Book Image

AWS Networking Cookbook

By : Satyajit Das, Jhalak Modi
Book Image

AWS Networking Cookbook

By: Satyajit Das, Jhalak Modi

Overview of this book

This book starts with practical recipes on the fundamentals of cloud networking and gradually moves on to configuring networks and implementing infrastructure automation. This book then supplies in-depth recipes on networking components like Network Interface, Internet Gateways, DNS, Elastic IP addresses, and VPN CloudHub. Later, this book also delves into designing, implementing, and optimizing static and dynamic routing architectures, multi-region solutions, and highly available connectivity for your enterprise. Finally, this book will teach you to troubleshoot your VPC's network, increasing your VPC's efficiency. By the end of this book, you will have advanced knowledge of AWS networking concepts and technologies and will have mastered implementing infrastructure automation and optimizing your VPC.

Related Content you might be interested in

Current Title:

Small book image
AWS Networking Cookbook
Satyajit Das | Jhalak Modi
Aug, 2017 | 366 pages
Small book image
Practical AWS Networking
Mitesh Soni
Jan, 2018 | 258 pages
Small book image
Designing AWS Environments
Wayde Gilchrist | Mitesh Soni
Sep, 2018 | 174 pages
Small book image
AWS Security Cookbook
Heartin Kanikathottu
Feb, 2020 | 440 pages
Table of Contents (10 chapters)
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Conventions
Reader feedback
Customer support
Free Chapter
1
Getting Started with AWS Networking Components
Getting Started with AWS Networking Components
Introduction
Creating an account in AWS
Creating an admin user in AWS
Creating a VPC and a subnet with IPv6
Creating an EC2 with an IPv6 address
Creating NAT on EC2 instance
Working with network interfaces
Configuring AWS CLI
2
Building Your Own Custom VPC
Building Your Own Custom VPC
Introduction
Managing a VPC
Managing public and private subnets
Managing a Network ACL
Managing a Security Group
Managing an Internet Gateway
Managing a NAT Gateway
Managing a Route Table
Managing EC2 instances
3
VPC Advanced Components
VPC Advanced Components
Introduction
Assigning multiple IPs to an instance and ENI
Accessing an instance within the network
Accessing an instance from outside AWS
Creating an application ELB
Creating a launch configuration
Creating an Auto Scaling group
Creating VPC peering
Accepting VPC peering
Configuring VPN connections to your Amazon VPC
4
Configuring Global Scale Infrastructure
Configuring Global Scale Infrastructure
Introduction
Creating a VPC and subnet from the CLI
Creating a VPC to DC connectivity--VPN Tunneling
Creating a VPC with a private subnet and connecting DC
Creating a multi-region VPC communication
Setting up a private DNS with a VPC
Migrating to IPv6
5
Working with Infrastructure Automation
Working with Infrastructure Automation
Introduction
Creating, storing, and testing the template--CloudFormation
Creating a new stack--CloudFormation
Modify the stack--CloudFormation
Deleting the stack--CloudFormation
Setting up Ansible
Installing Ansible
Creating Ansible playbooks for creating VPC
6
Working with Route 53
Working with Route 53
Introduction
Registering a new domain
Transferring a domain into Amazon Route 53
Creating hosted zones and record sets
Deleting a public hosted zone
Creating an Alias record set
Creating a private hosted zone
Working with the weighted routing policy
Working with the failover routing policy and health checks
7
Cloud Security and Network Compliance
Cloud Security and Network Compliance
Introduction
Setting up CloudFront--EC2 origin
Setting up CloudFront--S3 origin
Geographic restrictions with Amazon CloudFront
Customizing error responses in CloudFront
Setting up CloudWatch monitoring
Setting up ELB and Auto Scaling
Trusted Advisor
Protecting log information--sending logs to CloudWatch
Starting CloudTrail
Submitting a penetration testing request
8
Troubleshooting and VPC Limits
Troubleshooting and VPC Limits
Introduction
Troubleshooting IP address overlapping
Errors while connecting an EC2 instance in a VPC
Internet not accessible in the instance
Internet not accessible in the private subnet instance (NAT Gateway)
Not able to delete a VPC
Enabling VPC flow logs
Increasing VPC Limits
9
Pricing of VPC and Related Components
Pricing of VPC and Related Components
Introduction
VPC, VPN and Nat Gateway pricing
EC2, ELB and Elastic IP pricing
Route 53 pricing
Direct Connect pricing
CloudFront pricing
WAF and Cloud Shield pricing

Protecting log information--sending logs to CloudWatch

For critical applications, all add, change/modify, and delete activities or transactions must generate a log entry. Each log entry should contain the following information:

    • User identification information
    • Type of event
    • Date and time stamp
    • Success or failure indication
    • Origination of event
    • Identity or name of the affected data, system component, or resource

Protecting logs:

    • Verify that audit trails are enabled and active for system components
    • Ensure that only individuals who have a job-related need can view audit trail files
    • Confirm that the current audit trail files are protected from unauthorized modifications via access control mechanisms, physical segregation, and/or network segregation
    • Ensure that the current audit trail files are promptly backed up to a centralized log server or media that is difficult to alter...
Previous Section
End of Section 10
Next Section