-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathVPC.utils
More file actions
220 lines (126 loc) · 2.94 KB
/
VPC.utils
File metadata and controls
220 lines (126 loc) · 2.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
MINIO
==================================================
Faizal Khan
Ecomm India Cloud IT
Before VPC:
VPN
Direct Connect
Regions,Avaiblityzones etc..
Network: Routers ,IPs etc
Login AWS
Login VPN
Logical Network : VPC
VPC: (Logical separated)
Create user defiendd virtual networks(IPV4/IPV6)
Allows controll of the networking enviornemnt
AWS Cloud -->VPC
Subnetworks --> Small chunks
ApplicationServer Subnets private
Database Server Subnets private
WebServer Subnets Public
router is connecting differetnt Subnets
VPC Architecure
AWS
region
VPC
Public Subnet PrivaeSubnet privateSubnet/PublicSubnet
Subnet : Must be one aviable zone
Subnet:Breaks multiple privte or public but must be one Zone
RouteTable & Router
Router:it is looking
Routetable:
ElasticIP & ElasticNetwork Interface
ElasticIP: Static perment IP/Public
InternetGateWay:
User -->InternetWay --->VPC --Public Subnet
CustomerGateway & VPN Connection & Virtual Private Gateway
VPC Peering -->
VPC Endpoints
NAT Gateway
IP Address & Subnets
192.168.100.201
Octet=8 bits
11000000.10100100.011000.11001001
32 bits
Note: IPV6 128 Bits
IP CIDR Range:10.0.0.0/16 ( this represents)
2 digits change
10.0.0.0 - 10.0.255.255
10.0.0.0/24
10.0.0.0--> 10.0.0.255
192.168.16.39/32
Subnet Caclutor ?
private IP Address
RFC1918 Standard
10.0.0.0 --10.255.255.255(10/8 Prefix)
172.16.0.0 172 (10/12 Prefix)
192.168.0.0
10.0.0.0 Network Address
10.0.0.1 VPC Router
0.2 Reserved by AWS dnS Server
0.3 Future use
0.255 Network broadcast address
Subnets 10.0.0.0/16
Aviablity Zone-1a
Routing:
VPC --> 10.0.0.0/16
10.0.1.0/24
Public Route Table (Source & Destincation)
Private Route Table
NAT: GateWay
VPC EndPoints
VPC --Subnets -->InterGateWay --->VPC Endpoint (VPCE)---> S3
VPC Interface Endpoints
KMS
ELB API
Service Catalog
EC2 Systems Manager
NACL & Security groups(Firewall)
NACL'S==> In & outb boud : Subnet Level
Secuirty Groups ==>resource Levles
Security Outbound is allowed & all inbound is denied (Then open port it will allowed)
NACL : We need to specific Both In/Out and also specific allow/deniy
Create VPC:
Name: AWSTest
CiDR: 10.0.0.1/16
IPV6 : NO
Tenancy: Default
Done
VPC Done
Create Subnets:
===> 4 Subnets
Click Subnets --> CreateSub--
Name: public-A
VPC: Name
IPV4: 10.0.0.1/24
Name: public
InterNetGateWay:
Name: test-idw
Attach -- VPC
Allways Default Routes
Create Route table:
private one
public one
Jump host
New VPC
172.16.0.0/16
VPC
VPC ID
Subnets
traceout 172.16.1.39
VPN-IPSec
Secure Private Connectivity Over the Internet
Static VPN
Create Router
Dynamic VPN
BGP (Broad Of GateWay Protocal)
Resillient Dynamic VPN
Resillient Dynamic VPN -Mutliple VPCS
Direct Connect:
Dedicated Network Connection to Aws
Estaiblish a private,dedicated newtork connection toAwS
Amazon CloudFront Edge Location
www.ecomm.in/training
dis
awsdiscuss.com
discussaws.com