AWS Networking Basics
AWS Networking Architecture
AWS 160, from Cloud Academy's comprehensive Amazon Web Services learning tracks series, provides a full introduction to AWS networking. You'll get a good first look at some of the key structural elements of AWS traffic control, like Virtual Private Clouds (VPCs), security groups, and IP addressing. We'll also briefly discuss such critical networking services as CloudFront, Route53, Auto Scaling, and Load Balancing.
AWS160 is part of the 100 level course series (the AWS Technical Foundation Track) which, in turn, lays the groundwork for our 200 series (intermediate level skills) and 300 series (advanced skills).
If you have thoughts or suggestions for this course, please contact Cloud Academy at firstname.lastname@example.org.
About the Author
David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.
Having worked directly with all kinds of technology, David derives great pleasure from completing projects that draw on as many tools from his toolkit as possible.
Besides being a Linux system administrator with a strong focus on virtualization and security tools, David writes technical documentation and user guides, and creates technology training videos.
His favorite technology tool is the one that should be just about ready for release tomorrow. Or Thursday.
Networking is about ensuring that the flow of digital traffic between instances or services is fast and reliable where necessary and impossible wherever it's dangerous. We'll discuss a number of traffic control tools later but we'll start with IP, internet protocol, addresses. Every network attached device whether it's something physical like a smartphone, laptop or router or a virtual device like an Amazon EC2 instance must have an IP address to identify to other network resources. IP addresses are either assigned automatically by a DHCP server, DHCP stands for Dynamic Host Configuration Protocol or can be manually configured at the device level. Broadly speaking there are two kinds of IP addresses, private and public.
The important difference is that private addresses, as the name suggests, cannot be reached from a public network. To explain that a bit better, when it became apparent that the number of internet connected devices was growing so quickly that we were in danger of running out of IPV4 addresses. Network designers developed Network Address Translation NAT to dynamically remap IP references as packets move between public and private networks.
Using NAT, a private network with hundreds or even tens of thousands of devices could all share a singer public-facing IP address relying on the local router to send everything to the right place based on a strictly local addressing scheme. It became accepted practice to restrict all local NAT addresses to three limited ranges, and to avoid using any IP from these ranges in public. The reserved address ranges are between 10.0.0.0 and 10.255.255.255, 172.16.0.0 and 172.31.255.255 and 192.168.0.0 and 192.168.255.255, all these freed up literally billions of IP addresses for public use.
The downside of course is that local addresses will make no sense in a public network. When you create a virtual network on AWS a VPC, which is a Virtual Private Cloud you can choose which private network range your resources will use. Let's quickly run through the first two steps of creating a new VPC using the VPC wizard.
You needn't worry about some of these details we're only doing this to illustrate choosing an IP address range.
We'll select the VPC using one public and one private subnet. You'll notice that according to the current default settings there'll be more than 65,000 IP addresses available to our network. All in the 10.0.0.0 range. The slash 16 notation tells us that only the first two octets the 10 and the first zero are reserved for network addresses with the remaining two octets available as nodes. Hence, 256 times 256 which equals 65,531. Our first public subnet is restricted to addresses within the 10.0.0.x range, meaning addresses between 10.0.0.2 and 10.0.0.254.
While our private subnet will exist within the 10.0.1.x range receiving addresses between 10.0.1.2 and 10.0.1.254. Now let's take a quick look at how this might work from the perspective of a network device, in this case an EC2 instance. We'll start the process of configuring and launching a virtual computer using EC2. The default VPC for my account lies within the 172.31.0.0 range rather than the 10.0.0.0 we were going to create for the VPC we were just playing with. We can choose to select anyone of four IP ranges each used by a separate availability zone as the host for our new instance. We'll speak a lot more about VPCs, subnets and availability zones later.
For now, though, it's enough that you're aware that devices must have unique IP addresses and that AWS assigns IP addresses within ranges to help identify them as part of specific network segments.