VPC Security and Control
Basic Networking Concepts
DNS & Content Delivery on AWS
The course is part of this learning path
This section of the Solution Architect Associate learning path introduces you to the core networking concepts and services relevant to the SAA-C03 exam. We start with an introduction to the AWS Virtual Private Network (VPC) and networking services. We then understand the options available and learn how to select and apply AWS networking services to meet specific design scenarios relevant to the Solution Architect Associate exam.
- Get a foundational understanding of VPCs, their security, and connectivity
- Understand the basics of networking including Elastic IP addresses, Elastic Network Interfaces, networking with EC2, VPC endpoints, and AWS Global Accelerator
- Learn about the DNS and content delivery services Amazon Route 53 and Amazon CloudFront
Amazon Route 53 is the domain name management service provided by AWS. The domain name management system or DNS is responsible for translating domain names to IP addresses every time we use the internet, similar to a phone book that translates from a person to an actual number to dial. As such, DNS is part of the essential fabric that holds together the internet.
When you use Amazon Route 53 to register a domain, the service becomes the authoritative DNS server for the domain and creates a public hosted zone. A Public zone defines how traffic is routed on the public internet. A Private zone defines how traffic is routed inside a virtual private cloud or VPC. VPCs intended to be used with Private Zones need to have DNS Hostname and DNS Support enabled in their configuration.
Private and Public Hosted Zones are made of records. There is a variety of record types. Two of the more important record types are the Name Server or NS record type and the Start of Authority or SOA record type. Amazon Route 53 creates a set of 4 unique NS records and 1 SOA record in each hosted zone created.
The Name Server (NS) records are used to identify the DNS servers for a given hosted zone.
The Start of Authority (SOA) record is used to define the authoritative DNS servers for an individual DNS zone.
These two records are essential to integrating your domain to the existing DNS system.
Route 53 supports the common record types of DNS including:
The A record is used to map a hostname to an IP address. An A record is used for IPv4 address.
The AAAA record is also used to map a hostname to an IP address. The AAAA record is used for IPv6 addresses.
A Mail exchange (MX) record is used to identify email servers for a given domain. You can have more than one and set the priority using a number. For example, you may have a primary email server with a priority of 10 and a secondary email server with a priority of 20. The lowest number record is used first.
The text (TXT) record is used to provide information in a text format to systems outside of your domain. It has multiple use cases.
A canonical name or CNAME is used to map a hostname to another hostname. This can be used to map multiple names to the same host. For example, when a server needs to respond as webserver using the hostname WWW and mail server using the hostname MAIL at the same time.
Please note that DNS supports record types above and beyond those mentioned here.
One record type that is outside the scope of DNS is the Alias record type.
The Alias record type is unique to Amazon Route 53 and maps a custom hostname in your domain to an AWS Resource which is usually represented by an internal AWS name. For example, CloudFront distributions, Amazon S3 buckets, and Elastic Load Balancers provide you a domain name that is internal to AWS. You can use an alias record to define a custom name to that resource. You can also use Alias records to map to apex records which are the top nodes of a DNS namespace like on example.com or cloudacademy.com
When you create a record using Route 53 you specify the record name, the record type, the actual value, the Time-To-Live in seconds, and the Routing policy for this record.
The Time to Live specifies the amount of time the record is considered valid. The same record result obtained before is used in the future and DNS won’t be queried again until the TTL has expired.
The Routing policy for a record defines how to answer a DNS query. Each type of policy does something different including the possible use of health checks. Let’s talk about those health checks first.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.