M3 BASCIS VIRTUAL PRIVATE CLOUD AND NETWORKS.pptx
kumar23bai10076
7 views
100 slides
Sep 16, 2025
Slide 1 of 100
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
About This Presentation
VPC
Slide Content
Jobs _ Projects We're Hiring | Senior Cloud Network Engineer @ PayPal 📍 San Jose, CA or Scottsdale, AZ | 🏢 Hybrid Full-time 👥 Team: Global Backbone & Cloud Network Engineering (part of Global Network Services) Distributed Application Routing Across AWS and Azure with NGINX and Site-to-Site VPN ( project 1 ) built a secure, production-ready web infrastructure on AWS using core services like VPC, EC2, RDS, Route 53, Client VPN, and more ( Project 2
https://www.linkedin.com/pulse/secure-web-infrastructure-aws-my-final-cloud-project-naresh-mahapatra-neelc/?trackingId=0S4NBq9sScKFNSjxOf3UyA%3D%3D AWS Cloud Engineer
M3 Networking & Content Delivery –Route 53, Amazon API Gateway, Amazon VPC, VPC Subnets, Route Tables, Security Groups, NAT Gateway. Security Identification and Compline – AWS Identity and Access Management (IAM), AWS Certificate Manager (ACM) and AWS Key Management Service (KMS).
A VPN (Virtual Private Network) and a VPC (Virtual Private Cloud) are both networking technologies, but they serve different purposes. A VPN establishes a secure connection over the internet, often for remote access or to secure internet traffic. At the same time, a VPC provides an isolated, virtual network environment within a public cloud provider's infrastructure, such as AWS.
AWS Virtual Private Network (AWS VPN)
Security, Privacy, and Controlled Access VPN, VPC, and VPS technologies are all geared toward enhancing security. They employ various mechanisms to safeguard data and communication. VPNs provide secure tunnels for data transmission, VPCs allow for the creation of segregated network spaces in the cloud, and VPSs offer a contained environment for running applications, all contributing to a heightened security posture.
When to Choose VPN, VPC, and VPS Choosing between a VPN (virtual private network), VPC (Virtual Private Cloud), and VPS (Virtual Private Server) is not about selecting one over the others, but rather understanding when each technology is appropriate based on organizational needs. Virtual private servers and virtual private networks serve different purposes. A VPS provides a virtual server for hosting services, while a VPN secures internet connections. "Better" depends on the use case: hosting versus secure access.
A VPC creates a private cloud within a public cloud, while a VPN secures connections to and from a network over the internet. A VPN Gateway connects a VPC to remote networks via a VPN Connection, enabling secure data exchange. Personal VPNs are designed for individuals who want privacy, security, and unrestricted internet access. They encrypt internet traffic, mask IP addresses, and protect internet users on public Wi-Fi .
EXERCISE Identify the appropriate techniques and methods using Amazon EC2, Amazon S3, AWS Elastic Beanstalk, AWS CloudFormation, AWS OpsWorks , Amazon Virtual Private Cloud (VPC), and AWS Identity and Access Management (IAM) to code and implement a cloud solution. Designing highly available, cost-efficient, fault-tolerant, scalable systems
Amazon VPC is the networking layer for Amazon Elastic Compute Cloud (Amazon EC2), and it allows you to build your own virtual network within AWS. You control various aspects of your Amazon VPC, including selecting your IP address range; creating your own subnets ; and configuring your own route tables, network gateways, and security settings. Within a region, you can create multiple Amazon VPCs, and each Amazon VPC is logically isolated even if it shares its IP address space.
Classless Inter-Domain Routing (CIDR) block such as 10.0.0.0/16. The Amazon VPC service was released after the Amazon EC2 service; because of this, there are two different networking platforms available within AWS: EC2-Classic and EC2-VPC. AWS accounts that support EC2-VPC will have a default VPC created in each region with a default subnet created in each Availability Zone. The assigned CIDR block of the VPC will be 172.31.0.0/16.
IP Address- Subnet An IP address is an address that has information about how to reach a specific host, especially outside the LAN. Classful IP addressing is an obsolete method for allocating IP addresses and dividing the available IP address space across networks. It was used from 1981 to 1993 until the introduction of CIDR (Based on Prefixes rather than classes). IP addresses into five classes (A, B, C, D, and E) An IPv4 address is a unique number assigned to every device that connects to the internet or a computer network.
