out by default. • A Network ACL can apply to many subnets, but a subnet can only belong to one Network ACL. • Network ACLs are stateless.
Network ACL Creation
Network ACL Inbound Rules
Network ACL Outbound Rules
Network ACL Subnet Associations
Security Groups • A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. • When you launch an instance in a VPC, you can assign up to five security groups to the instance. • Security Groups are Stateful.
Security Group Creation
Security Group Inbound Rules
Security Group Outbound Rules
LAB: Building Your First Amazon VPC • https://qwiklabs.com/focuses/359?parent=catalog • Create an Amazon VPC • Create public and private subnets • Create an Internet Gateway • Create a Route Table and add a route to the Internet • Create a security group for your web server to only allow HTTP traffic • Create a security group for your MySQL RDS instance to only allow MySQL traffic from your public subnets • Deploy a web server and a MySQL RDS instance • Configure your application to connect to your MySQL RDS instance
References • https://docs.aws.amazon.com/ • https://acloud.guru/ • https://start.jcolemorrison.com/aws-vpc-core- concepts-analogy-guide/ • https://qwiklabs.com/ • http://jodies.de/ipcalc • https://www.ultratools.com/tools/ipv6CIDRToRange
Questions
See You Next Meetup AWS Riyadh User Group

Recomendados

Amazon relational database service (rds)
Amazon relational database service (rds)Amazon relational database service (rds)
Amazon relational database service (rds)
AWS Riyadh User Group
 
Containers on AWS
Containers on AWSContainers on AWS
Containers on AWS
AWS Riyadh User Group
 
EC2 and S3 Level 100
EC2 and S3 Level 100EC2 and S3 Level 100
EC2 and S3 Level 100
AWS Riyadh User Group
 
AWS Messaging
AWS MessagingAWS Messaging
AWS Messaging
AWS Riyadh User Group
 
Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2
AWS Riyadh User Group
 
NEW LAUNCH! Introduction to AWS X-Ray
NEW LAUNCH! Introduction to AWS X-RayNEW LAUNCH! Introduction to AWS X-Ray
NEW LAUNCH! Introduction to AWS X-Ray
Amazon Web Services
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
Amazon Web Services
 
AWS Cloudformation Session 01
AWS Cloudformation Session 01AWS Cloudformation Session 01
AWS Cloudformation Session 01
AWS Riyadh User Group
 

Recomendados

Amazon relational database service (rds)
Amazon relational database service (rds)Amazon relational database service (rds)
Amazon relational database service (rds)
AWS Riyadh User Group
 
Containers on AWS
Containers on AWSContainers on AWS
Containers on AWS
AWS Riyadh User Group
 
EC2 and S3 Level 100
EC2 and S3 Level 100EC2 and S3 Level 100
EC2 and S3 Level 100
AWS Riyadh User Group
 
AWS Messaging
AWS MessagingAWS Messaging
AWS Messaging
AWS Riyadh User Group
 
Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2Amazon Virtual Private Cloud - VPC 2
Amazon Virtual Private Cloud - VPC 2
AWS Riyadh User Group
 
NEW LAUNCH! Introduction to AWS X-Ray
NEW LAUNCH! Introduction to AWS X-RayNEW LAUNCH! Introduction to AWS X-Ray
NEW LAUNCH! Introduction to AWS X-Ray
Amazon Web Services
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
Amazon Web Services
 
AWS Cloudformation Session 01
AWS Cloudformation Session 01AWS Cloudformation Session 01
AWS Cloudformation Session 01
AWS Riyadh User Group
 
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
Amazon Web Services
 
2016 Utah Cloud Summit: AWS S3
2016 Utah Cloud Summit: AWS S32016 Utah Cloud Summit: AWS S3
2016 Utah Cloud Summit: AWS S3
1Strategy
 
Monitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECSMonitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECS
Amazon Web Services
 
Account Separation and Mandatory Access Control
Account Separation and Mandatory Access ControlAccount Separation and Mandatory Access Control
Account Separation and Mandatory Access Control
Amazon Web Services
 
2016 Utah Cloud Summit: AWS Lambda and API Gateway
2016 Utah Cloud Summit: AWS Lambda and API Gateway2016 Utah Cloud Summit: AWS Lambda and API Gateway
2016 Utah Cloud Summit: AWS Lambda and API Gateway
1Strategy
 
AWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage OptionsAWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage Options
Amazon Web Services
 
AWS VPC, ELB, Route53 and CloudFront
AWS VPC, ELB, Route53 and CloudFrontAWS VPC, ELB, Route53 and CloudFront
AWS VPC, ELB, Route53 and CloudFront
Szilveszter Molnár
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
Amazon Web Services
 
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
Amazon Web Services
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 ThreatsHackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats
Amazon Web Services
 
Getting Started with Amazon Redshift
Getting Started with Amazon RedshiftGetting Started with Amazon Redshift
Getting Started with Amazon Redshift
Amazon Web Services
 
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyDeploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Amazon Web Services
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 Threats
Amazon Web Services
 
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
Amazon Web Services
 
Architecting for Resiliency
Architecting for ResiliencyArchitecting for Resiliency
Architecting for Resiliency
Amazon Web Services
 
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
Amazon Web Services
 
Towards Full Stack Security
Towards Full Stack SecurityTowards Full Stack Security
Towards Full Stack Security
Amazon Web Services
 
2016 Utah Cloud Summit: RDS
2016 Utah Cloud Summit: RDS2016 Utah Cloud Summit: RDS
2016 Utah Cloud Summit: RDS
1Strategy
 
ENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWS
Amazon Web Services
 
AWS network services
AWS network servicesAWS network services
AWS network services
Nagesh Ramamoorthy
 
Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)
Tejoy Vachhrajani
 

Más contenido relacionado

La actualidad más candente

Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
Amazon Web Services
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 ThreatsHackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats
Amazon Web Services
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 Threats
Amazon Web Services
 
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
Amazon Web Services
 
ENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWS
Amazon Web Services
 

La actualidad más candente (20)

AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
2016 Utah Cloud Summit: AWS S3
2016 Utah Cloud Summit: AWS S32016 Utah Cloud Summit: AWS S3
2016 Utah Cloud Summit: AWS S3
 
Monitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECSMonitoring in Motion: Monitoring Containers and Amazon ECS
Monitoring in Motion: Monitoring Containers and Amazon ECS
 
Account Separation and Mandatory Access Control
Account Separation and Mandatory Access ControlAccount Separation and Mandatory Access Control
Account Separation and Mandatory Access Control
 
2016 Utah Cloud Summit: AWS Lambda and API Gateway
2016 Utah Cloud Summit: AWS Lambda and API Gateway2016 Utah Cloud Summit: AWS Lambda and API Gateway
2016 Utah Cloud Summit: AWS Lambda and API Gateway
 
AWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage OptionsAWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage Options
 
AWS VPC, ELB, Route53 and CloudFront
AWS VPC, ELB, Route53 and CloudFrontAWS VPC, ELB, Route53 and CloudFront
AWS VPC, ELB, Route53 and CloudFront
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
 
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 ThreatsHackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats
 
Getting Started with Amazon Redshift
Getting Started with Amazon RedshiftGetting Started with Amazon Redshift
Getting Started with Amazon Redshift
 
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum EfficiencyDeploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 Threats
 
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
 
Architecting for Resiliency
Architecting for ResiliencyArchitecting for Resiliency
Architecting for Resiliency
 
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
 
Towards Full Stack Security
Towards Full Stack SecurityTowards Full Stack Security
Towards Full Stack Security
 
2016 Utah Cloud Summit: RDS
2016 Utah Cloud Summit: RDS2016 Utah Cloud Summit: RDS
2016 Utah Cloud Summit: RDS
 
ENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWSENT307 VMware and AWS Together - VMware Cloud on AWS
ENT307 VMware and AWS Together - VMware Cloud on AWS
 

Similar a Amazon Virtual Private Cloud - VPC 1

High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
Amazon Web Services
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
Amazon Web Services
 
From One to Many: Evolving VPC Design
From One to Many: Evolving VPC DesignFrom One to Many: Evolving VPC Design
From One to Many: Evolving VPC Design
Amazon Web Services
 

Similar a Amazon Virtual Private Cloud - VPC 1 (20)

AWS network services
AWS network servicesAWS network services
AWS network services
 
Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)
 
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveNEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
 
AWS VPC Fundamental
AWS VPC FundamentalAWS VPC Fundamental
AWS VPC Fundamental
 
Getting Started on AWS
Getting Started on AWS Getting Started on AWS
Getting Started on AWS
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
 
