AWS Networking Basics
AWS Networking Architecture
AWS 160, from Cloud Academy's comprehensive Amazon Web Services learning tracks series, provides a full introduction to AWS networking. You'll get a good first look at some of the key structural elements of AWS traffic control, like Virtual Private Clouds (VPCs), security groups, and IP addressing. We'll also briefly discuss such critical networking services as CloudFront, Route53, Auto Scaling, and Load Balancing.
AWS160 is part of the 100 level course series (the AWS Technical Foundation Track) which, in turn, lays the groundwork for our 200 series (intermediate level skills) and 300 series (advanced skills).
If you have thoughts or suggestions for this course, please contact Cloud Academy at firstname.lastname@example.org.
Besides the basic network and services we described in the previous videos from this course, AWS offers a very rich range of tools for managing traffic allowing you to optimize a delivery of your applications to fit just about any scenario you can imagine. However, we're not going to go into any great detail now.
There are videos on Cloud Academy including some of those from this AWS content model series that cover the practical steps to setup and manage these services. At this point, it's really enough to simply introduce you to the resources that are available to you. If you're in the business of providing users with content of just about any kind then you would probably like them to have it as soon as possible. The problem is that bottlenecks along vastly disperse networks, not to mention the sheer size of some of the media you serve can slow things down. AWS's CloudFront can do a lot to shorten the physical distances between your data and the users who need it.
Significantly cutting the latency time they'll experience. A CloudFront distribution will create and regularly update copies of your content on Amazon service around the world. Therefore when a user in Brazil requested a page on your website he or she might not get the same actual copy as another user making the same request in Finland as each will be directed to the hosting serve it as geographically closest to their location.
Route53 offers three key services, record creation or the main registration, health checks and request handling to direct web request to the right server. The main registration allows you to associate human readable web addresses like cloudacademy.com for instance with the IP address belonging to your website or service. Health checks ensure that the resources to which you'd like Route53 to direct incoming traffic are actually healthy enough to handle it, and request handling can be use to redirect traffic between resources in the most efficient and productive ways. So for instance, you could create routing policies that will favor one resource over another using either waited or failover policies. Well, that will favor one geographic region over another called geolocation policies.
If your service experiences occasional spikes in demand, you certainly don't want to pay for 365 days a year of server resources that might only be us for a few dozen hours. But you also don't want to be cut short when something sparks or run on your product. The most common solution to this design problem is autoscaling through which you tell Amazon's EC2 to monitor a predetermined usage metric and show demand rise or fall grammatically enough to adjust the number or server instances currently running to properly address demand. A close cousin to autoscaling in the configuration of intelligent application delivery designs is load balancing. If you've got more than one server currently providing your service, you'd like your available resources to provide steady accessibility. However, since you can't expect users to meet the unevenly divide their business between your various servers, load balancing can be designated to do the job for you.
Building a load balancer can redirect incoming traffic between service at which ever ideal rate you set. In AWS terms a VPN, Virtual Private Network is a network connection between your Amazon resources within an AWS VPC and data or services in your own local data center. Such architectures are often called hybrid cloud deployments because part of their infrastructure lives in the Amazon cloud and part at your physical location. To configure and establish the connectivity needed for such a network you'll need to be able to identify your customer gateway.
The customer gateway is usually a physical firewall device like a Juniper sitting at the edge of your local network. You'll also need to create the VPN itself, a Virtual Private Gateway VPG with its routing rules and to associate the VPG with your VPC. Even if you don't want to split your data and applications between the AWS cloud and your local data center you might benefit from a faster connection to Amazon allowing greater security, a much faster transfer speeds between your office and your AWS resources. AWS is DirectConnect provided through Amazon's AMP partners can establish a dedicated network connection between your network and an AWS direct connect location using industry standard 802.1q vlans. So that's it for AWS Networking Fundamentals. You should by now understand the basic structure that AWS VPCs, Subnets and traffic control tools like internet gateways and routing tables. You should also now be familiar with the basic functions of many of AWS's other networking services like Route53 and DirectConnect. Now that you've completed the AWS 160 course you might like to complete all of the 100 level courses by taking AWS Database Fundamentals AWS 180 and AWS Security Fundamentals AWS 190.
About the Author
David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.
Having worked directly with all kinds of technology, David derives great pleasure from completing projects that draw on as many tools from his toolkit as possible.
Besides being a Linux system administrator with a strong focus on virtualization and security tools, David writes technical documentation and user guides, and creates technology training videos.
His favorite technology tool is the one that should be just about ready for release tomorrow. Or Thursday.