César Felipe
on

AWS for non-engineers — Networking

Hello there, welcome back! This is the third part of the AWS for Non-Engineers series;

In this post, I’ll introduce you to the concept of Cloud Networking and its features.

If you missed any posts, check out HERE.

What’s Cloud Networking?

Cloud networking is the ability to create, manage, and securely connect your networks across your cloud environments. Cloud networking allows you to architect resilient and highly available infrastructure.

VPC

Virtual Private Cloud (aka VPC), is a regional service (if you don’t know about regions, check the 2º post of the series) that allows you to provision logically isolated AWS resources, like private database instances that has no access to global internet.

With a VPC, you have full control of your virtual environment, like IP address range, subnets, route tables, etc.

You can also connect a VPN of your office or corporate data center, to the VPC and have access to private resources.

As I mentioned before, VPC is a regional service, and it’s required for some services to work. When you create an account, AWS creates default VPCs for each region in that account.

Subnets

A subnet is a range of IP addresses in your VPC. You can think of it as a slice of the whole VPC.

Unlike the VPC, the subnet must reside inside a single availability zone. After you create the subnet, you can deploy resources to use your VPC.

A subnet is private by default, meaning it has no access to the public internet. But, you can configure it to be public with an Internet Gateway and a Route Table. This is very interesting, because you can assign the public facing web application to the public subnet, while keeping your database services protected and inaccessible to the internet.

The image above shows the mentioned scenario, it has two availability zones, with two public subnets and two private subnets, one for each availability zone. This is awesome because if one availability zone is down, your application would be up and running.

Route Table

As the name suggests, a Route Table is just a table that contains data about how to route network traffic inside a subnet.

If you remember, a subnet is private by default, the reason for this is that all the traffic is handled internally in the subnet. When you create a Route Table, you can define that requests to a specific IP address (or all IP addresses using a broadcast) should be forward to a specific destination, this destination can be: IP address, other Route Table, other subnet, an Internet Gateway, NAT Gateway, etc.

Internet Gateway

As I mentioned before, VPC allows you to create logically isolated resources inside AWS, meaning it has no access to the internet at all. That’s where Internet Gateway shines, it’s a simple VPC component that works as a glue to your VPC and the internet.

That’s the core of Cloud Networking, it has a few extra components that I’ll not cover in this post, like: NAT Gateway, Egress-Only Internet Gateway, etc.

Summarizing

We can imagine the Cloud Networking as a house:

  • VPC is the land, everything is created on top of it
  • Subnet can be considered as a room, isolating things and creating contexts
  • Route Table is the hallway which can get you to different rooms or to the gate
  • Internet Gateway is the gate, it will connect the house to the rest of the world.

Global Accelerator

AWS Global Accelerator is a networking service that helps you improve the availability, performance, and security of your public applications.



When you make a request to a service, the data will travel to many devices around the world until it reaches the destination, this process can be slow and unsafe. To solve this, AWS created the Global Accelerator, instead of traveling to devices around the world, it will travel to the closest AWS edge location and then travel to AWS globally connected private network. Which can result in requests 60% faster and safer.

CloudFront

CloudFront is a CDN service, and is similar to Global Accelerator, but has very different uses. With CloudFront, you can cache content close to the end user, in more than 600 Points of Presence distributed around the world.

Just for example, imagine when you open an Instagram app, the images and videos should be loaded asap to give the user a good app experience. That’s not possible if you don’t use a CDN service, because the image always needs to be fetched from the origin (it could be in another country or continent), and this is a slow process that can be mitigated with a CloudFront point of presence near to you.

I have friendly advice: Avoid the us-east-1(N. Virginia Region) region as much as possible. It’s the oldest and biggest region. It’s the base for most global services and AWS applications, such as AWS Training and AWS Skill Builder. Because of that, it’s the region that has most of the outages and problems. I highly recommend using the us-west-2 (Oregon) region.

Leave a Reply

Your email address will not be published. Required fields are marked *

Come with us!

Do you love technology as we do? Subscribe to our newsletter and receive articles about everything surrounding state of art software engineering.

Popular posts

Popular tags

Copyright © 2023 Bitboundaire Corp | All Rights Reserved
299 Alhambra Cir – Suite 403 – Coral Gables, Florida – 33134 – United States
Linkedin Twitter Instagram Facebook