SlideShare une entreprise Scribd logo

SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options

Amazon Web Services
Amazon Web Services

The document provides an overview of Amazon Virtual Private Clouds (VPCs) and connectivity options. It begins with a basic walkthrough of setting up an internet-connected VPC, including choosing an IP address range, creating subnets, adding a route to the internet, and configuring security groups. It then discusses additional connectivity options such as private subnets, VPC peering, VPN connections, and VPC endpoints. The document is intended to help users understand fundamental VPC concepts and how to configure basic network connectivity and security.

1  sur  66
Télécharger pour lire hors ligne
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Gina Morris Engineering manager, EC2 Networking SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon EC2 instance
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 172.31.0.128 172.31.0.129 172.31.1.24 172.31.1.27 54.4.5.6 54.2.3.4 Amazon Virtual Private Cloud (Amazon VPC)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What to expect from this session • Get familiar with VPC concepts • Walk through a basic VPC setup • Learn about the ways in which you can tailor your virtual network to meet your needs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Walkthrough: Setting up an internet-connected VPC
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Creating an internet-connected VPC: Steps Choosing an address range Create subnets in Availability Zones Creating a route to the internet Authorizing traffic to & from the VPC Internet gateway
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Choosing an IP address range
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CIDR range example: 172.31.0.0/16 1010 1100 0001 1111 0000 0000 0000 0000 CIDR notation review
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Choosing an IP address range for your VPC 172.31.0.0/16 Recommended: RFC1918 range Recommended: /16 (65,536 addresses) Avoid ranges that overlap with other networks to which you might connect
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Subnets VPC Subnet
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC subnets and Availability Zones 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet 172.31.0.0/24 172.31.1.0/24 172.31.2.0/24 eu-west-1a eu-west-1b eu-west-1c
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC subnet recommendations • /16 VPC (65,536 addresses) • At least /24 subnets (251 addresses) • Use multiple Availability Zones per VPC through multiple subnets
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route to the internet Internet gateway
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Routing in your VPC • Route tables contain rules for which packets go where • Your VPC has a default route table • But, you can assign different route tables to different subnets
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Traffic destined for my VPC stays in my VPC
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Internet gateway Send packets here if you want them to reach the internet
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Everything that isn’t destined for the VPC: Send to the internet
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Network security in your VPC: Security groups
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. “MyWebServers” Security Group “MyBackends” Security Group Allow only “MyWebServers” Security groups follow application structure
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security groups example: Web servers Allow all HTTP traffic Rule descriptions
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security groups example: Backends Allow application traffic from web servers only
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security groups in VPC: Additional notes • Follow the “principle of least privilege” • VPC allows creation of egress in addition to ingress security group rules
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Connectivity options for VPCs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Beyond internet connectivity Restricting internet access Connecting to your corporate network Connecting to other VPCs VPC subnet
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Restricting internet access: Routing by subnet VPC subnet
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Routing by subnet VPC subnet VPC subnet Has route to internet Has no route to internet
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Outbound-only internet access: NAT gateway private subnet public subnet 0.0.0.0/0 0.0.0.0/0 Public IP: 54.161.0.39 NAT gateway
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Egress-only internet gateways for IPv6 Private subnet Public subnet ::/0 ::/0 Egress-only internet gateway
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security group pattern for SSH bastion Virtual Private Cloud Public subnet SSH bastion (EC2 instance) Private subnet Allows connections on port 22 from known IP range Allows connections on port 22 from Bastion group SSH Access security group Bastion security group
