Scribd
Upload
50 views41 pages

Giu 2724 62 15996 2024-02-19T17 40 13

The document provides an overview of Virtual Private Cloud (VPC) in cloud computing, detailing its structure, including subnets, access control lists (ACL), and security groups. It also discusses the use of CIDR notation for IP addressing and the configuration of VPNs for connecting on-premises resources with AWS. Key components such as route tables and the importance of security groups for EC2 instances are highlighted throughout the content.

Uploaded by

ayakhodeir2
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
50 views41 pages

Giu 2724 62 15996 2024-02-19T17 40 13

The document provides an overview of Virtual Private Cloud (VPC) in cloud computing, detailing its structure, including subnets, access control lists (ACL), and security groups. It also discusses the use of CIDR notation for IP addressing and the configuration of VPNs for connecting on-premises resources with AWS. Key components such as route tables and the importance of security groups for EC2 instances are highlighted throughout the content.

Uploaded by

ayakhodeir2
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

ICS608

Cloud
Computing
VPC

Dr. JOHN ZAKI 1


TABLE OF CONTENTS
01 RECALL

02 VPC

03 SUBNETS
ACL & SECURITY
04 GROUPS

05 VPN
Dr. JOHN ZAKI 2
IPv4 RECALL….
1. 32-bit addressing scheme for the internet, allowing almost 4.3
billion unique addresses
OCTET
If expressed in binary

If converted to decimal

Dr. JOHN ZAKI 3


CIDR NOTATION RECALL….
CLASSLESS INTER-DOMAIN ROUTING

HOW TO REPRESENT A RANGE OF IPs FROM 192.168.1.0 – 192.168.1.255?

NETWORK HOST

Dr. JOHN ZAKI 4


CIDR NOTATION RECALL….
FIRST IP OF THE RANGE IS BOOKED FOR THE SUBNET (network address)
LAST IP OF THE RANGE IS BOOKED FOR THE BROADCAST

EXAMPLE
192.168.1.0/24
 24 BITS OF THE IP ADDRESS ARE FIXED
 32-24 = 8 BITS CAN CHANGE , RANGE OF IPS = 28= 256 IPS
 1ST IP BOOKED FOR THE SUBNET (192.168.1.0)
 LAST IP BOOKED FOR THE BROADCAST (192.168.1.255)

 THE RANGE CONTAINS 254 IPS

STARTING WITH
192.168.1.1
ENDING WITH
192.168.1.254

Dr. JOHN ZAKI 5


Dr. JOHN ZAKI 6
CIDR IN AWS
1. Using CIDR in AWS books 5 addresses

A VPC with 4 subnets 10.0.0.0/24

Dr. JOHN ZAKI 7


VPC

IT IS YOUR PRIVATE CLOUD

INSIDE THE PUBLIC CLOUD

Dr. JOHN ZAKI 8


RECALL FROM PREVIOUS
LECTURE….

Dr. JOHN ZAKI 9


VPC
User

AWS Cloud

Corporate Region
data center Availability Zone A Availability Zone B
Access Control List Access Control List
VPC
Public subnet Internet gateway Public subnet
Security group Security group
VPN

Virtual private
gateway
EC2 Instance EC2 Instance

Private subnet Private subnet

AWS Direct
Amazon RDS instance Amazon RDS instance
Connect

Dr. JOHN ZAKI 10


VPC

Main route table

Destination Target

10.1.0.0/16 Local

Custom route table

Destination Target

10.1.0.0/16 Local

0.0.0.0/0 Igw-id

Dr. JOHN ZAKI 11


VPC
Region

VPC

Region: Say N.
Virginia
IP range:
10.1.0.0/16
Dr. JOHN ZAKI 12
SUBNET
Region
Availability Zone A
VPC
Public subnet

1. VPC: Say N.
10.1.1.0/
VIRGINIA
24
2. AZ: SAY ZONE A
Private subnet

10.1.3.0/2 3. IP range:
4 NON-
OVERLAPPING
SUBSET OF VPC
Dr. JOHN ZAKI 13
VPC
AWS Cloud

Region
Availability Zone A
VPC
Public subnet
10.1.0.0/16
10.1.1.0/24
EC2 Instance

Private subnet

10.1.3.0/24
Amazon RDS instance

Dr. JOHN ZAKI 14


CREATE
VPC
Dr. JOHN ZAKI 15
Dr. JOHN ZAKI 16
Dr. JOHN ZAKI 17
Dr. JOHN ZAKI 18
Dr. JOHN ZAKI 19
Dr. JOHN ZAKI 20
Dr. JOHN ZAKI 21
Dr. JOHN ZAKI 22
CUSTOM root
table
connected to
the public
subnets.

Route to IGW

Associated with
the two public
subnets

Dr. JOHN ZAKI 23


Custom root
table
connected to
the public
subnets.

Private subnet is
connected to
route table
connecting it to
S3 service as we
chose it during
creation.

Dr. JOHN ZAKI 24


TASK

CREATE THE SAME


PREVIOUS
ARCHITECTURE BY
CREATING INDIVIDUAL
ELEMENTS.

Dr. JOHN ZAKI 25


ACL &
SECURIT
Y
GROUPS
Dr. JOHN ZAKI 26
ACL
AWS Cloud

Region Availability Zone A Availability Zone B

VPC ACL ACL


Public subnet Public subnet

ACL ACL
Private subnet Private subnet

Dr. JOHN ZAKI 27


Dr. JOHN ZAKI 28
ACL
1. The default network ACL does not allow traffic in and out of your subnet.

Dr. JOHN ZAKI 29


EXAMPLE
If you allow HTTPS inbound traffic through port 443,
You need to allow the outbound traffic as well.
Otherwise, your server will not be able to send the response.

Dr. JOHN ZAKI 30


TASK
CREATE THE
OUTBOUD
RULES AND
THE
ASSOCIATION
Dr. JOHN ZAKI 31
SECURITY GROUPS
1. These are firewalls that exist at the EC2 instance level.

2. Security groups are not optional, so anytime you create an EC2 instance,
you need to place that EC2 instance inside of a security group that allows
the appropriate kinds of traffic to flow to your application.

RECALL
FROM
PREVIO
US
LECTUR Dr. JOHN ZAKI 32
SECURITY GROUPS
AWS Cloud

Region Availability Zone A Availability Zone B

VPC ACL ACL


Public subnet Public subnet
Security group Security group

EC2 Instance EC2 Instance

ACL ACL

Private subnet Private subnet


DEFAULT
NO INBOUND
ALL OUTBOUND.

Dr. JOHN ZAKI 34


VPN

Dr. JOHN ZAKI 35


VPN
SITE TO SITE VPN
Allows resources sitting in your data center to connect to your AWS resources

CLIENT VPN
Allows your administrators to connect to your AWS resources.

Dr. JOHN ZAKI 36


Dr. JOHN ZAKI 37
TASK

CREATE
A SITE-SITE
VPN
Dr. JOHN ZAKI 38
TASK

EXPLORE AWS
DIRECT
CONNECT
Dr. JOHN ZAKI 39
SUMMARY
0
VPC
1
0
SUBNET
2
0
INTERNET GATEWAY
3
0 ACL & SECURITY
4 GROUPS
0
VPN
5
Dr. JOHN ZAKI 40
THAN
K YOU
Dr. JOHN ZAKI 41

You might also like