2. Agenda
• AWS Saudi User Group
• Past and Coming Topics
• Networking Concepts
• AWS VPC Components
• LAB
3. AWS Riyadh User
Group
• AWS Registered User Group in
Riyadh, Saudi Arabia
• Founded by Ahmed Aziz
• Public Group
• 352 Members
• Connect all AWS Geeks
4. Past and Coming
Topics
• Storage
• S3
• Compute
• EC2
• Auto Scaling
• Networking
• VPC Session 1
• VPC Session 2
• Route 53
• API Gateway
5. Past and Coming
Topics Cont’d
• Databases
• RDS
• Dynamo DB
• ElastiCache
• Application Integration
• SNS
• SQS
• SWF
• Management Tools
• Cloud Formation
• Cloud Trail vs Cloud Watch
6. Past and Coming
Topics Cont’d
• Add-Ons
• Lambda
• Cost Optimization
• Well Architected Framework
• Having Fun with Alexa
• Chatbot
• Machine Learning
13. NAT and PAT
• Network address
translation (NAT) is a
method of remapping one
IP address space into
another by modifying
network address
information in the IP
header of packets while
they are in transit across a
traffic routing device.
14. What is Amazon
VPC?
• Amazon VPC is a logically isolated
section of AWS cloud where you
can launch AWS resources in a
virtual network that you define.
• Think of a VPC as a virtual
datacenter in the cloud.
15. Why do we need a
VPC?
• Control over organization
resources
• Control of security
• Control of traffic between our
services
• Control to keep differing
architectures completely
separate from each other
16. AWS Default VPC vs
Our VPCs
• CIDR 172.31.0.0/16.
• Reserved by AWS as a default
VPC for any account.
• Our VPC
• Stick to private network
ranges defined in RFC1918
ranges
• 10.0.0.0/8
• 172.16.0.0/12
• 192.168.0.0/16
17. VPC Creation
• IPv4: Block sizes must be between /16 and /28
• IPv6:
– Amazon assigns /56 IPv6 CIDR block.
– You can not choose the range for IPv6 CIDR block.
• Tenancy:
– Dedicated: Instances launched in this VPC are dedicated tenancy instances
regardless of the tenancy attributes specified at launch.
– Default: Instances launched in this VPC are use the tenancy attribute
specified at launch.
19. Subnet Creation
• Subnet CIDR block sizes must
be between /16 and /28.
• Subnet size can be the same
size as VPC or subset.
• For each subnet, AWS reserves
5 IPs, the first 4 and the final.
• The 3rd IP address is reserved
for a AWS DNS server that
handles all of this IP address
assignment.
22. Route Table
• A route table contains a set of rules, called
routes, that are used to determine where
network traffic is directed.
• Each subnet in the VPC must be associated with
a route table.
• VPC automatically comes with a main route table
that you can modify.
• By default any new subnet is associated with the
main route table.
• A subnet can only be associated with one route
table.
25. Internet Gateway
• An internet gateway is a virtual router
that connects a VPC to the internet.
• Private subnets: It can not connect to
the internet.
• Public subnets: It can connect to the
internet.
• A subnet with a Route Table that's not
connected to an internet gateway is
private.
• A subnet that's associated with a Route
Table that's connected to an internet
gateway is public.
29. NAT Gateways
• You can use a network address translation
(NAT) gateway to enable instances in a
private subnet to connect to the internet or
other AWS services, but prevent the
internet from initiating a connection with
those instances.
• NAT GW is created in the public subnet. It
requires Elastic IP.
• An Elastic IP address is a public IPv4
address, which is reachable from the
internet.
• A route to NAT GW is added in the private
route table.
31. Network Access Control Lists
• A network ACL is an optional layer of security that
acts as a firewall for controlling traffic in and out of
a subnet.
• A default ACL is created for each new VPC that
allows traffic in and out by default.
• A Network ACL can apply to many subnets, but a
subnet can only belong to one Network ACL.
• Network ACLs are stateless.
36. Security Groups
• A security group acts as a
virtual firewall for your
instance to control
inbound and outbound
traffic.
• When you launch an
instance in a VPC, you can
assign up to five security
groups to the instance.
• Security Groups are
Stateful.
40. LAB: Building Your First Amazon VPC
• https://qwiklabs.com/focuses/359?parent=catalog
• Create an Amazon VPC
• Create public and private subnets
• Create an Internet Gateway
• Create a Route Table and add a route to the Internet
• Create a security group for your web server to only allow HTTP traffic
• Create a security group for your MySQL RDS instance to only allow
MySQL traffic from your public subnets
• Deploy a web server and a MySQL RDS instance
• Configure your application to connect to your MySQL RDS instance
You can safely remove this slide. This slide design was provided by SlideModel.com – You can download more templates, shapes and elements for PowerPoint from http://slidemodel.com
You can safely remove this slide. This slide design was provided by SlideModel.com – You can download more templates, shapes and elements for PowerPoint from http://slidemodel.com