VPC Security and Control
DNS & Content Delivery on AWS
The course is part of this learning path
In this section of the Cloud Practitioner learning path, we introduce you to the various Networking services currently available in AWS that are relevant to the CLF-C01 exam.
- Identify and describe the various Networking services available in AWS
- Describe how to configure an Amazon Virtual Private Cloud (VPC)
- Understand how to control network traffic via Security Groups and Network Access Control Lists (NACLs)
- Describe AWS-managed services for Domain Name System (DNS) and Content Delivery Network (CDN)
- Understand how the AWS global infrastructure is used in conjunction with services like Route 53, CloudFront, and the AWS Global Accelerator to reduce latency and improve application performance for end-users
This course is designed for anyone who is new to cloud computing, so no prior experience with AWS is necessary. While it may be helpful to have a basic understanding of AWS and its services, as well as some exposure to AWS Cloud design, implementation, and operations, this is not required as all of the concepts we will introduce in this course will be explained and reinforced from the ground up.
So, the final element I want to talk to you about is the AWS Transit Gateway. And this is essentially a development on from the VPC peering. In today's world we're using more and more VPCs to segment and manage different workloads and as our organization gets bigger and bigger, we're creating more and more VPCs, we have more and more connections from our remote locations such as our data centers and offices, et cetera and creating VPC peering connections to each one of these bearing in mind it's a one-on-one connection can be very cumbersome and time consuming and just not very well to manage.
So, let's say we had four VPCs represented by these circles here. And we also had a couple of remote offices as well. So, one there and one there. Now if we wanted to connect these VPCs into our office locations, now based on what we've already spoken about so far, we can use VPC peering to link our VPCs together. But as we know, this is just a one-on-one connection, so we also need a connection across there and also a connection across there. So, we have one, two, three, four, five, six VPC peering connections there. Now one of these remote locations might be using a VPN connection to get to that VPC, and also a VPN connection there and maybe even a third VPN connection to this VPC as well and this remote location might be used in Direct Connect to get to a couple of different VPCs in different regions. Now, that is a lot of connections and a lot of gateways to manage. We have customer gateways at the remote ends and also private gateways within our VPCs as well.
What AWS Transit Gateway allows you to do is to connect all of this infrastructure, so all of your VPCs, all of your remote locations, whether it's over Direct Connect or VPN via a central hub. So, let's take a look at how that looks. So, again we have our four VPCs and also we have our two data centers here at the bottom, our two remote locations. However, this time, we have the AWS Transit Gateway in the middle. Now, for each VPC or remote location that we want to allow to talk to each other, then all we need to do is to create a single connection to the Transit Gateway, so one from each of the VPCs and also one each from the remote locations as well. Again, these will be a VPN connection and maybe a Direct Connect connection. So, either way, VPN, Direct Connect or VPC, they all connect to this central hub, this AWS Transit Gateway.
As you can see between the two designs, this one over here has a lot more connections than this one over here. So, the AWS Transit Gateway simplifies your whole network connectivity. It allows all of your VPCs to easily communicate with one another and also communicate with your remote locations as well. All the routing is managed centrally within that hub and when any new remote locations or VPCs are created, for example, you might have another two VPCs created, all you'd need to do is to connect it to the AWS Transit Gateway and each of these new VPCs can then communicate with the entire rest of your infrastructure.
Now because the Transit Gateway goes through this central hub, it allows you to centralize all your monitoring as well for your network traffic and connectivity all through the one dashboard which is great. So, that was just a very quick high-level overview of AWS Transit Gateway and how it differs from the VPC peering. And that's the last component I want to discuss in this course relating to VPCs and network connectivity.
So, in the final lecture, I'm just going to quickly review what we've covered throughout this course.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.