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Inter-VPC connectivity: VPC peering
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Common/core services • Authentication/directory • Monitoring • Logging • Remote administration • Scanning Example VPC peering use: Shared services VPC
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security groups across peered VPCs VPC peering 172.31.0.0/16 10.55.0.0/16 Orange security group Blue security group Allow
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Establish a VPC peering: Initiate request 172.31.0.0/16 10.55.0.0/16Step 1 Initiate peering request
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Establish a VPC peering: Accept request 172.31.0.0/16 10.55.0.0/16Step 1 Initiate peering request Step 2 Accept peering request
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Establish a VPC peering: Create a route 172.31.0.0/16 10.55.0.0/16Step 1 Initiate peering request Step 2 Accept peering request Step 3 Traffic destined for the peered VPC should go to the peering
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Connecting to on-premises networks: AWS Virtual Private Network and AWS Direct Connect
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Extend an on-premises network into your VPC VPN AWS Direct Connect
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS VPN basics Customer gateway Virtual private gateway Two IPsec tunnels 192.168.0.0/16 172.31.0.0/16 192.168/16 Your networking device
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Both allow secure connections between your network and your VPC • VPN is a pair of IPsec tunnels over the internet • AWS Direct Connect is a dedicated line with lower per-GB data transfer rates • For highest availability, use both AWS VPN and AWS Direct Connect
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC and the rest of AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC and the rest of AWS AWS services in your VPC VPC endpointsDNS in-VPC with Amazon Route 53 Logging VPC traffic with VPC Flow Logs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. DNS in a VPC
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC DNS options Use Amazon DNS server Have EC2 auto-assign DNS hostnames to instances
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Route 53 private hosted zones Private Hosted Zone example.demohostedzone.org  172.31.0.99
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS services in your VPC
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example: Amazon RDS database in your VPC Reachable via DNS name: mydb- cluster-1 ….us-west- 2.rds.amazonaws.com
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example: Application Load Balancer in your VPC
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Endpoints
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon S3 and your VPC S3 bucket Your applications Your data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Gateway VPC endpoints
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC endpoints: Amazon S3 and Amazon DynamoDB S3 bucket Route S3-bound traffic to the VPC endpoint
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM policy for VPC endpoints S3 bucket IAM policy at VPC endpoint: restrict actions of VPC in Amazon S3 or Amazon DynamoDB IAM policy at S3 bucket: make accessible from VPC endpoint only
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Interface VPC endpoints
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS PrivateLink for AWS services Private IP: 10.10.1.6 Private IP: 10.10.2.10 vpce-….ec2.eu-west-1.vpce.amazonaws.com vpce-…eu-west-1a.ec2.eu-west-1.vpce.amazonaws.com vpce-…eu-west-1b.ec2.eu-west-1.vpce.amazonaws.com ec2.eu-west-1.amazonaws.com EC2 APIs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Endpoint Services (AWS PrivateLink) Network Load Balancer (NLB) Endpoint Service vpce-svc-0d8d Private IP: 10.10.1.6 endpoint vpce-1234 vpce-1234-ktfdt2an.vpce-svc-0d8d.us-east- 1.vpce.amazonaws.com EC2 APIs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Flow Logs: VPC Traffic Metadata in Amazon CloudWatch Logs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Visibility into effects of security group rules • Troubleshooting network connectivity • Ability to analyze traffic VPC Flow Logs 10.10.1.0/24 AZ A
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Flow Logs: Setup VPC traffic metadata captured in Amazon CloudWatch Logs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Flow Logs data in CloudWatch Logs Who is this? # dig +short -x 52.90.45.101 ec2-52-90-45-101.compute-1.amazonaws.com. ACCEP T TCP port 443 = HTTPS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC: Your Private Network in AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The VPC network
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC network security
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC connectivity
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the summit mobile app.
Submit session feedback 1. Tap the Schedule icon. 2. Select the session you attended. 3. Tap Session Evaluation to submit your feedback.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you!

