AWS Networking Overview
Beatrice Akaeme
Posted on October 31, 2023
Amazon Web Services (AWS) provides an extensive set of networking services and features to help developers build, manage, and optimize their cloud infrastructure. AWS networking services are created to offer high availability, security, and scalability. Below is the list of the main AWS networking services and concepts:
Amazon Virtual Private Cloud (VPC): Amazon VPC is the foundational building block of networking in AWS. It allows you to create your own virtual network in the Amazon cloud. It is a safe and isolated virtual networks in the cloud. As a developer you can connect your on-premises resources to AWS infrastructure through this virtual private network thereby launching AWS resources such as EC2 instances, RDS databases, and Lambda functions. You have full control over your VPC, including IP address ranges, subnets, route tables, and network gateways from the day it is created till the day You delete it.
Subnet: A subnet or subnetwork is a segment of a network inside of your virtual private network with its own range of IP addresses in your VPC. You must create subnets in order to launch your EC2 instances. One subnet can be in only one AZ at same time. It is further divided into private subnet and public subnet. A public subnet You can create public and private subnets, and they are associated with Availability Zones (AZs) in a region. Public subnets are typically used for resources that require direct internet access, while private subnets are used for internal resources.
Internet Gateway: This is an attachment of your virtual private cloud to the internet. An Internet Gateway makes communication between your public subnets and the internet possible. The public subnet with public IP address makes use of a route table to direct traffic to the internet gateway. It is very important to create an internet gateway when creating your own VPC to ensure that resources can be accessed from the internet and your instances can communicate with the outside world. You can route internet traffic to your instances so long as you attach internet gateway to your VPC. You can attach internet gateway to one or several subnets in your VPC when it is created.
Virtual Private Network (VPN): This managed service which is offered by AWS creates a safe online connection with AWS Site-to-Site VPN and AWS Client VPN to establish secure connections between their on-premises network and your AWS VPC. It makes your browsing more safe and secure with your VPC encrypting your identity and online traffic thereby preventing your data from being stolen
Direct Connect: AWS Direct Connect is a dedicated network connection and it provides more reliable and consistent connection between the environment of AWS directly through to the environment in which the user is currently in. It is done through a private network connection between AWS and your on-premises data center or office helping to reduce network instability and overcrowding. We have two types such as: 1)Dedicated connections which are connections that is between your data center and AWS. 2)Hosted connections which connections done by an AWS Direct connect delivery partner for you.
Peering: This is a connection between one VPC and another or with several other VPCs. With VPC peering you can connect multiple VPCs within the same or different AWS regions, using private IPv4 or IPv6 addresses allowing resources in different VPCs to communicate with each other as if they were on the same network. This allows traffic to flow between the connected VPCs making it possible for applications or workloads in one VPC to access data or resources in another or to enable file sharing.
Transit Gateway: AWS Transit Gateway is a service that simplifies network connectivity between multiple VPCs enabling them to communicate with each other, allows VPCs to as well connect to onsite networks through VPNs, and or Direct Connect connections. At least with this you don't need to manage multiple VPC connections.
Elastic Load Balancing: Is a cloud service provided by AWS in which traffic from network is distributed uniformly, efficiently and automatically across multiple servers or resources such as EC2 instances, IP addresses, Lambda functions and Containers in either one availability zone or multiple availability zones within an AWS region. This improves availability and fault tolerance and only routes traffic to healthy targets.
Types of Elastic Load Balancer;
1)Classic Load Balancer - Is a traditional load balancer that Operates at both Open system interconnection (OSI) layer 4 and layer 7. It does not support certain features.
2)Application Load Balancer (ALB) – traffic is distributed based on the content of the request at the application layer (HTTP/HTTPs). Operates at OSI layer 7
3)Network Load Balancer (NLB) – Decision is routed at transport layer( OSI layer 4). Good for high-performance applications and can handle millions of requests per second. Recommended for unstable and spiky and workloads
4)Gateway Load Balancer (GLB) – Good for deploying, scaling and managing virtual appliances such as firewalls. Operates at network layer(OSI layer 3)
Route 53: Amazon Route 53 is a highly Scalable and available Domain Name Server from AWS's Cloud platform which developers and organizations can use to route end users to their web applications in reliably and at a low. It routes traffic to resources like Amazon S3, Elastic Load Balancing, or EC2 instances, domain name registration for your website, translates domain names into IP addresses so as to route traffic to your website and can perform health checks.
Security Groups and Network Access Control Lists (NACLs): These are used for controlling inbound and outbound traffic to your AWS resources. Security Groups is a stateful virtual firewall that are associated with EC2 instances, while NACLs act as a stateless firewall at the subnet level.
Elastic IPs: Elastic IP addresses provide static, unchanging public IP address IPv4 address for your cloud computing environment. You can choose to associate and allocate a fixed public IP address to your AWS resources like EC2 instances and NAT gateways. They are particularly useful for ensuring that the public-facing IP address of your instance remains the same after a stop/start.
VPC Flow Logs: These lets you capture and log information about the IP traffic going to and from network interfaces in your VPC as well as how your network resources are actually operating. This is can be very helpful for security monitoring and troubleshooting.
AWS Global Accelerator: AWS Global Accelerator is a networking service offered by Amazon Web Services which uses static IP addresses to route traffic to multiple AWS regions, EC2 instances and Application Load Balancers, improving the availability, security and performance of public applications. This runs across multiple regions.
VPC Endpoints: These enable a highly efficient, secured private connectivity from your VPC to specific and supported AWS services with use of private Link without requiring public IP address at a reduced data transfer costs. This ensures that your data remains within the AWS network, and lowers exposure to the public internet.
Elastic Network Interface (ENI): An ENI is a virtual network interface which you can attach to an EC2 instance in your VPC, authorizing it to communicate with various subnets and security groups. It can attach computers and servers over online without the traditional physical cabling and other hardware.
Basically, ENIs are virtual network cards you can join to your EC2 instances. They are used authorize network connection for your instances.
These are just some of the many networking services offered by AWS to cater to a wide range of use cases, from simple web applications to complex industrial architectures, to guarantee that users can build highly available, secure, and scalable cloud infrastructures.
Posted on October 31, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
November 29, 2024