// amazon VPC
amazon virtual private cloud
// amazon virtual private cloud
let u provision a logically isolated section
awas cloud.
- create virtual network environtment
- can public facing / private ( with internet or private )
public subnet
- talk to internet.
private subnet
- ip internal
===========
public traffic --- internet gateway / IGW --- attach to vpc.
didalem vpc :
elb
ec2 instance
db
===========
virtual private gateway --- attach to vpc.
^ allow traffic coming from approved network
- bs jg create vpn between private network dr DC ke virtual private gateway
==========
// aws direct connect
- provide physical line that connect ur network to your aws vpc
connected dedicated fiber connection from DC1 to AWS VPC
- work with direct connect partner in ur area to establish this connection
1 vpc might have multiple type of gateway attached for multiple types of resources.
all reside in same vpc but in different subnet
===========
// vpc network and acl.
igw --- public subnet --- private subnet
========
// network ACL
packet yg msk IGW --> akan dicek oleh network access control list
> The VPC component that checks packet permissions for subnets is a network access control list (ACL)(opens in a new tab).
> A network ACL is a virtual firewall that controls inbound and outbound traffic at the subnet level.
=========
// security group
- tiap ec2 instance yg di create msk kedalem security group
- by default blocking smua incoming traffic
- by default allow smua outbound traffic
^ hrs dimodify allow certain type of traffic.
If you have multiple Amazon EC2 instances within the same VPC, you can associate them with the same security group or use different security groups for each instance.
==========
// security group vs network acl
security group = stateful. // by default deny all inbound traffic ,, but allow all return traffic
network acl = stateless. // not allow return traffic. need to be specified
^ packet flow mesti didefine.
// stateful
Security groups perform stateful packet filtering. They remember previous decisions made for incoming packets.
Network ACLs perform stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound.
When a packet response for that request comes back to the subnet, the network ACL does not remember your previous request. The network ACL checks the packet response against its list of rules to determine whether to allow or deny.
// acl default
It is stateless and allows all inbound and outbound traffic.
=========
// route 53
- direct dns to public ip
- able to register domain name. can buy and manage right on aws
- direct traffic to different endpoint using several different policy such as :
latency-based routing - bs didirect ke region terkedat
geolocation dns - berdasarkan source user. bs didirect ke region terkedat / yg berbeda
geoproximity routing
weighted round robin
========
// amazon cloudfront - cdn.
========
// flownya
user -- amazon route 53 -- amazon cloudffront -- amazon elb -- amazon auto scalling --- amazon ec2 instance
=========
No comments:
Post a Comment