ANS-C01 Introduction
AWS Config
AWS CloudTrail
Amazon Inspector
AWS Logging Mechanisms
Advanced networking at scale
The course is part of this learning path
In this section of the AWS Certified Advanced Networking - Specialty learning path, we introduce you to the various network management services currently available in AWS that are relevant to the ANS-C01 exam.
Learning Objectives
- Identify and describe the various network management services available in AWS
- Understand the use of AWS Config to assess network infrastructure
- Describe how AWS CloudTrail is used to monitor and audit network infrastructure
- Explain how Amazon Inspector is used to enhance AWS network security and compliance
- Describe how VPC Flow Logs are used to capture IP traffic within the AWS Cloud
- Identify strategies for solving common issues that occur when running cloud networking at scale
Prerequisites
The AWS Certified Advanced Networking - Specialty certification has been designed for anyone with experience designing, implementing, and operating complex AWS and hybrid networking architectures. Ideally, you’ll also have some exposure to the nuances of AWS networking regarding the integration of AWS services and AWS security best practices. Many exam questions will require advanced level knowledge of many AWS services, including AWS networking services. The AWS Cloud concepts introduced in this course will be explained and reinforced from the ground up.
- Hi, this is Mike. I'm a solution architect with Aviatrix, and today I'm gonna show you how to use Aviatrix to solve a common cloud networking challenge, connecting your corporate data center, with many VPCs often in multiple cloud providers in various accounts and regions spread across the globe. We use the controller we set up in our previous video to build out a solution. AWS promotes using a global transit architecture to solve this problem, and recommends Aviatrix for implementing the solution. With the global transit architecture, we can share a single direct connection with many VPCs, reducing the friction of on-premise teams while providing the agility cloud teams have come to expect. Our final architecture will look like this. We'll build out each component and connection using a wizard provided in the Aviatrix controller. Let's start by logging into our controller and going to the transit network wizard. You can read about these steps in more detail from our documentation. Let's take a look at step one. Our first step is provision Aviatrix gateway and its HA counterpart, and place it in the transit EPC. To start off, you'll need to provide a name for this gateway and select the appropriate AWS account, region, VPC, and subnet. We are gonna deploy this gateway. Finally, select the size of the gateway. The gateway size can be changed at any time, so we often recommend starting with something small, like a t2.micro, and adjusting as your needs require. Next, enable HA by selecting the transit gateway we just created and a subnet in a different availability zone and clicking enable. When that's complete, let's connect our transit gateway to the VGW where your direct connect connection terminates. The transit gateway will exchange routes using VGP with your data center and the cloud using this tunnel. Once the routes are exchanged, the controller will propagate the routes to the connected VPCs and AWIs or any other connected cloud environments. We'll provide a name in ASN, then select the account and region where your VGW resides. Once ready, click okay to make the connection. Now we're ready to prepare our spoke VPCs for connectivity to the data center. Let's start with our first spoke, the production VPC. First we'll deploy an Aviatrix gateway in this VPC. Give it a name and then select the account, region, VPC, and subnet from the drop-downs. And then click okay once you're ready to deploy it. Once the gateway is deployed, we can enable HA for this spoke. If there's a problem, the controller will detect it, fill over automatically, and alert you, so you never have to worry about downtime on this gateway or any other tunnels that are connected. Now we'll complete the same steps for the other two VPCs. We'll start with the staging, followed by development. These steps can be repeated for each VPC you have that needs connectivity to the data center. Whenever a VPC needs connectivity, you can either come back here and repeat these steps or automate them using Terraform, CloudFormation, Python Go SDKs, or even use the REST APIs directly. With a centralized controller, Aviatrix contains everything you need in one place. There are no external scripts to manage and maintain, and no confusion over who to call for support when there's a problem. Centralized management also means a central place to go for logging, monitoring, alerting, so you always know the health of your gateways. You can also forward these logs to other systems with built-in integration, with Sumo Logic Datadog, for example. Aviatrix is built from the ground up using cloud native approaches, with cloud teams in mind, so it's simple to use and simple to manage. With a gateway in each spoke and HA-enabled, we're ready for these instances to be connected to our data center via the transit VPC. In order for this connectivity to be established, we'll attach our VPCs to the transit one-by-one. This can be done whenever you're ready to establish connectivity, either earlier with the steps of creating the gateway or now or at a later date, whenever you prefer. Remember, there is no VTP in the cloud. It's all software-defined. If a problem occurs, a cloud operations team member can easily handle the troubleshooting without worrying about learning a new protocol. There's a convenient table that shows you the current display of spokes in HA. And that's it. In just a few short minutes, you've set up AWS's recommended global transit architecture in your environment. This architecture makes it easy to add new VPCs that require connectivity to the data center without requiring changes to your on-premise firewall or router. Routes are automatically propagated between the cloud and your on-premise environment. Give Aviatrix a try today at aviatrix.com/trial. Thanks for watching.
Lectures:
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.