Scribd
Upload
51 views71 pages

Module - 05 - Networking and Content Delivery

Module 5 of the AWS Academy Cloud Foundations focuses on networking and content delivery, covering topics such as Amazon VPC, VPC security, Amazon Route 53, and Amazon CloudFront. The module aims to equip learners with the ability to design basic VPC architectures, understand networking basics, and utilize AWS networking services effectively. Activities include labeling network diagrams, designing VPC architectures, and building a VPC with a web server.

Uploaded by

pujan1905
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
51 views71 pages

Module - 05 - Networking and Content Delivery

Module 5 of the AWS Academy Cloud Foundations focuses on networking and content delivery, covering topics such as Amazon VPC, VPC security, Amazon Route 53, and Amazon CloudFront. The module aims to equip learners with the ability to design basic VPC architectures, understand networking basics, and utilize AWS networking services effectively. Activities include labeling network diagrams, designing VPC architectures, and building a VPC with a web server.

Uploaded by

pujan1905
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 71

Module 5: Networking and Content

Delivery
AWS Academy Cloud Foundations

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Module overview
Topics Activities
• Label a network diagram
• Networking basics
• Design a basic VPC architecture
• Amazon VPC

• VPC networking Demo


• VPC demonstration
• VPC security

• Amazon Route 53 Lab


• Amazon CloudFront • Build your VPC and launch a web
server
Knowledge check
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 2
Module objectives
After completing this module, you should be able to:
• Recognize the basics of networking
• Describe virtual networking in the cloud with Amazon VPC
• Label a network diagram
• Design a basic VPC architecture
• Indicate the steps to build a VPC
• Identify security groups
• Create your own VPC and add additional components to it to produce a
customized network
• Identify the fundamentals of Amazon Route 53
• Recognize the benefits of Amazon CloudFront
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 3
Section 1: Networking basics
Module 5: Networking and Content Delivery

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserve
Networks

Subnet 1 Subnet 2

Router

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 5
IP addresses

192 . 0 . 2 . 0

11000000 00000000 00000010 00000000

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 6
IPv4 and IPv6 addresses

IPv4 (32-bit) address: 192.0.2.0

IPv6 (128-bit) address:


2600:1f18:22ba:8c00:ba86:a05e:a5ba:00FF

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 7
Classless Inter-Domain Routing (CIDR)

Network identifier (routing prefix) Host identifier

192 . 0 . 2 . 0 / 24

Tells you how


many bits are
fixed
11000000 00000000 00000010 00000000
to 11111111
Fixed Fixed Fixed Flexible

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 8
Open Systems Interconnection (OSI) model

Numb Protocol/
Layer Function
er Address
HTTP(S), FTP, DHCP,
Application 7 Means for an application to access a computer network
LDAP

• Ensures that the application layer can read the data


Presentation 6 ASCI, ICA
• Encryption

Session 5 Enables orderly exchange of data NetBIOS, RPC

Transport 4 Provides protocols to support host-to-host communication TCP, UDP

Network 3 Routing and packet forwarding (routers) IP

Data link 2 Transfer data in the same LAN network (hubs and switches) MAC

Transmission and reception of raw bitstreams over a physical


Physical 1 Signals (1s and 0s)
medium

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 9
Section 2: Amazon VPC
Module 5: Networking and Content Delivery

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserve
Amazon VPC

• Enables you to provision a logically isolated section of the


AWS Cloud where you can launch AWS resources in a
virtual network that you define
• Gives you control over your virtual networking resources,
Amazon
including:
VPC
• Selection of IP address range
• Creation of subnets
• Configuration of route tables and network gateways
• Enables you to customize the network configuration for
your VPC
• Enables you to use multiple layers of security
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 11
VPCs and subnets
• VPCs:
AWS Cloud
• Logically isolated from other VPCs
• Dedicated to your AWS account Region
• Belong to a single AWS Region and Availability Availability
can span multiple Availability Zones Zone 1 Zone 2
VPC
• Subnets:
Subnet Subnet
• Range of IP addresses that divide a
VPC
• Belong to a single Availability Zone
• Classified as public or private