Recommandé

SID305 AWS Certificate Manager Private CA
SID305 AWS Certificate Manager Private CASID305 AWS Certificate Manager Private CA
SID305 AWS Certificate Manager Private CA
Amazon Web Services
 
SRV207 Orchestrating AWS Lambda with Step Functions
SRV207 Orchestrating AWS Lambda with Step Functions SRV207 Orchestrating AWS Lambda with Step Functions
SRV207 Orchestrating AWS Lambda with Step Functions
Amazon Web Services
 
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Amazon Web Services
 
Amazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and Remediation
Amazon Web Services
 
SRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS Config
SRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS ConfigSRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS Config
SRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS Config
Amazon Web Services
 
SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps
Amazon Web Services
 
Container Scheduling
Container SchedulingContainer Scheduling
Container Scheduling
Amazon Web Services
 
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Amazon Web Services
 

Recommandé

SID305 AWS Certificate Manager Private CA
SID305 AWS Certificate Manager Private CASID305 AWS Certificate Manager Private CA
SID305 AWS Certificate Manager Private CA
Amazon Web Services
 
SRV207 Orchestrating AWS Lambda with Step Functions
SRV207 Orchestrating AWS Lambda with Step Functions SRV207 Orchestrating AWS Lambda with Step Functions
SRV207 Orchestrating AWS Lambda with Step Functions
Amazon Web Services
 
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Amazon Web Services
 
Amazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and RemediationAmazon GuardDuty Threat Detection and Remediation
Amazon GuardDuty Threat Detection and Remediation
Amazon Web Services
 
SRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS Config
SRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS ConfigSRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS Config
SRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS Config
Amazon Web Services
 
SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps
Amazon Web Services
 
Container Scheduling
Container SchedulingContainer Scheduling
Container Scheduling
Amazon Web Services
 
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Amazon Web Services
 
SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study
SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study
SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study
Amazon Web Services
 
Inside AWS: Technology Choices for Modern Applications (SRV305-R1) - AWS re:I...
Inside AWS: Technology Choices for Modern Applications (SRV305-R1) - AWS re:I...Inside AWS: Technology Choices for Modern Applications (SRV305-R1) - AWS re:I...
Inside AWS: Technology Choices for Modern Applications (SRV305-R1) - AWS re:I...
Amazon Web Services
 
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Amazon Web Services
 
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Amazon Web Services
 
Use SD-WAN to Manage Your AWS Environment and Branch Office Connectivity (NET...
Use SD-WAN to Manage Your AWS Environment and Branch Office Connectivity (NET...Use SD-WAN to Manage Your AWS Environment and Branch Office Connectivity (NET...
Use SD-WAN to Manage Your AWS Environment and Branch Office Connectivity (NET...
Amazon Web Services
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica Hive
Amazon Web Services
 
BDA309 Build Your First Big Data Application on AWS
BDA309 Build Your First Big Data Application on AWSBDA309 Build Your First Big Data Application on AWS
BDA309 Build Your First Big Data Application on AWS
Amazon Web Services
 
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a Week
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a WeekDEM18 How SendBird Built a Serverless Log-Processing Pipeline in a Week
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a Week
Amazon Web Services
 
SID301 Threat Detection and Mitigation
SID301 Threat Detection and Mitigation SID301 Threat Detection and Mitigation
SID301 Threat Detection and Mitigation
Amazon Web Services
 
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon Web Services
 
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
Amazon Web Services
 
Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS
Amazon Web Services
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Amazon Web Services
 
SRV318 Running Kubernetes with Amazon EKS
SRV318 Running Kubernetes with Amazon EKSSRV318 Running Kubernetes with Amazon EKS
SRV318 Running Kubernetes with Amazon EKS
Amazon Web Services
 
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
Amazon Web Services
 
Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams
Amazon Web Services
 
SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services
Amazon Web Services
 
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
Amazon Web Services
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts
Amazon Web Services
 
Deep Dive on Cloud File System Offerings: What to Use, Where, and Why (STG392...
Deep Dive on Cloud File System Offerings: What to Use, Where, and Why (STG392...Deep Dive on Cloud File System Offerings: What to Use, Where, and Why (STG392...
Deep Dive on Cloud File System Offerings: What to Use, Where, and Why (STG392...
Amazon Web Services
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPC
Amazon Web Services
 
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Amazon Web Services
 

Contenu connexe

Tendances

Inside AWS: Technology Choices for Modern Applications (SRV305-R1) - AWS re:I...
Inside AWS: Technology Choices for Modern Applications (SRV305-R1) - AWS re:I...Inside AWS: Technology Choices for Modern Applications (SRV305-R1) - AWS re:I...
Inside AWS: Technology Choices for Modern Applications (SRV305-R1) - AWS re:I...
Amazon Web Services
 
Use SD-WAN to Manage Your AWS Environment and Branch Office Connectivity (NET...
Use SD-WAN to Manage Your AWS Environment and Branch Office Connectivity (NET...Use SD-WAN to Manage Your AWS Environment and Branch Office Connectivity (NET...
Use SD-WAN to Manage Your AWS Environment and Branch Office Connectivity (NET...
Amazon Web Services
 
