In the previous chapters, we learned about Amazon compute and storage services, focusing on EC2, EBS, EFS, and S3. We provisioned EC2 instances and the cloud storage that can be used by EC2 and other services. In this chapter, we will discuss Amazon cloud networking, where all the cloud resources are connected and communicate with each other.

We will cover the following topics in this chapter:

• Computer network basics – the fundamental network concepts, such as IP address, network address, and CIDR notation.
• Amazon Virtual Private Cloud (VPC) – the Amazon cloud network where EC2 and other services communicate with each other. We will provision VPCs, subnets, and EC2 instances in the VPC/subnets and explore EC2 instance communications within the VPC and to the internet.
• AWS network security – this becomes a priority once our VPC and EC2 instances are exposed to the internet. We will show how to build and configure network...

In Chapter 1, we learned that a computer network is a collection of interconnected devices, such as computers, servers, printers, and other devices, that are linked together to share resources and communicate with each other. A subnet, or subnetwork, is a smaller network that is created by partitioning a larger network into smaller segments, typically used to improve network performance, security, and management. Each subnet is identified by a unique network address, and devices within the same subnet share the same network address prefix. Each device has a unique address in the network/subnet. For a computer to talk to another one in a computer network, it must have an address for communication, which we call an IP address.

IP address

An IP address, or an Internet Protocol address, is a numerical address assigned to a device in a computer network for communication with the other devices that are also assigned IP addresses. An IP address serves...

A VPC is a network in the Amazon cloud. With Amazon VPC, you can assign custom IP address ranges, create subnets, and configure route tables, network gateways, and security settings. You can launch instances in a specified subnet of a VPC. By default, you can create five VPCs per AWS account per region, and you can increase this default quota by contacting Amazon cloud support. AWS VPC provides several benefits over traditional data center-based network designs, including the following:

• High availability: Amazon VPC is software based. Within a VPC, the routers are virtual and provide high availability. VPCs are regional in AWS and thus a VPC can span multiple AZs, with each subnet mapping to an AZ.
• Flexibility: Amazon VPC provides the flexibility to design and build your network topology to meet your specific business and technical requirements. With Amazon VPC, you select the IP address range for VPCs and subnets, configure route...

Amazon Direct Connect is a network service that provides a dedicated and private connection between your on-premises data center environment and the virtual data centers in the cloud. This connection is a private, high-speed, low-latency connection that is not accessible over the public internet. With Amazon Direct Connect, the connection between your on-premises environment and the AWS cloud will have guaranteed bandwidth and performance.

To set up AWS Direct Connect, you’ll need to follow these steps:

1. Review the prerequisites: Before you begin, make sure you have an AWS account and access to the AWS Management Console, a Direct Connect location, and a device that can connect to the Direct Connect location.
2. Request a connection: Log in to the AWS Management Console and go to the Direct Connect console. Choose a Direct Connect location and request a new connection. Provide details such as your connection name, port speed, and...

Amazon Route 53 is a scalable and highly available DNS web service provided by AWS. Some details about AWS Route 53 are as follows:

• It provides translation from human-readable names (such as example.com) into IP addresses that computers use to connect to network resources
• It can also be used to route traffic to AWS resources, such as EC2 instances, S3 buckets, and load balancers
• It offers features such as latency-based routing, geo DNS, health checks, and DNS failover, which help improve the performance, availability, and reliability of applications
• It integrates with other AWS services, such as CloudWatch and CloudTrail, to provide additional monitoring and logging capabilities

Amazon Route 53 supports the following routing policies:

• Simple routing: Uses one Route 53 server
• Weighted round-robin routing: Assign weights to Route 53 server rotations
• Latency routing: Route traffic based on latencies
...

The Amazon CDN is called Amazon CloudFront (CF). It is a global delivery service that leverages edge locations to securely deliver content with low latency and high speed. CF is integrated with AWS cloud services, and has the following features:

• It is a global network of edge locations that cache and deliver content (such as web pages, videos, and software downloads) to end users with low latency and high data transfer speeds.
• It can be used to distribute both static and dynamic content from AWS and non-AWS origin servers, such as EC2 instances, S3 buckets, and on-premises servers.
• It offers features such as content compression, SSL/TLS encryption, and custom domain names, which help improve the security, reliability, and performance of applications.
• It has a pay-as-you-go pricing model, with no upfront costs or minimum fees. The cost is based on the amount of data transferred, the number of requests made, and the edge locations used...

In this chapter, we discussed the Amazon cloud network – VPC, Direct Connect, Route 53, and the CDN, CF. We focused on building a small AWS cloud, by provisioning VPCs, subnets, EC2 instances, and peering VPCs, and setting up internet access for the EC2 instances. We discussed AWS VPC network security and compared the differences between SGs and NACLs. At the end of the chapter, we briefly looked at AWS Direct Connect, providing a connection between on-premises and the Amazon cloud, Amazon Route 53, and Amazon CF concepts and features. In the next chapter, we will discuss database concepts and introduce Amazon cloud database services.

1. What is the main function of an Internet Gateway (IGW) in AWS VPC?

A. To provide Network Address Translation (NAT) for instances in the VPC

B. To allow instances in the VPC to communicate with other resources outside the VPC

C. To restrict access to the VPC to only authorized users or resources

D. To provide load-balancing capabilities for instances in the VPC

2. Which of the following is not a valid use case for a NAT gateway in Amazon VPC?

A. Allowing instances in a private subnet to access the internet

B. Enabling communication between two VPCs in different regions

C. Enabling communication between a VPC and an on-premises network

D. Enabling communication between a VPC and a third-party service that requires a whitelisted IP address

3. Which of the following statements is true about AWS security groups?

A. Security groups are stateless, meaning that inbound and outbound rules must be specified separately

B. Security groups...

1. B
2. B
3. C
4. B
5. B
6. D
7. B
8. B
9. C
10. D

For further insights into what you’ve learned in this chapter, refer to the following links:

• https://aws.amazon.com/vpc
• https://docs.aws.amazon.com/vpc/index.html
• https://aws.amazon.com/vpc/faqs/
• https://aws.amazon.com/getting-started/hands-on/getting-started-create-vpc/
• https://docs.aws.amazon.com/directconnect/index.html
• https://aws.amazon.com/directconnect/faqs/
• https://aws.amazon.com/getting-started/hands-on/getting-started-dc/
• https://docs.aws.amazon.com/cloudfront/index.html
• https://aws.amazon.com/cloudfront/faqs/
• https://aws.amazon.com/getting-started/hands-on/get-started-with-cloudfront/
• https://docs.aws.amazon.com/Route53/index.html
• https://aws.amazon.com/route53/faqs/
• https://aws.amazon.com/getting-started/hands-on/get-started-route-53/