VPC and Subnets: AWS Networking Services

VPC (Virtual Private Cloud) and Subnets are very important concepts under AWS Networking Services. All you AWS resources are defined in VPC. Below are some basic points about VPC and Subnets:

VPC

1. It is a logically isolated virtual network (sub-cloud) for you in AWS cloud. All your AWS resources are defined in a particular VPC.

2. You can select your own IP addresses, subnets, NACL (Network Access Control List), route tables and network gateways.

3. Whenever you create a VPC, you must define IP range for that VPC. IPv4 and IPv6 CIDR are supported. IPv4 CIDR must be from 16 to 28. IPv6 CIDR is of fixed size: 56. You cannot choose any IP range in IPv6.

4. One VPC can have multiple Subnets, NACL and Route Tables.

5. Internet Gateway: VPC is composed of subnets. Subnets are private by default. To make any subnet public, Internet Gateway should be associated with that VPC. One VPC cannot have more than one Internet Gateway.

6. VPC Peering: Connect two or more of your VPC with each other or with VPC of another AWS account. All VPC must be in same region. Example: You can enable VPC Peering between DEV VPC and UAT VPC and PROD VPC and Disaster Recovery VPC. There can be only one to one connection between VPC and Transitive Peering is not possible.

7. Whenever we create an account, a default VPC is created.

8. Default Route Table, NACL and Security Group: Whenever we create a VPC, by default one Route Table, NACL and Security Group gets created. If you don’t associate your subnets to any Route Table and NACL, this default Route Table and NACL gets associated with those subnets by default. If you don’t associate your instances to any Security Group, default Security Group is associated with each instance.

9. Flow Logs: You can associate flow logs with VPC. It captures information about the IP traffic going to and from network interfaces in your VPC. You should have IAM role for flow logs and log group in CloudWatch to enable flow logs.

Subnets

1. Sub-network inside a VPC. It contains sub-range of IP Addresses in a VPC.

2. A Subnet must be associated with an AZ. It cannot spread across multiple AZ.

3. Subnet can be private and public. Keep your databases in private subnet and webservers in public subnet.

4. An instance always belongs to a subnet. You cannot have an instance in a VPC which does not belong to any subnet.

5. NACL (Network Access Control List): Optional layer of security at subnet level. Acts as firewall at subnet level (Security Group act as firewall at instance level). One subnet can only be associated with one NACL. One NACL can be associated with multiple subnets.

6. Route Table: Each subnet must be associated with a Route Table. One subnet can have only one Route Table. One Route Table can be associated with multiple subnet. Network traffic of any instance inside a subnet is dictated by the routing table attached to it.

7. While creating a subnet, you must specify VPC, CIDR (must be in between the CIDR range of the parent VPC), and Availability Zone.

8. After creating a subnet, you should associate a Route Table and NACL with it. If you don’t do this, then the default Route Table and NACL will get associated with it which was created while creating the VPC.

9. A Subnet is private by default. To make it public, 

• Define an Internet Gateway.
• Attach IGW to VPC. IGW should be attached to a VPC. One VPC can only be attached to one IGW. Create a Route Table and add internet route in it (direct 0.0.0.0/0 to IGW).
• Explicitly associate a Subnet (which you want to make public) to this Route Table. One Subnet have only one Route Table.
• Enable Auto-assign public IPv4 address in that Subnet. You can also do this setting while launching an instance in this subnet. 
• Ensure Security Group and NACL are not blocking internet traffic.
• Now any EC2 instance launched in this Subnet will be able to communicate with the internet.

AWS Workspace: Desktop as a Service from AWS

AWS Workspace is a very useful service. You don't need to create and manage VMs for your employess/workers/contractors which are spread across the globe, just use AWS Workspaces. This is desktop as a service. Below are some basic points about AWS Workspaces:

1. Cloud desktop service (DaaS: Desktop as a Service)

2. You can use Amazon Workspaces to provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe. 

3. Workspaces helps you eliminate the complexity in managing hardware inventory, OS versions and patches, and Virtual Desktop Infrastructure (VDI), which helps simplify your desktop delivery strategy. 

