AWS Networking from Basics to Advanced: Learn practically in 5 hours
- Life Time Access
- Certificate on Completion
- Access on Android and iOS App
This course aims to build the complete understanding of Amazon Web Services (AWS) Networking from ground up where students will understand the networking core concepts by doing exercises on their own.
This course contains 2 sections. First section is about Understanding AWS Networking where I have explained starting from very basics the AWS VPC, VPC components and Private connectivity options in AWS . If you are already aware of AWS networking components, then you may want to skip this section and jump directly to hands on exercises section.
1. Understanding AWS Networking in depth
- Physical on premises networking vs AWS VPC
- Getting familiar with AWS VPC terminologies - VPC, Subnets, Route tables, Internet Gateway, Security Group, Network ACL
- Understanding VPC CIDR
- Understanding Subnets and Route Tables
- Public Subnet vs Private Subnet
- Understanding NAT (Network Address Translation) Concept
- NAT Gateway and NAT instance
- AWS Private Connectivity options
- Understanding VPC Peering
- VPC Endpoint and Privatelink for private connectivity to AWS Services
- VPN connection
- Direct Connect
2. AWS VPC Hands on exercises
- Create VPC with single public subnet, launch EC2 instance and connect over internet
- Create VPC with Pubic and Private subnet, connect to EC2 instance in Private subnet via EC2 instance in Public subnet
- Create NAT Gateway and allow EC2 instances in Private subnet to access internet through NAT Gateway
- Create and use NAT EC2 instance instead of NAT Gateway
- Create VPC Peering between VPCs across AWS regions and connect to EC2 instance over private IP by using VPC peering connection
- Create VPC endpoint gateway for S3 and access S3 contents from EC2 instance in Private subnet without requiring internet connection
- Create and use VPC Private Link to expose your Web service privately to application hosted in another VPC
3. Route53 and Website Hosting
- Hosting website on S3 using custom domain name from GoDaddy
- HTTPS website using S3 and CloudFront
- Implement AWS region level failover using AWS Route53
4. Advanced Networking: VPN Connections
- Setup Site-To-Site VPN between AWS VPC and simulated on-premise network
- Setup Site-To-Site VPN between AWS and Google Cloud using BGP dynamic Routing
- Basic familiarity with Cloud Computing technology
- Good to have some linux experience
- Networking in AWS - Basic to Advanced Networking concepts by doing hands on exercises
- Whiteboard sessions to see how various networking components work together
- Understand how to secure your infrastructure by using appropriate VPC components and firewalls
- AWS Public and Private Network connectivity options and their implementation
- In depth understanding of VPC, CIDR, Subnets, Route Tables, Security Groups, NACL, NAT Gateway, NAT Instance, VPC Peering, VPC Endpoint, VPC PrivateLink, VPN connection, Direct Connect, Route53 Failover
In this lecture, you will learn about Basics of AWS VPC, moving physical to virtual networking, VPC terminologies and how to calculate VPC, Subnets address in CIDR notation
In this lecture, understand how the routing works within VPC to allow communication between subnets or between subnets and internet. What are public subnets, what are private subnets and how to restrict network reaching to your EC2 instances using Security groups and Network ACLs.
In this lecture, you will understand the very important network component "NAT". Why to use NAT, NAT benefits, the working of NAT (Network address translation) and how to use AWS NAT Gateway to allow instances in private subnets to access internet.
Then we will see how to configure EC2 instance as a NAT and what all it takes to launch and configure EC2 instance to function as NAT.
In this lecture, understand advanced networking features of AWS. To start with, we will see how to connect two VPCs over a private network using VPC peering followed by VPC Endpoint. We will also see an overview of AWS and On-premise connectivity options in the form of VPN connection and DirectConnect. In the exercises section, you will find an exercise for setting up VPN connection using AWS Virtual Private Gateway.
That's all you need to know as an intermediary level AWS solution architect or devops engineer or developer when it comes to Networking in AWS.
Please move on to Section 2 and complete all Hands on exercises. This should definitely give you confidence to design and create network architecture for any given requirements.
This is our first exercise and its very simple. Make sure you follow each step carefully and remember what we did so that while doing next exercises, it will be easy for you to set the things up quickly.
In this exercise, learn how to setup VPC with Public Subnet and connect to EC2 instance launched in this Subnet.
Here, we are not using default VPC. In the real world scenario, when you would require a Web application to be accessible over internet, typically you will create this kind of the setup. Optionally, you may choose to assign Elastic IP to EC2 instance instead of Public IP as Elastic IPs remains associated with the instance even after instance restart or you can detach and re-attach to another EC2 instance.
In this exercise, learn how to setup VPC with Public and Private subnets. We then create EC2 instances in each subnet and connect to Private EC2 instance via EC2 instance in Public Subnet.
