VPC Security and Control
The course is part of these learning paths
This course has been designed to give you an overview of the AWS Virtual Private Cloud and its associated networking components. This will help you to architect and build your VPC for a variety of different workloads and use cases. The topics covered within this course include:
- Virtual Private Clouds (VPCs)
- Route Tables
- Network Access Control Lists (NACLs)
- Security Groups
- NAT Gateways
- Bastion Hosts
- VPN and Direct connection
- VPC Peering
- AWS Transit Gateway
Who should attend this course?
Those who are relatively new to AWS to gain a better understanding of how to construct and architect virtual private cloud
Those looking to learn more about AWS networking features and components
Those studying for the AWS solutions architect certifications
- Confidently architect a VPC across multiple availability zones within a Region
- Explain different networking components commonly used within AWS VPCs
- Secure your VPCs, helping you to protect your resources within them
- Assess which method of connectivity to your VPCs would be best in different scenarios
To get the most from this course then you should have some exposure to AWS, for example, EC2, however, this is not essential.
So, the final element I want to talk to you about is the AWS Transit Gateway. And this is essentially a development on from the VPC peering. In today's world we're using more and more VPCs to segment and manage different workloads and as our organization gets bigger and bigger, we're creating more and more VPCs, we have more and more connections from our remote locations such as our data centers and offices, et cetera and creating VPC pairing connections to each one of these bearing in mind it's a one-on-one connection can be very cumbersome and time consuming and just not very well to manage.
So, let's say we had four VPCs represented by these circles here. And we also had a couple of remote offices as well. So, one there and one there. Now if we wanted to connect these VPCs into our office locations, now based on what we've already spoken about so far, we can use VPC pairing to link our VPCs together. But as we know, this is just a one-one-one connection, so we also need a connection across there and also a connection across there. So, we have one, two, three, four, five, six VPC pairing connections there. Now one of these remote locations might be using a VPN connection to get to that VPC, and also a VPN connection there and maybe even a third VPN connection to this VPC as well and this remote location might be used in Direct Connect to get to a couple of different VPCs in different regions. Now, that is a lot of connections and a lot of gateways to manage. We have customer gateways at the remote ends and also private gateways within our VPCs as well.
What AWS Transit Gateway allows you to do is to connect all of this infrastructure, so all of your VPCs, all of your remote locations, whether it's over Direct Connect or VPN via a central hub. So, let's take a look at how that looks. So, again we have our four VPCs and also we have our two data centers here at the bottom, our two remote locations. However, this time, we have the AWS Transit Gateway in the middle. Now, for each VPC or remote location that we want to allow to talk to each other, then all we need to do is to create a single connection to the Transit Gateway, so one from each of the VPCs and also one each from the remote locations as well. Again, these will be a VPN connection and maybe a Direct Connect connection. So, either way, VPN, Direct Connect or VPC, they all connect to this central hub, this AWS Transit Gateway.
As you can see between the two designs, this one over here has a lot more connections than this one over here. So, the AWS Transit Gateway simplifies your whole network connectivity. It allows all of your VPCs to easily communicate with one another and also communicate with your remote locations as well. All the routing is managed centrally within that hub and when any new remote locations or VPCs are created, for example, you might have another two VPCs created, all you'd need to do is to connect it to the AWS Transit Gateway and each of these new VPCs can then communicate with the entire rest of your infrastructure.
Now because the Transit Gateway goes through this central hub, it allows you to centralize all your monitoring as well for your network traffic and connectivity all through the one dashboard which is great. So, that was just a very quick high-level overview of AWS Transit Gateway and how it differs from the VPC pairing. And that's the last component I want to discuss in this course relating to VPCs and network connectivity.
So, in the final lecture, I'm just going to quickly review what we've covered throughout this course.
About the Author
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 60++ courses relating to Cloud, most within the AWS category with a heavy focus on security and compliance
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.