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 12
IP addressing
• When you create a VPC, you assign it to
an IPv4 CIDR block (range of private VPC
IPv4 addresses).
• You cannot change the address range
x.x.x.x/16 or 65,536 addresses
after you create the VPC.
(max)
• The largest IPv4 CIDR block size is /16.
to
• The smallest IPv4 CIDR block size is x.x.x.x/28 or 16 addresses
/28. (min)
• IPv6 is also supported (with a different
block size limit).
• CIDR blocks of subnets cannot overlap.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 13
Reserved IP addresses

Example: A VPC with an IPv4 CIDR block of 10.0.0.0/16 has 65,536 total IP
addresses.
The VPC has four equal-sized subnets. Only 251 IP addresses are available
for use by each subnet. IP Addresses for
CIDR block Reserved for
VPC: 10.0.0.0/16 10.0.0.0/24
Subnet 1 Subnet 2
10.0.0.0 Network address
(10.0.0.0/24) (10.0.2.0/24)
251 IP addresses 251 IP addresses Internal
10.0.0.1
communication

Subnet 4 Subnet 3 Domain Name


(10.0.1.0/24) (10.0.3.0/24) 10.0.0.2 System (DNS)
251 IP addresses resolution
251 IP addresses

10.0.0.3 Future use

Network broadcast
10.0.0.255
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. address 14
Public IP address types
Public IPv4 address Elastic IP address
• Manually assigned through • Associated with an AWS
an Elastic IP address account
• Automatically assigned • Can be allocated and
through the auto-assign remapped anytime
public IP address settings at • Additional costs might apply
the subnet level

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 15
Elastic network interface
• An elastic network interface is a virtual network interface that you can:
• Attach to an instance.
• Detach from the instance, and attach to another instance to redirect network
traffic.
• Its attributes follow when it is reattached to a new instance.
• Each instance in your VPC has a default network interface that is
assigned a private IPv4 address from the IPv4 address range of your
VPC.
Subnet: 10.0.1.0/24

Elastic network interface

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 16
Route tables and routes
• A route table contains a set of
rules (or routes) that you can
Main (Default) Route Table
configure to direct network
traffic from your subnet. Destination Targe
t
• Each route specifies a 10.0.0.0/16 local
destination and a target.
• By default, every route table
contains a local route for
communication within the VPC.
VPC CIDR block
• Each subnet must be associated
with a route table (at most one).

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 17
• A VPC is a logically isolated section of the
Section 2 key AWS Cloud.
takeaways • A VPC belongs to one Region and requires a
CIDR block.
• A VPC is subdivided into subnets.
• A subnet belongs to one Availability Zone
and requires a CIDR block.
• Route tables control traffic for a subnet.
• Route tables have a built-in local route.
• You add additional routes to the table.
• The local route cannot be deleted.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 18
Section 3: VPC networking
Module 5: Networking and Content Delivery

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserve
Internet gateway
AWS Cloud

Region
Availability Zone
VPC: 10.0.0.0/16
Public Subnet Route Table
Public
subnet:10.0.1.0/24 Destinatio Target
n
10.0.0.0/16 local
0.0.0.0/0 igw-id
Private subnet: Route Internet
10.0.2.0/24 table gateway
(igw-id)
Internet

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 20
Network address translation (NAT) gateway
AWS Cloud

Region
Availability Zone
VPC: 10.0.0.0/16
Public subnet:10.0.1.0/24 Public Subnet Route Table
Public route Destinatio Target
table n
NAT gateway 10.0.0.0/16 local
(nat-gw-id)
0.0.0.0/0 igw-id
Private subnet: 10.0.2.0/24 Internet
Private route gateway Private Subnet Route Table
table (igw-id) Destinati Target
Internet on
10.0.0.0/1 local
6
0.0.0.0/0 nat-gw-
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. id 21
VPC sharing

AWS Cloud
Region

VPC: Account A (owner)

Private subnet Public subnet


Router

Account D (participant)
Account B Account C
(participant) (participant)
NAT gateway Internet
gateway
EC2 EC2 EC2 RDS Amazon
instance instance instance instance EC2 instance Redshift