In real life, you would have Web server or public facing instances in Public subnets and Application servers/Database servers in private subnet. You can build your network as explained in this video and achieve the desired network security and isolation.
In this exercise, learn how to NAT Gateway to allow EC2 instances in Private subnet to access internet.
In real life, you will have Application servers/Database servers in private subnet but still need to have internet connectivity to download packages from the internet. For this NAT can be used where it allows instances in private subnet to access internet but we can not reach to these instances from over the internet
In this exercise, learn how to use EC2 instance as NAT instead of NAT Gateway.
Understand that NAT Gateway is managed AWS service which automatically scales and is highly available in the AZ. When we use EC2 instance as NAT, its called NAT Instance. In that case, the availability and bandwidth scaling is limited and hence NAT Instance might not be a good choice for deploying in production environment. Typically people deploy NAT instance in Dev/QA environments and use NAT Gateway in Production environment.
In this exercise, learn how to setup VPC peering between 2 VPCs across AWS Regions. VPC Peering is very important feature of AWS networking by which you can create private connectivity between 2 VPC. The EC2 instances in these VPCs can communicate with each other over Private IP addresses.
With VPC Peering, you don't require to have VPN connection and no need to expose your applications over internet if only other customers in AWS need to access it securely.
This lecture captures the VPC peering features, limitations and use cases. Though VPC Peering is an important offering from AWS, it has been designed in a way that it does not allow transitive access. Due to this, VPC peering is a safe networking construct which you can use to allow private communication between workloads hosted in same or different AWS accounts in same or different AWS regions.
In this exercise, we will see how to use VPC Endpoint gateway which enables a private connection between VPC and another AWS service (currently only S3 and DynamoDB). If enabled, you do not require IGW or NAT when EC2 needs to access S3 or DynamoDB in same AWS region. The traffic between VPC & AWS service does not leave the Amazon network.
VPC endpoint gateway scales automatically and provides consistent bandwidth for S3 or DynamoDB access. Using VPC endpoint gateway instead of internet to access S3. It saves you considerable data transfer cost (and NAT charges). Also VPC endpoint gateway scales automatically as more bandwidth is required.
In this exercise, you will learn how your applications hosted privately in AWS can be exposed securely to other AWS services.
By definition, AWS PrivateLink simplifies the security of data shared with cloud-based applications by eliminating the exposure of data to the public Internet. AWS PrivateLink provides private connectivity between VPCs, AWS services, and on-premises applications, securely on the Amazon network. AWS PrivateLink makes it easy to connect services across different accounts and VPCs to significantly simplify the network architecture.
In this exercise, we will host a Webserver service in one of the VPC in private subnet and will expose this service to service consumer in other VPC.
In this lecture, we will see how to host static website on S3. However AWS provides custom aws dns names for website hence we need to map our own domain name to AWS provided dns name. This is done using AWS Route53 service. Here for this exercise, I have got my domain from Godaddy and I updated godaddy DNS to resolve to AWS Route53 DNS. Then added record set in AWS Route53 to point the my custom domain to S3.
Note that AWS S3 does not provide a single IP address for websites hosted on S3, hence we have to use Route53 Alias record set to point our domain name to S3 DNS.
In this exercise, we will see how to use Route53 to achieve AWS Region level failover. As you already know we can use ELB with backend EC2 instances to achieve high availability within same AWS region. However many a times its required to distribute your workloads across AWS regions e.g for failover, country specific regulations, providing lower latency to endusers etc. In this case, we need to manage the traffic at DNS level and its done using different AWS Route53 routing policies.
In this exercise, we will be using Failover routing policy where we configure the Primary and Secondary sites in different AWS regions and then simulate the primary site failure which results in DNS switching to secondary site.
In this lecture, we will see how to enable HTTPS for websites hosted on S3. In the last lecture we hosted static website on S3 however we can't make it HTTPS as S3 does not support uploading SSL certificates. For this we need to have CloudFront (CDN) which acts as a front end for our website. We can deploy SSL certificate on CloudFront and it also caches the static contents like Pictures/Media giving user better experience by serving the contents from the nearest edge location.
For this exercise, we need to have your own domain name. You can buy that either from AWS or from any other domain registrar like Godaddy or namecheap etc. To know how to redirect your DNS queries from domain registrar to AWS Route53, please refer earlier lecture "Hosting website on S3 using custom domain name.."
In this exercise, we will see how to setup Site-To-Site IPSec VPN connection between AWS VPC and simulated data center. As we don't have our own datacenter (physical) router on the other end, we will use EC2 instance as VPN endpoint which has OpenSWAN VPN software installed.
After completing this exercise, you will know how VPN works in real world. As a next step, you may also want to setup VPN connectivity between AWS and Google Cloud or AWS and Azure cloud.
From 0 to 1: Hive for Processing Big DataLoony Corn