BDA309 Build Your First Big Data Application on AWS
BDA309 Build Your First Big Data Application on AWSBDA309 Build Your First Big Data Application on AWS
BDA309 Build Your First Big Data Application on AWS
Amazon Web Services
 
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
Amazon Web Services
 
Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams
Amazon Web Services
 
Deep Dive on Cloud File System Offerings: What to Use, Where, and Why (STG392...
Deep Dive on Cloud File System Offerings: What to Use, Where, and Why (STG392...Deep Dive on Cloud File System Offerings: What to Use, Where, and Why (STG392...
Deep Dive on Cloud File System Offerings: What to Use, Where, and Why (STG392...
Amazon Web Services
 

Tendances (20)

SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study
SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study
SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study
 
Inside AWS: Technology Choices for Modern Applications (SRV305-R1) - AWS re:I...
Inside AWS: Technology Choices for Modern Applications (SRV305-R1) - AWS re:I...Inside AWS: Technology Choices for Modern Applications (SRV305-R1) - AWS re:I...
Inside AWS: Technology Choices for Modern Applications (SRV305-R1) - AWS re:I...
 
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
 
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
 
Use SD-WAN to Manage Your AWS Environment and Branch Office Connectivity (NET...
Use SD-WAN to Manage Your AWS Environment and Branch Office Connectivity (NET...Use SD-WAN to Manage Your AWS Environment and Branch Office Connectivity (NET...
Use SD-WAN to Manage Your AWS Environment and Branch Office Connectivity (NET...
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica Hive
 
BDA309 Build Your First Big Data Application on AWS
BDA309 Build Your First Big Data Application on AWSBDA309 Build Your First Big Data Application on AWS
BDA309 Build Your First Big Data Application on AWS
 
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a Week
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a WeekDEM18 How SendBird Built a Serverless Log-Processing Pipeline in a Week
DEM18 How SendBird Built a Serverless Log-Processing Pipeline in a Week
 
SID301 Threat Detection and Mitigation
SID301 Threat Detection and Mitigation SID301 Threat Detection and Mitigation
SID301 Threat Detection and Mitigation
 
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
 
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
 
Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
 
SRV318 Running Kubernetes with Amazon EKS
SRV318 Running Kubernetes with Amazon EKSSRV318 Running Kubernetes with Amazon EKS
SRV318 Running Kubernetes with Amazon EKS
 
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
Stream Video, Analyze It in Real Time, and Share It in Real Time (ANT357) - A...
 
Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams
 
SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services
 
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts
 
Deep Dive on Cloud File System Offerings: What to Use, Where, and Why (STG392...
Deep Dive on Cloud File System Offerings: What to Use, Where, and Why (STG392...Deep Dive on Cloud File System Offerings: What to Use, Where, and Why (STG392...
Deep Dive on Cloud File System Offerings: What to Use, Where, and Why (STG392...
 

Similaire à SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options

AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
Amazon Web Services
 
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
Amazon Web Services
 
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Amazon Web Services
 

Similaire à SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options (20)

VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPC
 
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
 
Getting Started with Amazon VPC (NET208) - AWS re:Invent 2018
Getting Started with Amazon VPC (NET208) - AWS re:Invent 2018Getting Started with Amazon VPC (NET208) - AWS re:Invent 2018
Getting Started with Amazon VPC (NET208) - AWS re:Invent 2018
 
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
 
AWS PrivateLink Fundamentals
AWS PrivateLink FundamentalsAWS PrivateLink Fundamentals
AWS PrivateLink Fundamentals
 
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
 
AWS VPN Solutions (NET304) - AWS re:Invent 2018
AWS VPN Solutions (NET304) - AWS re:Invent 2018AWS VPN Solutions (NET304) - AWS re:Invent 2018
AWS VPN Solutions (NET304) - AWS re:Invent 2018
 
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Toronto AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS Summit
 
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
 
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
 
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS Summit
 
Deep Dive on AWS PrivateLink - AWS Online Tech Talks
Deep Dive on AWS PrivateLink - AWS Online Tech TalksDeep Dive on AWS PrivateLink - AWS Online Tech Talks
Deep Dive on AWS PrivateLink - AWS Online Tech Talks
 
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitPlan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
 
Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)
Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)
Expanding Your AWS and On-premise Footprint to AWS GovCloud (US)
 
AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentals
 
Deep Dive on New AWS Networking Features - AWS Online Tech Talks
Deep Dive on New AWS Networking Features - AWS Online Tech TalksDeep Dive on New AWS Networking Features - AWS Online Tech Talks
Deep Dive on New AWS Networking Features - AWS Online Tech Talks
 
EKS Workshop
EKS Workshop EKS Workshop
EKS Workshop
 
Connectivity Options: VPC Peering, Transit VPC, AWS PrivateLink, AWS Direct C...
Connectivity Options: VPC Peering, Transit VPC, AWS PrivateLink, AWS Direct C...Connectivity Options: VPC Peering, Transit VPC, AWS PrivateLink, AWS Direct C...
Connectivity Options: VPC Peering, Transit VPC, AWS PrivateLink, AWS Direct C...
 
Architecting Remote Connectivity (NET309-R1) - AWS re:Invent 2018
Architecting Remote Connectivity (NET309-R1) - AWS re:Invent 2018Architecting Remote Connectivity (NET309-R1) - AWS re:Invent 2018
Architecting Remote Connectivity (NET309-R1) - AWS re:Invent 2018
 
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options

  • 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Gina Morris Engineering manager, EC2 Networking SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon EC2 instance
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 172.31.0.128 172.31.0.129 172.31.1.24 172.31.1.27 54.4.5.6 54.2.3.4 Amazon Virtual Private Cloud (Amazon VPC)
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What to expect from this session • Get familiar with VPC concepts • Walk through a basic VPC setup • Learn about the ways in which you can tailor your virtual network to meet your needs
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Walkthrough: Setting up an internet-connected VPC
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Creating an internet-connected VPC: Steps Choosing an address range Create subnets in Availability Zones Creating a route to the internet Authorizing traffic to & from the VPC Internet gateway
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Choosing an IP address range
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CIDR range example: 172.31.0.0/16 1010 1100 0001 1111 0000 0000 0000 0000 CIDR notation review
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Choosing an IP address range for your VPC 172.31.0.0/16 Recommended: RFC1918 range Recommended: /16 (65,536 addresses) Avoid ranges that overlap with other networks to which you might connect
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Subnets VPC Subnet
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC subnets and Availability Zones 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet 172.31.0.0/24 172.31.1.0/24 172.31.2.0/24 eu-west-1a eu-west-1b eu-west-1c
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC subnet recommendations • /16 VPC (65,536 addresses) • At least /24 subnets (251 addresses) • Use multiple Availability Zones per VPC through multiple subnets
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route to the internet Internet gateway
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Routing in your VPC • Route tables contain rules for which packets go where • Your VPC has a default route table • But, you can assign different route tables to different subnets
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Traffic destined for my VPC stays in my VPC
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Internet gateway Send packets here if you want them to reach the internet
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Everything that isn’t destined for the VPC: Send to the internet
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Network security in your VPC: Security groups
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. “MyWebServers” Security Group “MyBackends” Security Group Allow only “MyWebServers” Security groups follow application structure
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security groups example: Web servers Allow all HTTP traffic Rule descriptions
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security groups example: Backends Allow application traffic from web servers only
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security groups in VPC: Additional notes • Follow the “principle of least privilege” • VPC allows creation of egress in addition to ingress security group rules
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Connectivity options for VPCs
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Beyond internet connectivity Restricting internet access Connecting to your corporate network Connecting to other VPCs VPC subnet
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Restricting internet access: Routing by subnet VPC subnet
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Routing by subnet VPC subnet VPC subnet Has route to internet Has no route to internet
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Outbound-only internet access: NAT gateway private subnet public subnet 0.0.0.0/0 0.0.0.0/0 Public IP: 54.161.0.39 NAT gateway
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Egress-only internet gateways for IPv6 Private subnet Public subnet ::/0 ::/0 Egress-only internet gateway
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security group pattern for SSH bastion Virtual Private Cloud Public subnet SSH bastion (EC2 instance) Private subnet Allows connections on port 22 from known IP range Allows connections on port 22 from Bastion group SSH Access security group Bastion security group
