KEMBAR78
DevOps Training AWS-part2 | PDF | Internet | Cyberspace
0% found this document useful (0 votes)
4 views8 pages

DevOps Training AWS-part2

Uploaded by

atulmisal97
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
4 views8 pages

DevOps Training AWS-part2

Uploaded by

atulmisal97
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Agenda

1. VPC overview

2. SNS

3. Lambda

Amazon VPC
Virtual data Centre in cloud

• A virtual private cloud (VPC) is a virtual network dedicated to your AWS account.
It is logically isolated from other virtual networks in the AWS Cloud. You can
launch your AWS resources, such as Amazon EC2 instances, into your VPC. You
can specify an IP address range for the VPC, add subnets, associate security
groups, and configure route tables.
• When you create an Amazon VPC, you must specify the IPv4 address range by
choosing a Classless Inter-Domain Routing (CIDR) block, such as 10.0.0.0/16.
• The address range of the Amazon VPC cannot be changed after the Amazon VPC
is created.
• An Amazon VPC address range may be as large as /16 (65,536 available
addresses) or as small as /28 (16 available addresses) and should not overlap any
other network with which they are to be connected.
Subnet
A subnet is a range of IP addresses in your VPC.
You can launch AWS resources into a specified subnet. Use a public subnet for resources
that must be connected to the internet, and a private subnet for resources that won't
be connected to the internet
Subnet resides in single AZ
Type of Subnets (Group instances based on your security and operational needs)
1. Public subnet
Subnet's traffic is routed to an internet gateway.
e.g. Web Server
2. Private Subnet
A subnet doesn't have a route to the internet gateway
e.g. DB in private subnet
3. VPN-Only Subnet
A subnet which doesn't have a route to the internet gateway, but has its traffic
routed to a virtual private gateway for a VPN connection
Routing Table
A route table contains a set of rules, called routes, that are used to determine where
network traffic is directed.
A route table’s routes are what permit Amazon EC2 instances within different subnets
within an Amazon VPC to communicate with each other.
Each subnet must be associated with Route Table

Internet Gateway
Allows communication between instances in your Amazon VPC and the Internet.
You must do the following to create a public subnet with Internet access:
• Attach an IGW to your Amazon VPC.
• Create a subnet route table rule to send all non-local traffic (0.0.0.0/0) to the
IGW.

NAT Instance / Gateway


Used to enable instances in a private subnet to connect to the Internet
By default, any instance that you launch into a private subnet in an Amazon VPC is not
able to communicate with the Internet through the IGW.
This is problematic if the instances within private subnets need direct access to the
Internet from the Amazon VPC in order to apply security updates, download patches, or
update application software.
NACL
A network access control list (ACL) is an optional layer of security for your VPC that
acts as a firewall for controlling traffic in and out of one or more subnets.
A network ACL is a numbered list of rules that AWS evaluates in order,
starting with the lowest numbered rule, to determine whether traffic is allowed in or
out of any subnet associated with the network ACL

Peering
An Amazon VPC peering connection is a networking connection between two Amazon
VPCs that enables instances in either Amazon VPC to communicate with each other as if
they are within the same network.
Security layers in vpc

Amazon Virtual Private Cloud provides features that you can use to increase and
monitor the security for your virtual private cloud (VPC):

• Security groups — Act as a firewall for associated Amazon EC2 instances,


controlling both inbound and outbound traffic at the instance level
• Network access control lists (ACLs) — Act as a firewall for associated subnets,
controlling both inbound and outbound traffic at the subnet level
• Flow logs — Capture information about the IP traffic going to and from network
interfaces in your VPC
Simple Notification Service
Amazon Simple Notification Service (Amazon SNS) is a web service that coordinates and
manages the delivery or sending of messages to subscribe endpoints or clients. In
Amazon SNS, there are two types of clients—publishers and subscribers—also referred
to as producers and consumers. Publishers communicate asynchronously with
subscribers by producing and sending a message to a topic, which is a logical access
point and communication channel. Subscribers (i.e., web servers, email addresses,
Amazon SQS queues, AWS Lambda functions) consume or receive the message or
notification over one of the supported protocols (i.e., Amazon SQS, HTTP/S, email, SMS,
Lambda) when they are subscribed to the topic.
AWS Lambda

• AWS Lambda is a compute service that lets you run code without provisioning or
managing servers.
• AWS Lambda executes your code only when needed and scales automatically,
from a few requests per day to thousands per second.
• You pay only for the compute time you consume - there is no charge when your
code is not running
• All you need to do is supply your code in one of the languages that AWS Lambda
supports (currently Node.js, Java, C#, Go and Python).
• You can use AWS Lambda to run your code in response to events, such as
changes to data in an Amazon S3 bucket or an Amazon DynamoDB table; to run
your code in response to HTTP requests using Amazon API Gateway; or invoke
your code using API calls made using AWS SDKs.

Practical
Create lambda functions

You might also like