VPC Security and Control
Basic Networking Concepts
Introduction to AWS PrivateLink
VPC Sharing using the AWS Resource Access Manager
Inter-Regional and Intra-Regional Communication Patterns
Understanding Direct Connect, Implementation and Configuration
Understanding AWS Direct Connect - Connectivity Options
Examining AWS Routing
DNS & Content Delivery on AWS
Managing Public and Private SSL/TLS Certificates using AWS Certificate Manager
The course is part of this learning path
This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the core networking concepts and services relevant to the SAP-C02 exam. We start with an introduction to the AWS Virtual Private Network (VPC) and networking services. We then understand the options available and learn how to select and apply AWS networking, DNS, and content delivery services to meet specific design scenarios relevant to the AWS Certified Solutions Architect - Professional exam.
Want more? Try a Lab Playground or do a Lab Challenge!
- Get a foundational understanding of VPCs, their security, and connectivity
- Learn about VPC sharing using the AWS Resource Access Manager
- Discover inter-regional and intra-regional communication patterns in AWS
- Learn about AWS Direct Connect, along with its implementation, configuration, and connectivity options
- Understand routing in AWS, including static and dynamic routing
- Understand the basics of networking, including Elastic IP addresses, Elastic Network Interfaces, networking with EC2, VPC endpoints, and AWS Global Accelerator
- Learn about the DNS and content delivery services Amazon Route 53 and Amazon CloudFront
The Routing policy for a record defines how to answer a DNS query. Each type of policy does something different.
The Simple routing policy provides the IP address associated with a name. With Simple routing an A record is associated with one or more IP addresses. A random selection will choose which IP to use. It is important to note that Simple Routing policies do not support health checks. All other routing policies do.
The Weighted routing policy is similar to simple routing and you can define a weight per IP address. Basically, you create records that have the same name and type and assign each record a numerical value that favors one IP address over another. A value of 0 suggests a record is never returned. This is useful for simple load distribution or testing new software. Each record is returned based on the weight compared to the total weight of all records. If a chosen record is Unhealthy, the process is repeated until a healthy record is obtained.
The Geolocation routing policy tags records with a location that can be Default, Continent or Country. It allows you to distribute the IP of a resource that can cater to customers in different countries or different languages. It can also help you protect distribution or licensing rights. You can create a default record for IP addresses that do not map to a geographic location. With geolocation routing an IP check verifies the customer’s location and the corresponding record for that location is returned based on the Location Tag for country, continent, or default.
The Geo-proximity routing policy requires that you use Route 53’s traffic Flow feature and create a Traffic Policy. A traffic policy is a resource that combines one or more routing policies. Geo-proximity records are tagged with an AWS Region or using latitude and longitude coordinates. Geo-proximity routing is based on distance and a defined bias. You can specify a Bias from -99 to 99. This is a value that you can use to route more traffic to an endpoint by using a positive value or Route less traffic to an endpoint by using a negative value. Use the bias of -99 to route the least amount of traffic to an endpoint. You can think of the bias as being able to increase or decrease a region size in terms of coverage. This allows you to shift traffic from one location to another and route traffic based on the location of your resources.
The Failover routing policy is able to route traffic to a primary resource and based on a health check re-direct traffic to a secondary resource. The re-direction happens if the health check fails. Using failover routing you define a record to be primary and a different record to be secondary. You are also required to have a health check pre-defined. The routing of the primary record is active when the health check result is healthy. Otherwise, the secondary record is used.
The Latency routing policy chooses the record with the lowest latency to the customer. You define multiple records with the same name and assign a region to each record. AWS maintains a database of latency between the general location of users and the regions tagged in DNS records. The record used is the one with the lowest recorded latency and is healthy. This may not always be the closest resource, especially if the closest resource is saturated.
The Multi value Answer routing policy returns multiple IP addresses to a query. Up to 8 IP addresses corresponding to healthy records based on a health check are returned. If there are eight or less healthy hosts the response includes all healthy hosts.
Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.