Ipconfig [ TERMINAL] https://www.geeksforgeeks.org/computer-networks/introduction-to-subnetting/
Subnetting is the process of dividing a large network into smaller networks called "subnets." Subnets provide each group of devices with its own space to communicate, which ultimately helps the network function efficiently.
Subnets
After creating an Amazon VPC, you can add one or more subnets in each Availability Zone. Subnets reside within one Availability Zone and cannot span zones.
Route Table
Review Questions
Cost and Billing_ my profile Current Charges: Amazon EC2 Compute: $62.42 Tax: $15.27 EC2 Other: $12.60 Amazon VPC: $9.86 Other services: $0.00 For Educational Use - Cost Reduction Strategies: Stop/Terminate Unused EC2 Instances : Your largest cost is EC2 compute ($62.42). If you have running instances that aren't currently needed for teaching, stop or terminate them. Use AWS Free Tier : For educational purposes, consider: t2.micro or t3.micro instances (750 hours/month free) 30 GB of EBS storage free 5 GB of S3 storage free AWS Educate Program : Consider applying for AWS Educate, which provides:
Free AWS credits for educators and students Access to learning resources Classroom management tools Optimize Your Resources : Review running EC2 instances and right-size them Delete unused EBS volumes and snapshots Remove unnecessary VPC resources (NAT gateways, Elastic IPs) Important Note : I cannot directly remove charges from your account, as these represent actual AWS resource usage. However, you can: Immediate Actions : Stop/terminate unused resources to prevent future charges Contact AWS Support : For billing questions or if you believe there are incorrect charges Set up Billing Alerts : To monitor future spending and avoid unexpected costs Would you like me to help you identify specific resources that might be causing these charges, or would you prefer guidance on setting up cost controls for your educational environment?
DNS _ROUTE 53 The Domain Name System (DNS) is a fundamental internet service that translates human-readable domain names (like www.example.com ) into machine-readable IP addresses (like 192.0.2.44). It acts like a phonebook for the internet, allowing users to access websites and other online resources using easily remembered names instead of numerical IP addresses.
domain names , like nytimes.com or espn.com Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources. hostname (such as www.example.com )
4 DNS servers are involved in loading a webpage
Root Servers: These servers are at the top of the DNS hierarchy and store information about the top-level domains (TLDs) like .com, .org, and .net . Top-Level Domain (TLD) Servers: These servers manage domain names within specific TLDs (e.g., .com, .org, .gov). Authoritative Name Servers: These servers store DNS records for specific domains. Each domain typically has one or more authoritative name servers. Recursive DNS Servers: Also known as resolver servers, these servers interact with clients to resolve domain names by recursively querying other DNS servers until they find the authoritative server for a given domain.
https://www.cloudflare.com/learning/dns/what-is-dns/
Route53
Internet Gateway https://www.youtube.com/watch?v=43tIX7901Gs
For private subnet
EC2 creation
Security Group
SSH console / Putty
A company is hosting a web application on AWS using EC2 instances inside a Virtual Private Cloud (VPC). They want the application to be accessible over the internet using a custom domain name. The architecture includes: A VPC with public and private subnets An Internet Gateway (IGW) attached to the VPC EC2 instances in a public subnet Route 53 for DNS resolution A registered domain: examplecompany.com Analyze the given setup and answer the following: a) Explain how the Internet Gateway enables Internet access for EC2 instances in the VPC. b) Describe the role of Route 53 in connecting the domain name to the EC2 instance. c) Identify and explain two misconfigurations that could prevent users from accessing the website via the domain name. d) Propose a solution to ensure high availability and DNS failover using Route 53.
Internet Gateway In AWS, several types of gateways facilitate network traffic routing and connectivity. Internet Gateway (IGW) NAT Gateway, Transit Gateway and Direct Connect Gateway. Each serves a distinct purpose in connecting resources within your VPC to the internet, other VPCs, or your on-premises network.
Lab 4,5,6 Register a domain name using Amazon Route 53 and upload HTML, CSS, and JavaScript files to the S3 bucket to host the website. Configuring a Virtual Private Cloud (VPC) in AWS, including setting up subnets, route tables, internet gateways, NAT gateway, and security groups. RESTful API using Amazon API Gateway using AWS Lambda.
