AWS networking is about how resources are isolated, connected, and exposed.
Region Selection
Common factors:
- Compliance
- Proximity to users
- Service availability
- Pricing
High Availability
High availability is often achieved through multi-AZ deployment. Availability Zones are isolated from each other, reducing single points of failure.
Multi-Region architecture improves disaster recovery further, but adds cost and complexity.
Edge Locations
Edge locations cache content closer to users. CloudFront is AWS's CDN service.
VPC
A VPC is a virtual private network in AWS. Inside a VPC, you configure subnets, route tables, gateways, and security rules.
Subnets
Public subnets usually access the internet through an Internet Gateway.
Private subnets usually do not expose resources directly to the internet and use NAT Gateway for outbound access.
Gateways
Internet Gateway connects a VPC to the internet.
Virtual Private Gateway connects on-premises networks to a VPC.
Transit Gateway connects multiple VPCs and on-premises networks.
NAT Gateway lets private subnets access the internet without allowing inbound internet access.
Security Groups and Network ACLs
Security groups are instance-level, stateful firewalls.
Network ACLs are subnet-level, stateless firewalls.
Security groups are more commonly used. Network ACLs are useful for coarse subnet-level control.