Book Image

AWS Networking Cookbook

By : Satyajit Das, Jhalak Modi
Book Image

AWS Networking Cookbook

By: Satyajit Das, Jhalak Modi

Overview of this book

This book starts with practical recipes on the fundamentals of cloud networking and gradually moves on to configuring networks and implementing infrastructure automation. This book then supplies in-depth recipes on networking components like Network Interface, Internet Gateways, DNS, Elastic IP addresses, and VPN CloudHub. Later, this book also delves into designing, implementing, and optimizing static and dynamic routing architectures, multi-region solutions, and highly available connectivity for your enterprise. Finally, this book will teach you to troubleshoot your VPC's network, increasing your VPC's efficiency. By the end of this book, you will have advanced knowledge of AWS networking concepts and technologies and will have mastered implementing infrastructure automation and optimizing your VPC.

Related Content you might be interested in

Current Title:

Small book image
AWS Networking Cookbook
Satyajit Das | Jhalak Modi
Aug, 2017 | 366 pages
Small book image
Practical AWS Networking
Mitesh Soni
Jan, 2018 | 258 pages
Small book image
Designing AWS Environments
Wayde Gilchrist | Mitesh Soni
Sep, 2018 | 174 pages
Small book image
AWS Security Cookbook
Heartin Kanikathottu
Feb, 2020 | 440 pages
Table of Contents (10 chapters)
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Conventions
Reader feedback
Customer support
Free Chapter
1
Getting Started with AWS Networking Components
Getting Started with AWS Networking Components
Introduction
Creating an account in AWS
Creating an admin user in AWS
Creating a VPC and a subnet with IPv6
Creating an EC2 with an IPv6 address
Creating NAT on EC2 instance
Working with network interfaces
Configuring AWS CLI
2
Building Your Own Custom VPC
Building Your Own Custom VPC
Introduction
Managing a VPC
Managing public and private subnets
Managing a Network ACL
Managing a Security Group
Managing an Internet Gateway
Managing a NAT Gateway
Managing a Route Table
Managing EC2 instances
3
VPC Advanced Components
VPC Advanced Components
Introduction
Assigning multiple IPs to an instance and ENI
Accessing an instance within the network
Accessing an instance from outside AWS
Creating an application ELB
Creating a launch configuration
Creating an Auto Scaling group
Creating VPC peering
Accepting VPC peering
Configuring VPN connections to your Amazon VPC
4
Configuring Global Scale Infrastructure
Configuring Global Scale Infrastructure
Introduction
Creating a VPC and subnet from the CLI
Creating a VPC to DC connectivity--VPN Tunneling
Creating a VPC with a private subnet and connecting DC
Creating a multi-region VPC communication
Setting up a private DNS with a VPC
Migrating to IPv6
5
Working with Infrastructure Automation
Working with Infrastructure Automation
Introduction
Creating, storing, and testing the template--CloudFormation
Creating a new stack--CloudFormation
Modify the stack--CloudFormation
Deleting the stack--CloudFormation
Setting up Ansible
Installing Ansible
Creating Ansible playbooks for creating VPC
6
Working with Route 53
Working with Route 53
Introduction
Registering a new domain
Transferring a domain into Amazon Route 53
Creating hosted zones and record sets
Deleting a public hosted zone
Creating an Alias record set
Creating a private hosted zone
Working with the weighted routing policy
Working with the failover routing policy and health checks
7
Cloud Security and Network Compliance
Cloud Security and Network Compliance
Introduction
Setting up CloudFront--EC2 origin
Setting up CloudFront--S3 origin
Geographic restrictions with Amazon CloudFront
Customizing error responses in CloudFront
Setting up CloudWatch monitoring
Setting up ELB and Auto Scaling
Trusted Advisor
Protecting log information--sending logs to CloudWatch
Starting CloudTrail
Submitting a penetration testing request
8
Troubleshooting and VPC Limits
Troubleshooting and VPC Limits
Introduction
Troubleshooting IP address overlapping
Errors while connecting an EC2 instance in a VPC
Internet not accessible in the instance
Internet not accessible in the private subnet instance (NAT Gateway)
Not able to delete a VPC
Enabling VPC flow logs
Increasing VPC Limits
9
Pricing of VPC and Related Components
Pricing of VPC and Related Components
Introduction
VPC, VPN and Nat Gateway pricing
EC2, ELB and Elastic IP pricing
Route 53 pricing
Direct Connect pricing
CloudFront pricing
WAF and Cloud Shield pricing

Creating NAT on EC2 instance

In this recipe, you'll learn how to create a NAT instance on EC2 instances created in a public subnet. The private subnet does not have any Internet Gateway attached to it, so EC2 on private subnet cannot directly communicate with the outside world.

Getting ready

We need an AWS account and user with proper permissions for creating a NAT instance on EC2. Create an EC2 in the same way as the previous recipe. The only difference is, you don't put any Advanced Details in the Choose Network page. In the security group page, create NATSG security group and attach the same with instance with the following rules. We are allowing all traffic for simplicity. However, you should only put the required CIDR ranges.

NATSG: Rules

Inbound

Type

Protocol

Port range

Source

HTTP

TCP

80

0.0.0.0/0 and ::/0

HTTPS

TCP

443

0.0.0.0/0 and ::/0

SSL

TCP

22

0.0.0.0/0 and ::/0

Outbound

Destination

Protocol

Port range

Comments

All traffic

TCP

ALL

0.0.0.0/0 and ::/0

You can use the same key pair created before for this instance as well. In the Add tag page, put Nat Instance in value for Name and Key. We also need to create an Elastic IP for attaching it to a NAT instance. This we shall show in the recipe.

How to do it...

  1. I have created one more EC2 instance as visible in the Instances section of the EC2 console.
EC2 created for NAT
  1. Click on Elastic IPs in the left menu bar.
Elastic IP dashboard
  1. Click on Allocate new address.

Elastic IP creation page
  1. Click on Allocate.
Elastic IP creation success message
  1. Click on Close. The Elastic IP page will be visible. Choose Elastic IP and click on Actions | Associate address.

Elastic IP Action menu
  1. Choose Instance in the Resource type. Select Nat Instance from the Instance drop-down menu. Click on Associate. A success message is shown.

Elastic IP association with EC2 instance
  1. Go to the Instances menu. You can see that the public DNS and IPv4 public IP has changed. You can see Change Source/Dest. Check is true for the instance.
EC2 instance with Elastic IP
  1. Select Actions | Networking | Change Source/Dest. Check.
Changing Source/Dest Check for NAT instance
  1. You can see that Change Source/Dest. Check is now false.
NAT instance details
  1. We need to update the main Route Table attached to the VPC. Let's go back to the VPC dashboard and select our VPC.
VPC dashboard
  1. Click on the Route Tables starting with rtb.

Main Route Table
  1. Select the Route Table and navigate to the Routes tab. Click on the Edit button. Add 0.0.0.0/0 in the destination and the NAT instance ID in Target. Click Save.
Attach NAT in main Route Table

How it works...

By default, EC2 instance can either be a source or destination for network traffic request or response. However, NAT instances need to forward requests to the internet that were originated from a private subnet and return the response back to them. That's why we need to disable the source destination check for NAT instance.

There's more...

NAT instance does not support IPv6. To support NAT for IPv6 we need to create an Egress-Only Internet Gateway from the VPC console and attach it to main Route Table.

Previous Section
End of Section 7
Next Section