This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the core networking concepts and services relevant to the SAP-C02 exam. We start with an introduction to the AWS Virtual Private Network (VPC) and networking services. We then understand the options available and learn how to select and apply AWS networking, DNS, and content delivery services to meet specific design scenarios relevant to the AWS Certified Solutions Architect - Professional exam.
Want more? Try a Lab Playground or do a Lab Challenge!
Learning Objectives
- Get a foundational understanding of VPCs, their security, and connectivity
- Learn about VPC sharing using the AWS Resource Access Manager
- Discover inter-regional and intra-regional communication patterns in AWS
- Learn about AWS Direct Connect, along with its implementation, configuration, and connectivity options
- Understand routing in AWS, including static and dynamic routing
- Understand the basics of networking, including Elastic IP addresses, Elastic Network Interfaces, networking with EC2, VPC endpoints, and AWS Global Accelerator
- Learn about the DNS and content delivery services Amazon Route 53 and Amazon CloudFront
So, the final element I want to talk to you about is the AWS Transit Gateway. And this is essentially a development on from the VPC peering. In today's world we're using more and more VPCs to segment and manage different workloads and as our organization gets bigger and bigger, we're creating more and more VPCs, we have more and more connections from our remote locations such as our data centers and offices, et cetera and creating VPC pairing connections to each one of these bearing in mind it's a one-on-one connection can be very cumbersome and time consuming and just not very well to manage.
So, let's say we had four VPCs represented by these circles here. And we also had a couple of remote offices as well. So, one there and one there. Now if we wanted to connect these VPCs into our office locations, now based on what we've already spoken about so far, we can use VPC pairing to link our VPCs together. But as we know, this is just a one-one-one connection, so we also need a connection across there and also a connection across there. So, we have one, two, three, four, five, six VPC pairing connections there. Now one of these remote locations might be using a VPN connection to get to that VPC, and also a VPN connection there and maybe even a third VPN connection to this VPC as well and this remote location might be used in Direct Connect to get to a couple of different VPCs in different regions. Now, that is a lot of connections and a lot of gateways to manage. We have customer gateways at the remote ends and also private gateways within our VPCs as well.
What AWS Transit Gateway allows you to do is to connect all of this infrastructure, so all of your VPCs, all of your remote locations, whether it's over Direct Connect or VPN via a central hub. So, let's take a look at how that looks. So, again we have our four VPCs and also we have our two data centers here at the bottom, our two remote locations. However, this time, we have the AWS Transit Gateway in the middle. Now, for each VPC or remote location that we want to allow to talk to each other, then all we need to do is to create a single connection to the Transit Gateway, so one from each of the VPCs and also one each from the remote locations as well. Again, these will be a VPN connection and maybe a Direct Connect connection. So, either way, VPN, Direct Connect or VPC, they all connect to this central hub, this AWS Transit Gateway.
As you can see between the two designs, this one over here has a lot more connections than this one over here. So, the AWS Transit Gateway simplifies your whole network connectivity. It allows all of your VPCs to easily communicate with one another and also communicate with your remote locations as well. All the routing is managed centrally within that hub and when any new remote locations or VPCs are created, for example, you might have another two VPCs created, all you'd need to do is to connect it to the AWS Transit Gateway and each of these new VPCs can then communicate with the entire rest of your infrastructure.
Now because the Transit Gateway goes through this central hub, it allows you to centralize all your monitoring as well for your network traffic and connectivity all through the one dashboard which is great. So, that was just a very quick high-level overview of AWS Transit Gateway and how it differs from the VPC pairing.
Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.