This section of the Solution Architect Associate learning path introduces you to the core networking concepts and services relevant to the SAA-C03 exam. We start with an introduction to the AWS Virtual Private Network (VPC) and networking services. We then understand the options available and learn how to select and apply AWS networking services to meet specific design scenarios relevant to the Solution Architect Associate exam.
Want more? Try a lab playground or do a Lab Challenge!
Learning Objectives
- Get a foundational understanding of VPCs, their security, and connectivity
- Understand the basics of networking including Elastic IP addresses, Elastic Network Interfaces, networking with EC2, VPC endpoints, and AWS Global Accelerator
- Learn about the DNS and content delivery services Amazon Route 53 and Amazon CloudFront
So, the final element I want to talk to you about is the AWS Transit Gateway. And this is essentially a development on from the VPC peering. In today's world we're using more and more VPCs to segment and manage different workloads and as our organization gets bigger and bigger, we're creating more and more VPCs, we have more and more connections from our remote locations such as our data centers and offices, et cetera and creating VPC pairing connections to each one of these bearing in mind it's a one-on-one connection can be very cumbersome and time consuming and just not very well to manage.
So, let's say we had four VPCs represented by these circles here. And we also had a couple of remote offices as well. So, one there and one there. Now if we wanted to connect these VPCs into our office locations, now based on what we've already spoken about so far, we can use VPC pairing to link our VPCs together. But as we know, this is just a one-one-one connection, so we also need a connection across there and also a connection across there. So, we have one, two, three, four, five, six VPC pairing connections there. Now one of these remote locations might be using a VPN connection to get to that VPC, and also a VPN connection there and maybe even a third VPN connection to this VPC as well and this remote location might be used in Direct Connect to get to a couple of different VPCs in different regions. Now, that is a lot of connections and a lot of gateways to manage. We have customer gateways at the remote ends and also private gateways within our VPCs as well.
What AWS Transit Gateway allows you to do is to connect all of this infrastructure, so all of your VPCs, all of your remote locations, whether it's over Direct Connect or VPN via a central hub. So, let's take a look at how that looks. So, again we have our four VPCs and also we have our two data centers here at the bottom, our two remote locations. However, this time, we have the AWS Transit Gateway in the middle. Now, for each VPC or remote location that we want to allow to talk to each other, then all we need to do is to create a single connection to the Transit Gateway, so one from each of the VPCs and also one each from the remote locations as well. Again, these will be a VPN connection and maybe a Direct Connect connection. So, either way, VPN, Direct Connect or VPC, they all connect to this central hub, this AWS Transit Gateway.
As you can see between the two designs, this one over here has a lot more connections than this one over here. So, the AWS Transit Gateway simplifies your whole network connectivity. It allows all of your VPCs to easily communicate with one another and also communicate with your remote locations as well. All the routing is managed centrally within that hub and when any new remote locations or VPCs are created, for example, you might have another two VPCs created, all you'd need to do is to connect it to the AWS Transit Gateway and each of these new VPCs can then communicate with the entire rest of your infrastructure.
Now because the Transit Gateway goes through this central hub, it allows you to centralize all your monitoring as well for your network traffic and connectivity all through the one dashboard which is great. So, that was just a very quick high-level overview of AWS Transit Gateway and how it differs from the VPC pairing.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.