Aws VPC
Aws VPCAws VPC
Aws VPC
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
 
Welcome to amazon web services setup aws vpc
Welcome to amazon web services setup aws vpcWelcome to amazon web services setup aws vpc
Welcome to amazon web services setup aws vpc
 
Pitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSPitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWS
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
 
AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic concepts
 
Productos de redes con AWS
Productos de redes con AWSProductos de redes con AWS
Productos de redes con AWS
 
From One to Many: Evolving VPC Design
From One to Many: Evolving VPC DesignFrom One to Many: Evolving VPC Design
From One to Many: Evolving VPC Design
 
Vpc (virtual private cloud)
Vpc (virtual private cloud)Vpc (virtual private cloud)
Vpc (virtual private cloud)
 
Comenzando com la nube hibrida
Comenzando com la nube hibrida Comenzando com la nube hibrida
Comenzando com la nube hibrida
 
AWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
AWS Enterprise Day | Hybrid IT with AWS: Best of Both WorldsAWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
AWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack Networking
 
Azure vs AWS Best Practices: What You Need to Know
Azure vs AWS Best Practices: What You Need to KnowAzure vs AWS Best Practices: What You Need to Know
Azure vs AWS Best Practices: What You Need to Know
 
Cloud Service.pptx
Cloud Service.pptxCloud Service.pptx
Cloud Service.pptx
 

Más de AWS Riyadh User Group

Más de AWS Riyadh User Group (15)

AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul MaddoxAWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
 
AWS reinvent 2019 recap - Riyadh - Database and Analytics - Assif Abbasi
AWS reinvent 2019 recap - Riyadh - Database and Analytics - Assif AbbasiAWS reinvent 2019 recap - Riyadh - Database and Analytics - Assif Abbasi
AWS reinvent 2019 recap - Riyadh - Database and Analytics - Assif Abbasi
 
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver VankerAWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
 
AWS reinvent 2019 recap - Riyadh - AI And ML - Ahmed Raafat
AWS reinvent 2019 recap - Riyadh - AI And ML - Ahmed RaafatAWS reinvent 2019 recap - Riyadh - AI And ML - Ahmed Raafat
AWS reinvent 2019 recap - Riyadh - AI And ML - Ahmed Raafat
 
Demistifying serverless on aws
Demistifying serverless on awsDemistifying serverless on aws
Demistifying serverless on aws
 
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...
Cutting to the chase for Machine Learning Analytics Ecosystem & AWS Lake Form...
 
Amazon SageMaker Build, Train and Deploy Your ML Models
Amazon SageMaker Build, Train and Deploy Your ML ModelsAmazon SageMaker Build, Train and Deploy Your ML Models
Amazon SageMaker Build, Train and Deploy Your ML Models
 
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
 
AWS Technical Day Riyadh Nov 2019 [Migration]
AWS Technical Day Riyadh Nov 2019 [Migration]AWS Technical Day Riyadh Nov 2019 [Migration]
AWS Technical Day Riyadh Nov 2019 [Migration]
 
AWS Amplify
AWS AmplifyAWS Amplify
AWS Amplify
 
Devops on AWS
Devops on AWSDevops on AWS
Devops on AWS
 
Blockchain on AWS
Blockchain on AWSBlockchain on AWS
Blockchain on AWS
 
AWS AI Services
AWS AI ServicesAWS AI Services
AWS AI Services
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 

Último

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Amazon Virtual Private Cloud - VPC 1

