> For the complete documentation index, see [llms.txt](https://hanfak.gitbook.io/workspace/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://hanfak.gitbook.io/workspace/devops1/aws/cloud-practitiioner-essentials-notes/04-networking.md).

# Module 4 Networking

* Virtual private cloud (VPC)
  * aLLows to configure services into private (only internal) and public (accessed via internet) subnets

## Connectivity to AWS

* VPC Amazon Virtual Private Cloud
  * Without it all your resources will be accessible
  * Helps establish boundaries
  * Define own private IP range for resources (ie EC2 and ELB)
  * Place resources (Defined by the IP ranges) into different subnets, allow groupings of IP ranges
    * Subnet is a section of VPC that can contain resources
  * Different subnets can have different configurable networking rules (to make public or private)
  * Public resources
    * want customers to access
    * Need to attach an Internet Gateway to the VPC, allows outside traffic in to VPC
  * PRivate resources
    * only those logged into VPC can access (databases, internal services )
    * Setup a Virtual Private Gateway to the VPC for the private networks
      * create a VPN connection between the VPC and the internal corporate network
    * Only authenticated users can access
    * Still use the internet, so shared bandwidth by other users -> slow downs
      * so VPG must be dedicated and not shared -> meet regulartory and compliance needs
      * Use AWS Direct Connect
        * creates physical line directly from one network to private network

### Links

## Subnets and Network Access Control Lists

* Network Hardening
  * Subnets control access
  * The Packets get checked against the Network ACL at the subnet boundary
    * Virtual Firewall controls traffic at the subnet level
    * Checks whether packet has access to leave or enter subnet
    * Like a passport control
    * Does not check if it can reach a specific resource or instances
    * Stateless, always checks entering and leaving subnet
    * Each AWS account includes a default network ACL
      * It allwos all in and out traffic
      * Can modify by adding rules
    * For Custom network ACL
      * all inbound and outbound traffic is denied until you add rules to specify which traffic to allow
  * Instnace level security
    * All instances, when launched come with a security group
    * By default no packets allowed in, all ports are blocked
    * Owner configures SG, to allow specific type of traffic in
      * ie allow Https, but not OS or admin
      * This updates a list of who are authorised to enter
    * They dont check traffic coming out of SG, all traffic out
    * Is stateful
      * on the response coming back is rememberd by the security group and allows it in

### Limks

* <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html>
* <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html>

## Global Networking

* Route 53
  * Domain Name service (DNS)
  * Translates website names (url/hostnames) to ip addresses
  * Then routes request to that address
  * Has several routing policies
    * latency based
    * geolocation dns
      * traffic from a specific area is routed to specific area (the ip address in that location)
    * geoproximity
    * weighted round robin
  * Register domain names
  * Transfer dns records for existing domain names managed by other domain registrars.
* Cloudfront
  * CDN
  * a network that helps to deliver edge content to users based on their geographic location.
  * Store static assets closer to the users

## Links

* <https://aws.amazon.com/products/networking>
* <https://aws.amazon.com/blogs/networking-and-content-delivery/>
* <https://aws.amazon.com/vpc>
* <https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html>
* <https://docs.aws.amazon.com/vpc/latest/userguide/how-it-works.html>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hanfak.gitbook.io/workspace/devops1/aws/cloud-practitiioner-essentials-notes/04-networking.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.