Sunday, 3 February 2019

AWS VPC - Amazon web services - virtual private cloud

Creating n-tier web based application architecture on aws vpc. Will have firewal rule for the servers to communicate on specific port for security purpose.

In DC:
Web Server - 2
Application Server - 2
Database Server - 2
Reporting Server - 2
File Server - 1

In DR:
Web Server - 2
Application Server - 2
Database Server - 2
Reporting Server - 2
File Server - 1



1.    By default 1 VPC available in each region
2.    By default 2 or more Availability Zones exists in each region i.e. “ap-south-1a” and “ap-south-1b”.
3.    By default, Each Availability Zone has 1 Public Subnet. So total 2 public subnet is available.
4.    We can create Private subnet in Availability Zone as mentioned in above image.
5.    Security Group – by default all ports will be blocked.
6.    Security Group – Ports need to open in security group for instance i.e. Http, SSH etc.
7.    By Default will have 1 Security Group
8.    By Default will have 1 Network ACLs
9.    Can block IP address in Network ACLs
10.    By default will have 1 Route Table when we create VPC
11.    By default will have 1 Internet Gateway
12.    All subnets will be connected to ACL’s and Route Tables
13.    All instance will be connected to Security Group.
14.    Go in “VPC Dashboard” > Your VPC > The IPv4 CIDR in VPS, specify the list of IP’s we can have in this VPC


15.    http://cidr.xyz/ to check range of IP’s
16.    Default Subnets.
17.    Instances connected with public subnet will have internet access.
18.    Instance connected with private subnet will not have internet access.
19.

20.    Instance > Subnet > Route Table > Internet Gateways = Instance having internet access and in Public Subnet
21.    Instance > Subnet > Route Table  = Instance don’t have internet access and in Private Subnet

How to plan IP Address



Exam Tips:
1.    VPC provision a logically isolated section of the AWS cloud where you can launch AWS resources in a Virtual network that you define.
2.    Complete control over virtual networking environment, including section of your own IP range, creation of subnets, and configuration and route tables and network gateways.
3.    You can use both IP4 and IPv6 in your VPC for secure and easy access to resources and applications.
4.    You can create a public facing subnet for your web servers
5.    Private subnet for application and database servers with no internet access.
6.    Can have multiple layers of security including security groups, network access control list (ACL) to help control access to EC2 instance.
7.    You can create HARDWARE VIRTUAL PRIVATE (VPN) connection between your corporate data center and your VPC and leverage the AWS cloud as an extension of your corporate data center.
8.    Pricing- this is free of cost service, however you will be charged for the resources you use.
9.    Subnet- where you define the small networks for your different requirements like Web Server subnet, DB Subnet etc.
10.    Route Table – here you define the routing paths with connecting subnets.
11.    Internet Gateway – it is used to provide the internet connectivity to your VPC resources. Only 1 internet gateway can be connected to 1 VPC.
12.    Egress Internet Gateway- Similar to internet gateway but used for IPv6 resources.
13.    Nat gateway/ Nat instances- similar to internet gateway but better choice to provide internet to your private subnet machines.
14.    VPC Peering- VPC peering is used to merge two or more VPC in same or different AWS accounts/ Subscription.
15.    Security Groups- Security groups are state full and works as firewall for instances. Rules works at instance level.
16.    NACL- network access control lists application on subnet and is stateless.
17.    Customer Gateway- you need to setup a supported device which will work as a onsite premises gateway for creating VPN.
18.    Virtual Gateway- VG will be created on AWS VPC side for setting up VPN.
19.    VNP Connection- once CG and VG ready, you can create a VPN connection.
20.    A variety of connectivity options exist for your amazon VPC. You can connect your VPC to the internet, to your data center, or other VPCs, based on the AWS resources that you want to expose publicly and those that you want to keep private.
21.    Connect directly to the internet (public subnets) - you can launch instances into a publicly accessible subnet where they can send and receive traffic from the internet.
22.    Connect to the internet using Network Address Translation (private subnets) - private subnets can be used for instances that you do not want to be directly addressable from the internet. Instances in a private subnet can access the internet without exposing their private IP address by routing their traffic through a network address translation (NAT) gateway in a public subnet.
23.    Connect securely to you corporate datacenter- All traffic to and from instances in your VPC can be routed to your corporate datacenter over an industry standard, encrypted IPsec hardware VPN connection.
24.    Connect privately to other VPCs – Peer VPCs together to share resources across multiple virtual networks owned by your or other AWS accounts.
25.    Privately connect to AWS services without using an internet gateway, NAT or firewall proxy through a VPC endpoint. Available AWS services include S3, Dynamo DB, Kinesis streams, service catalog, ec2 systems manager (SSM), Elastic load balancer (ELB) API, and Amazon Elastic compute cloud (EC2) API.
26.    Elastic IP address (EIP) - If you require a persistent public IP address that you can associate and disassociate at will, use an Elastic IP address (EIP) instead. You can allocate your own EIP, and associate it to your instance after launch.

3 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Those guidelines additionally worked to become a good way to recognize that other people online have identical fervor like mine to grasp a great deal more around this condition. and I could assume you are an expert on this subject. Same as your blog i found another one Sell On Amazon .Actually I was looking for the same information on internet for Sell On Amazon and came across your blog. I am impressed by the information that you have on this blog. Thanks a million and please keep up the gratifying work.

    ReplyDelete
  3. An awesome blog for the freshers. Thanks for posting this information.
    AWS Training
    AWS Course

    ReplyDelete

Jenkins Startup and Configuration

Steps to setup jenkins on ubuntu:- -After installation. check the jenkins services running on not on the server. sudo service jenk...