  • 1. UpScale 13-10-2018 AWS Virtual Private Cloud (VPC #1) AWS Riyadh User Group Ahmad ElGohary12 @aalgohary85 ELGOHARY AHMAD aalgohary85@gmail.com
  • 2. Agenda • AWS Saudi User Group • Past and Coming Topics • Networking Concepts • AWS VPC Components • LAB
  • 3. AWS Riyadh User Group • AWS Registered User Group in Riyadh, Saudi Arabia • Founded by Ahmed Aziz • Public Group • 352 Members • Connect all AWS Geeks
  • 4. Past and Coming Topics • Storage • S3 • Compute • EC2 • Auto Scaling • Networking • VPC Session 1 • VPC Session 2 • Route 53 • API Gateway
  • 5. Past and Coming Topics Cont’d • Databases • RDS • Dynamo DB • ElastiCache • Application Integration • SNS • SQS • SWF • Management Tools • Cloud Formation • Cloud Trail vs Cloud Watch
  • 6. Past and Coming Topics Cont’d • Add-Ons • Lambda • Cost Optimization • Well Architected Framework • Having Fun with Alexa • Chatbot • Machine Learning
  • 8. 7-Layer OSI Model Cont’d
  • 9. 7-Layer OSI Model Cont’d
  • 13. NAT and PAT • Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.
  • 14. What is Amazon VPC? • Amazon VPC is a logically isolated section of AWS cloud where you can launch AWS resources in a virtual network that you define. • Think of a VPC as a virtual datacenter in the cloud.
  • 15. Why do we need a VPC? • Control over organization resources • Control of security • Control of traffic between our services • Control to keep differing architectures completely separate from each other
  • 16. AWS Default VPC vs Our VPCs • CIDR 172.31.0.0/16. • Reserved by AWS as a default VPC for any account. • Our VPC • Stick to private network ranges defined in RFC1918 ranges • 10.0.0.0/8 • 172.16.0.0/12 • 192.168.0.0/16
  • 17. VPC Creation • IPv4: Block sizes must be between /16 and /28 • IPv6: – Amazon assigns /56 IPv6 CIDR block. – You can not choose the range for IPv6 CIDR block. • Tenancy: – Dedicated: Instances launched in this VPC are dedicated tenancy instances regardless of the tenancy attributes specified at launch. – Default: Instances launched in this VPC are use the tenancy attribute specified at launch.
  • 19. Subnet Creation • Subnet CIDR block sizes must be between /16 and /28. • Subnet size can be the same size as VPC or subset. • For each subnet, AWS reserves 5 IPs, the first 4 and the final. • The 3rd IP address is reserved for a AWS DNS server that handles all of this IP address assignment.
  • 22. Route Table • A route table contains a set of rules, called routes, that are used to determine where network traffic is directed. • Each subnet in the VPC must be associated with a route table. • VPC automatically comes with a main route table that you can modify. • By default any new subnet is associated with the main route table. • A subnet can only be associated with one route table.
  • 25. Internet Gateway • An internet gateway is a virtual router that connects a VPC to the internet. • Private subnets: It can not connect to the internet. • Public subnets: It can connect to the internet. • A subnet with a Route Table that's not connected to an internet gateway is private. • A subnet that's associated with a Route Table that's connected to an internet gateway is public.
  • 29. NAT Gateways • You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. • NAT GW is created in the public subnet. It requires Elastic IP. • An Elastic IP address is a public IPv4 address, which is reachable from the internet. • A route to NAT GW is added in the private route table.
  • 31. Network Access Control Lists • A network ACL is an optional layer of security that acts as a firewall for controlling traffic in and out of a subnet. • A default ACL is created for each new VPC that allows traffic in and out by default. • A Network ACL can apply to many subnets, but a subnet can only belong to one Network ACL. • Network ACLs are stateless.
  • 35. Network ACL Subnet Associations
  • 36. Security Groups • A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. • When you launch an instance in a VPC, you can assign up to five security groups to the instance. • Security Groups are Stateful.
  • 40. LAB: Building Your First Amazon VPC • https://qwiklabs.com/focuses/359?parent=catalog • Create an Amazon VPC • Create public and private subnets • Create an Internet Gateway • Create a Route Table and add a route to the Internet • Create a security group for your web server to only allow HTTP traffic • Create a security group for your MySQL RDS instance to only allow MySQL traffic from your public subnets • Deploy a web server and a MySQL RDS instance • Configure your application to connect to your MySQL RDS instance
  • 41. References • https://docs.aws.amazon.com/ • https://acloud.guru/ • https://start.jcolemorrison.com/aws-vpc-core- concepts-analogy-guide/ • https://qwiklabs.com/ • http://jodies.de/ipcalc • https://www.ultratools.com/tools/ipv6CIDRToRange
  • 43. See You Next Meetup AWS Riyadh User Group

Notas del editor

  1. You can safely remove this slide. This slide design was provided by SlideModel.com – You can download more templates, shapes and elements for PowerPoint from http://slidemodel.com
  2. You can safely remove this slide. This slide design was provided by SlideModel.com – You can download more templates, shapes and elements for PowerPoint from http://slidemodel.com