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Inter-VPC connectivity: VPC peering
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Common/core services • Authentication/directory • Monitoring • Logging • Remote administration • Scanning Example VPC peering use: Shared services VPC
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security groups across peered VPCs VPC peering 172.31.0.0/16 10.55.0.0/16 Orange security group Blue security group Allow
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Establish a VPC peering: Initiate request 172.31.0.0/16 10.55.0.0/16Step 1 Initiate peering request
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Establish a VPC peering: Accept request 172.31.0.0/16 10.55.0.0/16Step 1 Initiate peering request Step 2 Accept peering request
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Establish a VPC peering: Create a route 172.31.0.0/16 10.55.0.0/16Step 1 Initiate peering request Step 2 Accept peering request Step 3 Traffic destined for the peered VPC should go to the peering
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Connecting to on-premises networks: AWS Virtual Private Network and AWS Direct Connect
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Extend an on-premises network into your VPC VPN AWS Direct Connect
  • 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS VPN basics Customer gateway Virtual private gateway Two IPsec tunnels 192.168.0.0/16 172.31.0.0/16 192.168/16 Your networking device
  • 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Both allow secure connections between your network and your VPC • VPN is a pair of IPsec tunnels over the internet • AWS Direct Connect is a dedicated line with lower per-GB data transfer rates • For highest availability, use both AWS VPN and AWS Direct Connect
  • 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC and the rest of AWS
  • 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC and the rest of AWS AWS services in your VPC VPC endpointsDNS in-VPC with Amazon Route 53 Logging VPC traffic with VPC Flow Logs
  • 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. DNS in a VPC
  • 43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC DNS options Use Amazon DNS server Have EC2 auto-assign DNS hostnames to instances
  • 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Route 53 private hosted zones Private Hosted Zone example.demohostedzone.org  172.31.0.99
  • 45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS services in your VPC
  • 46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example: Amazon RDS database in your VPC Reachable via DNS name: mydb- cluster-1 ….us-west- 2.rds.amazonaws.com
  • 47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example: Application Load Balancer in your VPC
  • 48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Endpoints
  • 49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon S3 and your VPC S3 bucket Your applications Your data
  • 50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Gateway VPC endpoints
  • 51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC endpoints: Amazon S3 and Amazon DynamoDB S3 bucket Route S3-bound traffic to the VPC endpoint
  • 52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM policy for VPC endpoints S3 bucket IAM policy at VPC endpoint: restrict actions of VPC in Amazon S3 or Amazon DynamoDB IAM policy at S3 bucket: make accessible from VPC endpoint only
  • 53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Interface VPC endpoints
  • 54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS PrivateLink for AWS services Private IP: 10.10.1.6 Private IP: 10.10.2.10 vpce-….ec2.eu-west-1.vpce.amazonaws.com vpce-…eu-west-1a.ec2.eu-west-1.vpce.amazonaws.com vpce-…eu-west-1b.ec2.eu-west-1.vpce.amazonaws.com ec2.eu-west-1.amazonaws.com EC2 APIs
  • 55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Endpoint Services (AWS PrivateLink) Network Load Balancer (NLB) Endpoint Service vpce-svc-0d8d Private IP: 10.10.1.6 endpoint vpce-1234 vpce-1234-ktfdt2an.vpce-svc-0d8d.us-east- 1.vpce.amazonaws.com EC2 APIs
  • 56. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Flow Logs: VPC Traffic Metadata in Amazon CloudWatch Logs
  • 57. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Visibility into effects of security group rules • Troubleshooting network connectivity • Ability to analyze traffic VPC Flow Logs 10.10.1.0/24 AZ A
  • 58. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Flow Logs: Setup VPC traffic metadata captured in Amazon CloudWatch Logs
  • 59. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Flow Logs data in CloudWatch Logs Who is this? # dig +short -x 52.90.45.101 ec2-52-90-45-101.compute-1.amazonaws.com. ACCEP T TCP port 443 = HTTPS
  • 60. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC: Your Private Network in AWS
  • 61. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The VPC network
  • 62. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC network security
  • 63. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC connectivity
  • 64. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the summit mobile app.
  • 65. Submit session feedback 1. Tap the Schedule icon. 2. Select the session you attended. 3. Tap Session Evaluation to submit your feedback.
  • 66. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you!