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 22
VPC peering
AWS Cloud
You can connect VPCs in
your own AWS account,
VPC A: 10.0.0.0/16 VPC B: 10.3.0.0/16 between AWS accounts,
or between AWS Regions.
Peering
connection Restrictions:
(pcx-id) • IP spaces cannot
overlap.
• Transitive peering is
Route Table for VPC A Route Table for VPC B not supported.
Destination Targe Destination Targe
t t
• You can only have one
10.0.0.0/16 local 10.3.0.0/16 local peering resource
10.3.0.0/16 pcx-id 10.0.0.0/16 pcx-id between the same two
VPCs.
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 23
AWS Site-to-Site VPN
AWS Cloud
Public subnet route table
Region Destinatio Target
n
Availability Zone
10.0.0.0/16 local
VPC: 10.0.0.0/16 Site-to-Site
VPN 0.0.0.0/0 igw-id
Public
subnet:10.1.0.0/24 connection
Private subnet route table
Internet Destination Targe
t
10.0.0.0/16 local
Private subnet: Route Virtual Customer
10.0.2.0/24 192.168.10.0/2 vgw-
table gateway gateway 4 id
(vgw-id)

Corporate data center:


192.168.10.0/24
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 24
AWS Direct Connect
AWS Cloud

Region
Availability Zone Internet

VPC: 10.0.0.0/16
Public
subnet:10.1.0.0/24
802.1q
VLAN AWS Direct
Connect

Private subnet: Route Virtual


10.0.2.0/24 table gateway Customer
gateway

Corporate data center:


192.168.10.0/24
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 25
VPC endpoints
AWS Cloud Default DNS hostname or Public Subnet Route Table
endpoint-specific DNS hostname
Destinatio Target
Region n
Availability Zone 10.0.0.0/16 local

VPC: 10.0.0.0/16 Amazon S3 vpcep-


ID id
Public
subnet:10.0.1.0/24
Two types of endpoints:
VPC
Amazon • Interface endpoints
Simple
endpoint
Storage (powered by AWS
Private subnet: (vpcep-id)
10.0.2.0/24
Service
(Amazon S3)
PrivateLink)
Elastic
• Gateway endpoints
Network Interface (Amazon S3 and
Amazon DynamoDB)
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 26
AWS Transit Gateway

From this… To this…

AWS Direct
Custom VPN Amazon VPC Amazon Connect
er connection VPC peering VPC gateway
gateway Amazon Amazon
VPC VPC

VPN VPC VPC VPC AWS Direct


connection peering peering peering Connect
gateway AWS
Transit Gateway
VPN Amazon Amazon
connection Amazon VPC Amazon VPC VPC
VPC peering VPC

VPN
connection
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 27
Activity: Label this network diagram
AWS Cloud

L A?
D?

B? Public
C?
subnet:10.0.1.0/24 J? M? Internet

E? F?
L?
Destinatio Target
Private subnet: n
G?
10.0.2.0/24 N? P?
K?
0.0.0.0/0 O?
H?

I? 10.0.0.0/16

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 28
Activity: Solution
AWS Cloud

Region
Availability Zone

VPC Public
Public subnet
Internet Route table Internet
subnet:10.0.1.0/24
gateway

Private IP address NAT gateway Route


Destinatio Target
Private subnet
Private subnet: n
10.0.2.0/24 10.0.0.0/16 local
Route table
0.0.0.0/0 igw-id
Elastic
network
interface
Private IP address 10.0.0.0/16

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 29
Recorded
Amazon VPC
demonstration

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 30
Section 3 key • There are several VPC networking
options, which include:
takeaways
• Internet gateway
• NAT gateway
• VPC endpoint
• VPC peering
• VPC sharing
• AWS Site-to-Site VPN
• AWS Direct Connect
• AWS Transit Gateway
• You can use the VPC Wizard to
implement your design.
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 31
Section 4: VPC security
Module 5: Networking and Content Delivery

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserve
Security groups (1 of 2)
AWS Cloud

Region
Availability Zone
VPC: 10.0.0.0/16
Public
subnet:10.0.1.0/24
Security group

Security groups act at


Private subnet:
10.0.2.0/24
the instance level.
Security group

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 33
Security groups (2 of 2)

• Security groups have rules that control inbound and outbound instance
traffic.
• Default security groups deny all inbound traffic and allow all outbound
traffic.
Inbound
• Security
Source groups are Port
Protocol stateful.
Range Description
sg-xxxxxxxx All All Allow inbound traffic from network interfaces
assigned to the same security group.

