This session provides attendees with approaches to their VPC, including creating and protecting subnets, routing, performing VPC peering, and leveraging the latest features in Amazon VPC. Additionally, we'll discuss Amazon Route 53 for delivering traffic.
Finology Group â Insurtech Innovation Award 2024
Â
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Summit 2016
1. Š 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Mike Kuentz, Solutions Architect
June 21, 2016
Advanced Approaches to
Amazon VPC and Amazon Route 53
2. Agenda
⢠Amazon VPC concepts
⢠Basic VPC setup
⢠Environments with multiple VPCs
⢠Amazon Route 53 concepts
⢠Basic Route 53 setup
⢠Using VPC and Route 53 together
10. Amazon VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
Availability Zone B
Availability Zone C
11. Amazon VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
10.200.2.0/27
10.200.1.0/28
Availability Zone B
10.200.1.16/28
Availability Zone C
10.200.1.32/28
10.200.2.32/27 10.200.2.64/27
12. Amazon VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
10.200.2.0/27
10.200.1.0/28
Availability Zone B
10.200.1.16/28
Availability Zone C
10.200.1.32/28
10.200.2.32/27 10.200.2.64/27
10.200.2.4 10.200.2.36 10.200.2.68
10.200.1.4
10.200.1.20
10.200.1.36
13. Amazon VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
10.200.2.0/27
10.200.1.0/28
Availability Zone B
10.200.1.16/28
Availability Zone C
10.200.1.32/28
10.200.2.32/27 10.200.2.64/27
10.200.2.4 10.200.2.36 10.200.2.68
10.200.1.4
10.200.1.20
10.200.1.36
14. Route tables in a VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
10.200.2.0/27
10.200.1.0/28
Availability Zone B
10.200.1.16/28
Availability Zone C
10.200.1.32/28
10.200.2.32/27 10.200.2.64/27
10.200.2.4 10.200.2.36 10.200.2.68
10.200.1.4
10.200.1.20
10.200.1.36
15. Security groups in a VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
10.200.2.0/27
10.200.1.0/28
Availability Zone B
10.200.1.16/28
Availability Zone C
10.200.1.32/28
10.200.2.32/27 10.200.2.64/27
10.200.2.4 10.200.2.36 10.200.2.68
10.200.1.4
10.200.1.20
10.200.1.36
security group
16. Internet gateway with a VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
10.200.2.0/27
10.200.1.0/28
Availability Zone B
10.200.1.16/28
Availability Zone C
10.200.1.32/28
10.200.2.32/27 10.200.2.64/27
10.200.2.4 10.200.2.36 10.200.2.68
10.200.1.4
10.200.1.20
10.200.1.36
security group
19. AWS Direct Connect
AWS Direct Connect location
Private fiber connection
One or multiple
50â500 Mbps,
1 Gbps or 10 Gbps connections
20. VPN and Direct Connect
⢠Secure connection to you network
⢠Pair of IPSec tunnels over the internet
⢠Dedicated line
⢠Lower latency and lower per GB data transfer rates
⢠Failover between each
21. Amazon VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
10.200.2.0/27
10.200.1.0/28
Availability Zone B
10.200.1.16/28
Availability Zone C
10.200.1.32/28
10.200.2.32/27 10.200.2.64/27
10.200.2.4 10.200.2.36 10.200.2.68
10.200.1.4
10.200.1.20
10.200.1.36
30. Route 53 overview
⢠Route 53 is a highly available and scalable cloud
Domain Name System (DNS) web service
⢠Distributed globally
⢠Integrates with other AWS services
⢠Can be used for on-premises and hybrid setups
⢠Simple to use
31. Route 53 features
⢠Latency based routing
⢠Geo DNS
⢠Weighted round robin
⢠DNS failover
⢠Health checks
⢠Private DNS for VPC
⢠Domain name registration & transfer
32. Route 53 SLA
100% Available
SLA details: https://aws.amazon.com/route53/sla/
33. Route 53 pricing
⢠Hosted zones
$0.50 per hosted zone/month for the first 25 hosted zones
$0.10 per hosted zone/month for additional hosted zones
⢠Standard queries
$0.400 per million queriesâfirst 1 billion queries/month
$0.200 per million queriesâover 1 billion queries/month
⢠Latency based routing queries
$0.600 per million queriesâfirst 1 billion queries/month
$0.300 per million queriesâover 1 billion queries/month
⢠Geo DNS queries
$0.700 per million queriesâfirst 1 billion queries/month
$0.350 per million queriesâover 1 billion queries/month
Itâs always a good idea to remind everyone of this
Define region/AZ/edge
5 in the next year
You may currently have a data center
You might be running a customer prior to 2013 and running ec2 classic
Overview of what a VPC is
(Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network that you define.Â
First pick a CIDR block from /28 to /16
Avoid overlapping networks you might connect to
Canât resize a VPC or a subnet â may not want to make one big subnet
Azs and subnets are 1:1
Pick number of AZs to support design
Pick multiple for HA/resiliency,
Pick multiple for access to larger pool for spot
The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance. For example, in a subnet with CIDR block 10.0.0.0/24, the following five IP addresses are reserved:
10.0.0.0: Network address.
10.0.0.1: Reserved by AWS for the VPC router.
10.0.0.2: Reserved by AWS for mapping to the Amazon-provided DNS.
10.0.0.3: Reserved by AWS for future use.
10.0.0.255: Network broadcast address. We do not support broadcast in a VPC, therefore we reserve this address.
Several services supported to work within a VPC. Not just EC2
Route tables for traffic flow
Stateful firewall around instances
Internet Gateway to get out to the internet if needed
* Do not have to do this!
Connect multiple VPC within a region
Cross account access
Invitation process
Connect back to on prem networks
Two endpoints per VPC
One to one VPC and VPN tunnel
Connect back to on prem networks
Start off with a VPN
Building out VPCs
You can go through the console and build it
Programmatic access to build it
Node.js snippet
Cfn overview
JSON formatted and templated
Security, DR, COOP become first class citizens
Use that same template to deploy globally
CLI example to launch that environment to all commercial regions
xargs to keep going on error if CLI errors out with 255
$0.40 for 1 million queries
3 million queries is cheaper than the coffee I picked up this morning.
Over 300 TLDs available
https://aws.amazon.com/about-aws/whats-new/2016/05/amazon-route-53-announces-domain-name-registration-enhancements-expanded-tld-catalog-and-detailed-billing-history/
Highlight partitioning of name, domains, and TLDs for resiliency
Here is one of the sites we created earlier with Cfn
Nothing fancy - Hereâs what we see when we go to the web site
Grab the list of all the websites I made earlier
Configure a health check for one site
Configure a health check for one site
Do you want to be notified?
Maybe you donât want to do by hand in the console
Health status bar
powered down the web server, starts to fail after thresholds met
Powered back up, and healthy
Letâs make a health check for each of the sites we made earlier
Remembering IPs is no fun, letâs make an A record
Latency based
Failover
Weighted
Link to Elastic Load Balancer and other AWS services
One in US and one in Europe
Example of getting to least latent web server from wherever I am in the world