4. With Amazon Workspaces, your users get a fast, responsive desktop of their choice that they can access anywhere, anytime, from any supported device.

5. Enable bring your own device (BYOD): Amazon Workspaces lets you run a cloud desktop directly on a wide range of devices like PC, Mac, iPad, Kindle Fire, Android tablet, Chromebook, and web browsers like Firefox, and Chrome. 

6. You can integrate these desktops with your company active directory.

7. You can pay either monthly or hourly, just for the Workspaces you launch, which helps you save money when compared to traditional desktops and on-premises VDI solutions.

AWS CloudFormation: Infrastructure as Code

When you need to create the same/similar replica of the existing cloud environment to another region or account, just create a template (in form of JSON/YAML) from the existing cloud environment and implement it on another region or account. CloudFormation converts all your cloud infrastructure to JSON/YAML code. Below are some basic points to remember about CloudFormation:

1. Infrastructure as Code

2. Create replica of your existing cloud environment (infrastructure resources) across multiple accounts and regions.

3. Components:

• Template (JSON or YAML) (Code of your cloud environment or infrastructure resources) 
• Stack (Logical collection/grouping of infrastructure resources based on the template code)
• Changeset (Preview summary of proposed changes to your infrastructure)

4. Use cases: 

• To copy the current cloud environment to another account or region 
• To copy Production environment for developers to debug any issue 

5. Cost: Cloud Formation does not have any additional cost but you are charged for the underlying resources it builds.

AWS ELB (Elastic Load Balancer)

ELB (Elastic Load Balancer) balances and distributes traffic among various EC2 instances. Below are some basic points regarding ELB:

1. Elastic Load Balancer can distribute traffic among Multiple Availability Zone but not to multiple Regions.

2. Routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) based on the content of the request.

3. Ensures only healthy targets receive traffic. If all of your targets in a single Availability Zone are unhealthy, Elastic Load Balancing will route traffic to healthy targets in other Availability Zones. Once targets have returned to a healthy state, load balancing will automatically resume to the original targets.

4. Hybrid Elastic Load Balancing: Offers ability to load balance across AWS and on-premises resources using the same load balancer. 

5. Application Load Balancer: Best suited for load balancing of HTTP and HTTPS traffic

6. Network Load Balancer: Best suited for load balancing of TCP traffic 

7. Classic Load Balancer: Classic Load Balancer provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level (HTTP/S) and connection level (TCP).

8. Load Balancer can be internal/private to VPC or exposed to internet via Internet Gateway.

Route53: Domain Name System (DNS) from AWS

Route53 is the Domain Name System (DNS) service provided by AWS. Below are some basic points regarding Route53:

1. Domain Name System (DNS): Translates names like www.example.com into the numeric IP addresses like 192.0.2.1.

2. Why "53" in name? This services is named Route53 as port 53 belongs to TCP/UPD and mainly handles DNS queries.

3. Routes traffic based on multiple criteria, such as endpoint health, geographic location, and latency. Ensure end users are routed to the closest healthy endpoint for your application.

4. Routing Policies: Simple, Weighted (example: 75% to one server, 25% to other), Latency-based, Failover, Geo-location based.

5. Configure DNS health checks to route traffic to healthy endpoints or to independently monitor the health of your application and its endpoints. It re-route your users to an alternate location if your primary application endpoint becomes unavailable.

6. Also offers Domain Name Registration.

7. Record Sets: NS, SOA, A, AAAA, CNAME

CloudFront: Content Delivery Network (CDN) from AWS

CloudFront is the Content Deliver Network service provided by AWS. Below are some basic points regarding CloudFront:

1. Distribution service / Content Delivery Network (CDN) from AWS.

2. Edge Location: The CloudFront network has 160 points of presence (PoPs) as of now.

3. Edge server caches the data to improve latency and lower the load on your origin servers. 

4. Highly Programmable and Customizable content delivery with LAMBDA@EDGE: Lambda@Edge functions, triggered by CloudFront events, extend your custom code across AWS locations worldwide, allowing you to move even complex application logic closer to your end users to improve responsiveness.