Outbound
Destination Protocol Port Description
Range
0.0.0.0/0 All All Allow all outbound IPv4 traffic.
::/0 All All Allow all outbound IPv6 traffic.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 34
Custom security group examples

• You can specify allow rules, but not deny rules.


• All rules are evaluated before the decision to allow traffic.
Inbound
Source Protocol Port Range Description
0.0.0.0/0 TCP 80 Allow inbound HTTP access from all IPv4
addresses
0.0.0.0/0 TCP 443 Allow inbound HTTPS access from all IPv4
addresses
Your network's TCP 22Allow inbound SSH access to Linux instances
public IPv4 from IPv4 IP addresses in your network (over the
Outbound
address range internet gateway)
Destination Protocol Port Range Description
The ID of the security TCP 1433 Allow outbound Microsoft SQL Server
group for your Microsoft access to instances in the specified
SQL Server database security group
servers
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 35
Network access control lists (network ACLs 1 of 2)
AWS Cloud

Region
Availability Zone
VPC: 10.0.0.0/16
Public
subnet:10.0.0.0/24

Network ACLs act at


Private subnet:
10.0.4.0/22
the subnet level.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 36
Network access control lists (network ACLs 2 of 2)

• A network ACL has separate inbound and outbound rules, and each rule can
either allow or deny traffic.
• Default network ACLs allow all inbound and outbound IPv4 traffic.
• Network ACLs are stateless.

Inbound
Rule Type Protocol Port Range Source Allow/Deny
100 All IPv4 All All 0.0.0.0/0 ALLOW
traffic
* All IPv4 All All 0.0.0.0/0 DENY
traffic Outbound
Rule Type Protocol Port Range Destination Allow/Deny
100 All IPv4 All All 0.0.0.0/0 ALLOW
traffic
* All IPv4 All All 0.0.0.0/0 DENY
traffic
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 37
Custom network ACLs examples
• Custom network ACLs deny all inbound and outbound traffic until
you add rules.
• You can specify both allow and deny rules.
• Rules are evaluated in number Inbound
order, starting with the lowest
number.
Rule Type Protocol Port Range Source Allow/Deny
100 HTTPS TCP 443 0.0.0.0/0 ALLOW
120 SSH TCP 22 192.0.2.0/24 ALLOW
* All IPv4 All All 0.0.0.0/0 DENY
traffic
Outbound
Rule Type Protocol Port Range Destination Allow/Deny
100 HTTPS TCP 443 0.0.0.0/0 ALLOW
120 SSH TCP 22 192.0.2.0/24 ALLOW
* All IPv4 All All 0.0.0.0/0 DENY
traffic
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 38
Security groups versus network ACLs

Attribute Security Groups Network ACLs

Scope Instance level Subnet level

Supported Rules Allow rules only Allow and deny rules

Stateful (return traffic is


Stateless (return traffic must be
State automatically allowed,
explicitly allowed by rules)
regardless of rules)
All rules are evaluated before Rules are evaluated in number
Order of Rules
decision to allow traffic order before decision to allow traffic

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 39
Activity: Design a VPC
Scenario: You have a small business with a website that is hosted on an
Amazon Elastic Compute Cloud (Amazon EC2) instance. You have
customer data that is stored on a backend database that you want to
keep private. You want to use Amazon VPC to set up a VPC that meets the
following requirements:
• Your web server and database server must be in separate subnets.
• The first address of your network must be 10.0.0.0. Each subnet must
have 256 total IPv4 addresses.
• Your customers must always be able to access your web server.
• Your database server must be able to access the internet to make patch
updates.
• Your architecture must be highly available and use at least one custom
firewall layer.
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 40
Section 4 key • Build security into your VPC
architecture:
takeaways
• Isolate subnets if possible.
• Choose the appropriate gateway device or
VPN connection for your needs.
• Use firewalls.
• Security groups and network ACLs are
firewall options that you can use to
secure your VPC.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 41
Lab 2:
Build Your VPC
and Launch a
Web Server

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 42
Lab 2: Scenario
In this lab, you use Amazon VPC to create your own VPC and
add some components to produce a customized network. You
create a security group for your VPC. You also create an EC2
instance and configure it to run a web server and to use the
security group. You then launch the EC2 instance into the VPC.

