Bastion Hosts So let’s talk about Bastion Host. So this is the diagram. We have our Bastion Host users. We Ssh into the Bastion Host, which is in a public subnet. And then from the Bastion Host we’re able to Ssh into other Linux instances. So the Bastion Host is used to Ssh into private instances and it sits in the public subnets. And the reason we do this is that’s because the public subnet is connected to all the other private subnets, what we need to do is make…

VPC Flow Logs + Athena So now let’s talk about flow logs. Flow logs helps you capture information about the IP traffic that’s going within your interfaces. And you have three kinds of flow logs. You have the Vpc flow log and that applies to everything within your Vpc. You have the subnet flow logs which applies to something just within your subnet. And then you have the Elastic Network Interface flow log just for one network interface. So overall if you define a VPC flow log then it’s going…

VPC Peering So now let’s talk about Vpc peering. And Vpc peering allows you to connect to Vpc privately, directly, using Aws’s network and to make them behave as if they were in the same network. For this, you need to have non overlapping Cider. So be very careful when you create your Ciders and your Vpc, make sure there are different, make sure they don’t overlap. So let’s take an example. We have Vpc A and Vpc and we want them to be connected somehow. We have to create…

DNS Resolution Options & Route 53 Private Zones Let’s quickly talk about DNS resolution. In a VPC there are two very important settings and the exam may ask you about them. The first one is Enable DNS Support and that is a DNS resolution setting and the default is true and it helps decide if the DNS resolution is supported for the Vpc. That means that if it’s true, there is an 80 s DNS server that will be queried automatically as a primary DNS at. There’s a second setting…

NAT Instances We have our instances in our public subnet that have Internet connectivity thanks to the Internet gateway. But for our instances in our private subnet, they cannot access the Internet. If they were to access it through the Internet gateway, they would also be directly accessible from the Internet. So for this, we need a better solution. And that solution is a Nut. Nat stands for Network Address Translation. Now nat comes into flavor. It comes with Nat instances, which is really outdated, not recommended, but still can…

Subnet Overview and Hands On So next, here comes the time to add subnets. Now, subnets are going to be tied to specific Availability Zones. In this diagram, I’m just doing one AZ. But in practice, we’ll do two AZ just to have some kind of high availability. And so within each AZ, our goal is to create different subnets. And so we’ll create a public subnet and a private subnet, and we’ll see how to make one public and how to make one private in the future, hands on….

Section Introduction For networking. Also, we need to know in and out how to create, operate and manage a VPC. Troubleshooting is also very important. So we’ll look at Amazon Vpc and AWS Direct Connect in this section. Now you may be asking me, oh, I already know how to do Vpc and I say I hope you do. But trust me for to know how to do a VPC you need to look at this diagram and understand everything that goes in there. So have a good look. If…

Routing Policy – Geolocation Okay, let’s talk about the Geolocation routing policy. So it is different from latency based, this one is routing based on the user location. And so here we are saying okay, traffic that originates from the UK should go to this specific IP if that’s a record. And on top of it we should create a default policy in case for example we get a user from Germany, but we haven’t specified a routing policy specifically for Germany. Then we say okay, by default you go…

Route 53 Health Checks So there are health checks in route 53 and the idea is that if an instance is unhealthy just like an Elb, route 53 will not send traffic to that instance. So how do we know if a health check failed? Well, basically an instances or an IP or a URL, whatever you want is deemed unhealthy if it fails three health checks in a row and it’s deemed healthy if it passes three health checks in a row. So pretty easy. Now, the default health…

CNAME vs Alias So let’s try to understand the difference between a CNAME record and an alias record. So if you have an AWS resource that could be a load balancer or cloud front, it will expose an AWS host name. For example, if I have a load balancer, it could be LB 1234 dot es two elb Amazon U s. com. So this is a URL that Amazon Web Services controls. But you don’t. What you want to do is to expose your application as myapp dot my domain….