5. CDN Origins: EC2, ELB, S3, Route53

6. TTL (Time to Live): How long your content will be cached/stored at Edge location? Defined in seconds. Default TTL: 24 hours (86400 seconds), Maximum TTL: 365 days (31536000 seconds), Minimum TTL: 0

7. Price Class: Use All Edge Locations (Best Performance), Use Only US, Canada, Europe, Use US, Canada, Europe, Asia and Africa. Price is charged accordingly.

8. Default CloudFront URL: *.cloudfront.net

9. Protocol supported: FTP

10. You can blacklist/whitelist users based on Geo-location.

11. Clearing cache from Edge location is chargeable.

AWS Compute Services: EC2, Elastic Beanstalk, Lambda and ECS

EC2 (Elastic Compute Cloud), Elastic Beanstalk, Lambda and ECS (Elastic Container Service) are the compute service offerings from AWS. Below are some basic points regarding these AWS compute services:

EC2

1. Most common AWS service called Elastic Compute Cloud.

2. This is the Virtual Server in AWS.

3. Categories of EC2:

• On Demand Instances (Charged hourly)
• Spot Instances (Bid-based, Choose it when Start and End date is not a concern)
• Reserved Instances (1 year or 3 year contract, cheaper than on-demand)
• Scheduled Reserved Instances (Scheduled Instances)
• Dedicated Host and Instances

4. EC2 Types:

• General Purpose (T2, M5)
• Compute Optimized (C5)
• Memory Optimized (X1, R4)
• Storage Optimized (I3, D2)
• Accelerated Computing / GPU Optimized (P3, G3, F1)

Please note that EC2 is the most important topic in AWS. So, for details, please go through the official documentation.

Elastic Beanstalk

1. Simple way to deploy your application on AWS. No need to take headache of managing the infrastructure.

2. Just upload your application code and the service automatically handles all the details such as resource provisioning, load balancing, auto-scaling, and monitoring.

3. Supports PHP, Java, Python, Ruby, Node.js, .NET, Go and Docker.

4. Elastic Beanstalk uses core AWS services such as Amazon EC2, Amazon Elastic Container Service (Amazon ECS), Auto Scaling, and Elastic Load Balancing to support your applications.

5. Monitor and manage the health of your applications.

Lambda

1. Lambda lets you run code without managing any server (Go Serverless). Just upload your code to Lambda or write your code in Lambda Code Editor and it takes care of everything required to run it.

2. Any code uploaded to Lambda becomes Lambda Function. Code should be written in stateless style. If you need to store any state in between, save it to S3, Dynamo DB etc. and then retrieve from there.

3. Lambda can be directly triggered by AWS services such as S3, DynamoDB, Kinesis, SNS, CloudWatch, API Gateway and Web Applications. Use cases: https://aws.amazon.com/lambda/

4. Languages supported: C#, Java, Python, Ruby, Go, Powershell, Node.js

5. You pay only for the compute time you consume - there is no charge when your code is not running. You are charged for every 100ms your code executes and the number of times your code is triggered. You don't pay anything when your code isn't running.

ECS

1. Elastic Container Service (ECS) is a container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS. 

2. Amazon ECS eliminates the need for you to install and operate your own container orchestration software, manage and scale a cluster of virtual machines, or schedule containers on those virtual machines.

3. Containers without Servers: With Fargate, you no longer have to select Amazon EC2 instance types to run your containers.

4. Amazon ECS launches your containers in your own Amazon VPC, allowing you to use your VPC security groups and network ACLs. 

5. With simple API calls, you can launch and stop Docker-enabled applications, query the complete state of your application, and access many familiar features such as IAM roles, security groups, load balancers, Amazon CloudWatch Events, AWS CloudFormation templates, and AWS CloudTrail logs.