Amazon Amazon
VPC EC2

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 43
Lab 2: Tasks

• Create a VPC.

• Create additional subnets.

Security
group • Create a VPC security group.

• Launch a web server instance.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 44
Lab 2: Final product
AWS Cloud
Public Route Table
Region
Destinati
Target
Availability Zone A Availability Zone B on
VPC: 10.0.0.0/16 10.0.0.0/16 Local
Internet
Public subnet 1: gateway Public subnet 2:
Internet
10.0.0.0/24 10.0.2.0/24 0.0.0.0/0
gateway
Security
NAT
group
Web Private Route Table
gateway
server Destinati
Target
Private subnet Private subnet
on
1: 2: 10.0.0.0/16 Local
10.0.1.0/24 10.0.3.0/24
0.0.0.0/0 NAT gateway

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 45
~ 30 minutes

Begin Lab 2: Build


Your VPC and
Launch a Web
Server

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 46
Lab debrief:
Key takeaways

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 47
Section 5: Amazon Route 53
Module 5: Networking and Content Delivery

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserve
Amazon Route 53

• Is a highly available and scalable Domain Name System (DNS)


web service
Amazon • Is used to route end users to internet applications by translating
Route 53
names (like www.example.com) into numeric IP addresses (like
192.0.2.1) that computers use to connect to each other
• Is fully compliant with IPv4 and IPv6
• Connects user requests to infrastructure running in AWS and also
outside of AWS
• Is used to check the health of your resources
• Features traffic flow
• Enables you to register domain names

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 49
Amazon Route 53 DNS resolution

Requests Checks with Route


www.example.co 53 for IP address
m

User Returns IP address DNS resolver Returns IP address Amazon


192.0.2.0 192.0.2.0 Route 53

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 50
Amazon Route 53 supported routing
• Simple routing – Use in single-server environments
• Weighted round robin routing – Assign weights to resource record sets to
specify the frequency
• Latency routing – Help improve your global applications
• Geolocation routing – Route traffic based on location of your users
• Geoproximity routing – Route traffic based on location of your resources
• Failover routing – Fail over to a backup site if your primary site becomes
unreachable
• Multivalue answer routing – Respond to DNS queries with up to eight
healthy records selected at random

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 51
Use case: Multi-region deployment

Amazon Route 53

some-elb-name.us-west- Use
2.elb.amazonaws.com r

some-elb-name.ap-southeast-
2.elb.amazonaws.com
Name Type Value
example.com ALIAS some-elb-name.us-west-2.elb.amazonaws.com
some-elb-name.ap-southeast-
example.com ALIAS
2.elb.amazonaws.com

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 52
Amazon Route 53 DNS failover
Improve the availability of your applications that run on AWS
by:
• Configuring backup and failover scenarios for your own
applications
• Enabling highly available multi-region architectures on AWS
• Creating health checks

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 53
DNS failover for a multi-tiered web application
Record Sets AWS Cloud
CNAME www

elastic_load_balancer
Availability Zone Availability Zone
Routing Policy = Failover
A B
Record Type = Primary

Amazon S3 website Auto Scaling group


Routing Policy = Failover
Record Type = Amazon EC2 Amazon EC2
Secondary

Primary

User Amazon Amazon


Amazon Relational Relational
Route 53 Database Service Database
Secondary (Amazon RDS) Service (Amazon
instance RDS)
Amazon S3 instance
static
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 54
• Amazon Route 53 is a highly available and
Section 5 key scalable cloud DNS web service that
takeaways translates domain names into numeric IP
addresses.
• Amazon Route 53 supports several types of
routing policies.
• Multi-Region deployment improves your
application’s performance for a global
audience.
• You can use Amazon Route 53 failover to
improve the availability of your applications.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 55
Section 6: Amazon CloudFront
Module 5: Networking and Content Delivery

