My AWS study notes


Amazon Vitual Private Cloud (Amazon VPC)

 A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud.

 A VPC spans all the Availability Zones in the region.

 Amazon VPC consists of following components :
  1. Subnets 
  2. Route Tables
  3. Dynamic Host Configuration Protocol (DHCP) option sets
  4. Security groups
  5. Network Access Control Lists (ACLs)
An Amazon VPC has the following optional components:

  1. Internet Gateways (IGWs)
  2. Elastic IP (EIP) addresses
  3. Elsatic Network Interfaces (ENIs)
  4. Endpoints
  5. Peering
  6. Network Address Translation (NATs) instances and NAT gateways
  7. Virutal Private Gateway (VPG), Customer Gateways (CGWs), and Virtual Private Networks (VPNs)
1. Subnets 

  • A subnet is a segment of an Amazon VPC's IP address range where you can launch Amazon EC2 instances, Amazon Relational Database Service (Amazon RDS) databases, and other AWS resources.
  • CIDR blocks define subnets (10.0.1.0/24 and 192.168.0.0/24). The smallest subnet that you can create is a /28 (16 IP addresses). 
  • AWS reserves first four and last ip addresses of every subnet for internal networking purposes.
  • You can add one or more subnets in each availability zone. Subnets reside within one availability zone and can not span across zones.
  • You can however have multiple subnets in one availability zone.
  • Subnests can be classified as Public,Private or VPN only.
        Public subnet 
  • A public subnet is one in which the associated route table directs the subnet's traffic to the Amazon VPC's IGW(Internate Gateway)
       Private subnet 
  • A private subnet is one in which the associated route table does not direct the subnet's traffic to the Amazon's VPC's IGW.
      VPN only subnet
  • A VPN-only subnet is one in which the associated route table directs the subnet's traffic to the Amazon VPC's VPG and does not have a route to IGW.
    Regardless of the type of subnet, the intenal IP address range of the subnet is always private(that is, non-routable on the Intenate).

Default Amazon VPCs contain one public subnet in every Availability Zone within the region with a netmask of /20.



Comments

Post a Comment

Popular posts from this blog

Pentaho - Lenient data conversion

         Usage of Lenient Data Conversion Recently while upgrading Pentaho from older version 4.1 to 6.x I face some issues related to backward compatibility.I noticed that behavior of Pentaho 4.1 to 6.x is different while validating the data. On digging the source code of PDI on git, I understood the behavior change made by Pentaho.  The behavior till Pentaho 4.1 was not to change the source data as much as possible i.e.  If you have some spread sheet which you mapped some column as integer and the value provided is $12.Pentaho will try to parse '$12' and extract 12 and store it! While in Pentaho 6.0 (I have see the behavior in 6.0,it may have been introduced earlier) what is called as 'strict data conversion' has been implemented and made as default behavior.As a result of this Pentaho will no more try to parse above '$12' however will through data validation error. For users, who don't want to change earlier be...
Read more

How Istio service mesh can keep Spring Boot microservices light weight

How Istio service mesh can keep Spring Boot microservices light weight Over the years Spring Boot has become de facto chose for designing in building microservices. The micro service architecture brings lot of benefits by decomposing monolith into small independent components. However, which also brings common challenges related to distributed computing architecture. To overcome those challenges spring cloud has added many libraries like -         Eureka for service registry -         Hystrix for circuit breaker -         Zipkin for distributed tracing to name a few. All the above mentioned are cross cutting concerns and not limited to specific microservices. Hence one need to add these libraries into all micro services and embed them in the code by annotating them. This is invasive approach. As Kubernetes become preferred container orchestration platform, service...
Read more