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserve
Content delivery and network latency

Hop
Router
Hop Hop
Origin server
Ho
Router
p
Router
Hop
Hop

Client
Router Hop
User

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 57
Content delivery network (CDN)
• Is a globally distributed system of caching servers
• Caches copies of commonly requested files (static content)
• Delivers a local copy of the requested content from a nearby
cache edge or Point of Presence
• Accelerates delivery of dynamic content
• Improves application performance and scaling

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 58
Amazon CloudFront

• Fast, global, and secure CDN service


• Global network of edge locations
and Regional edge caches
Amazon
CloudFront • Self-service model
• Pay-as-you-go pricing

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 59
Amazon CloudFront infrastructure

Edge locations

Multiple edge locations

Regional edge caches

• Edge locations – Network of data


centers
that CloudFront uses to serve popular
content quickly to customers.

• Regional edge cache – CloudFront


location that caches content that is not
popular enough to stay at an edge
location.
It is located between the origin server
and © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 60
Amazon CloudFront benefits
• Fast and global
• Security at the edge
• Highly programmable
• Deeply integrated with AWS
• Cost-effective

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 61
Amazon CloudFront pricing
Data transfer out
• Charged for the volume of data transferred out from Amazon CloudFront
edge location to the internet or to your origin.
HTTP(S) requests
• Charged for number of HTTP(S) requests.
Invalidation requests
• No additional charge for the first 1,000 paths that are requested for
invalidation each month. Thereafter, $0.005 per path that is requested for
invalidation.
Dedicated IP custom SSL
• $600 per month for each custom SSL certificate that is associated with one
or more CloudFront distributions that use the Dedicated IP version of custom
SSL certificate support.
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 62
Section 6 key • A CDN is a globally distributed system
of caching servers that accelerates
takeaways delivery of content.
• Amazon CloudFront is a fast CDN
service that securely delivers data,
videos, applications, and APIs over a
global infrastructure with low latency
and high transfer speeds.
• Amazon CloudFront offers many
benefits.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 63
Module wrap-up
Module 5: Networking and Content Delivery

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserve
Module summary
In summary, in this module you learned how to:
• Recognize the basics of networking
• Describe virtual networking in the cloud with Amazon VPC
• Label a network diagram
• Design a basic VPC architecture
• Indicate the steps to build a VPC
• Identify security groups
• Create your own VPC and added additional components to it to produce a
customized network
• Identify the fundamentals of Amazon Route 53
• Recognize the benefits of Amazon CloudFront
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 65
Complete the knowledge check

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 66
Sample exam question
Which AWS networking service enables a company to create a virtual network within AWS?

Choice Response

A AWS Config

B Amazon Route 53

C AWS Direct Connect

D Amazon VPC

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 67
Sample exam question answer
Which AWS networking service enables a company to create a virtual network within AWS?

The correct answer is D.


The keywords in the question are “AWS networking service” and “create a virtual
network”.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 68
Additional resources
• Amazon VPC Overview pag:
https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-
vpc.html
• Amazon Virtual Private Cloud Connectivity Options whitepaper:
https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-opti
ons/introduction.html

• One to Many: Evolving VPC Design AWS Architecture blog post:


https://aws.amazon.com/blogs/architecture/one-to-many-evolving-vpc-desi
gn/

• Amazon VPC User Guide:


https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.ht
ml
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 69
Thank you

All trademarks are the property of their owners.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 70
VPC sharing

AWS Cloud
Region

VPC: Account A (owner)

Private subnet Public subnet


Router

Account D (participant)
Account B Account C
(participant) (participant)
NAT gateway Internet
gateway
Datab RDS Amazon
Web Web
ase EC2 instance Redshift
server server 2 instance
Server
1 on on
Amazon Amazon
EC2 EC2

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 71

You might also like