API TASK : https://apyhub.com/search?query=REST%20&category=&sortBy=Relevance Generate Thank You E-mail API Detect Spam API Generate Product Introduction API Generate Tours & Activities Product Categories API AI Video Transcriber API
REST API : [LAB6] Using Lambda with API Gateway
Create a REST ( API through which you invoke a Lambda function using an HTTP request. Your Lambda function will perform create, read, update, and delete (CRUD) operations on a DynamoDB table. This function is provided here for demonstration, but you will learn to configure an API Gateway REST API that can invoke any Lambda function.
Using API Gateway provides users with a secure HTTP endpoint to invoke your Lambda function. It can help manage large volumes of calls to your function by throttling traffic and automatically validating and authorizing API calls. API Gateway also provides flexible security controls using AWS Identity and Access Management (IAM) and Amazon Cognito. This is useful for use cases where advanced authorization is required for calls to your application.
Steps to create a REST API : Create and configure a Lambda function in Python or Node.js to perform operations on a DynamoDB table. Create a REST API in API Gateway to connect to your Lambda function. Create a DynamoDB table and test it with your Lambda function in the console. Deploy your API and test the full setup using curl in a terminal.
ROUTE 53 [ LAB4] https://get.tech/github-student-developer-pack
EC2 launch
Revision A cloud-based image processing system stores millions of image files in Amazon S3. The team initially used sequential file names (e.g., img_0001.jpg, img_0002.jpg) but faced performance issues during high read operations. They are now considering switching to a hash-prefixed naming strategy. Explain why sequential naming may lead to performance issues in S3 under high traffic. Describe how the hash-prefix strategy improves performance and scalability in this context.
. Why sequential naming may lead to performance issues in S3 under high traffic. Amazon S3 is designed to scale massively, but key name patterns can directly affect partitioning and performance. S3 partitions data based on key names. In earlier versions of S3 (before 2015 improvements), sequential key names (like img_0001.jpg, img_0002.jpg) caused hot partitions, because keys with similar prefixes ended up in the same partition. Hot partitioning occurs when a disproportionate amount of read/write traffic is directed to a small subset of partitions, creating a bottleneck. With millions of sequential keys, a large volume of simultaneous read/write operations would overwhelm those few partitions, reducing throughput and increasing latency. While S3 has improved and now supports adaptive partitioning, hot key issues can still arise under very high traffic and particularly with write-heavy or read-heavy workloads using sequential key patterns.
II. How the hash-prefix strategy improves performance and scalability The hash-prefix naming strategy introduces randomness in the key prefixes, which distributes traffic evenly across S3 partitions . How it works: A hash (e.g., MD5, SHA-1, etc.) is generated from some part of the file's metadata or name (or a random value). A few characters (e.g., first 4–6 hex characters) of the hash are prepended to the file name: Instead of img_0001.jpg , you might use: a1f3-img_0001.jpg . Benefits: Improved load distribution : Randomized prefixes ensure that S3 spreads keys across many partitions, avoiding hot spots. Parallelism : Multiple clients can read/write simultaneously without contention on the same partition. Scalability : Supports higher throughput and lower latency even at massive scale.
You are configuring an Amazon VPC with the CIDR block 10.0.0.0/16. Within this VPC, you create two subnets: Subnet A: 10.0.0.0/24 in Availability Zone 1 Subnet B: 10.0.1.0/24 in Availability Zone 2 A route table is attached to both subnets with only the local route (10.0.0.0/16 → local). If an EC2 instance in Subnet A tries to communicate with another EC2 instance in Subnet B, will the communication be successful? Justify your answer.
VPC Routing Behavior The VPC is configured with a CIDR block of 10.0.0.0/16 , which encompasses both subnets: Subnet A : 10.0.0.0/24 (e.g., 10.0.0.0 – 10.0.0.255) Subnet B : 10.0.1.0/24 (e.g., 10.0.1.0 – 10.0.1.255) Both subnets are in the same VPC , though they are in different Availability Zones (AZs) . Route Table Configuration The route table attached to both subnets includes only the default local route : 10.0.0.0/16 → local This "local" route is automatically created by AWS in every VPC route table. It enables communication between all subnets within the VPC , regardless of Availability Zone.
Conclusion Because both subnets are: Part of the same VPC Covered by the local route (10.0.0.0/16 → local) And assuming: The security groups and network ACLs allow the traffic The EC2 instances in Subnet A and Subnet B can communicate directly over the AWS network without the need for an internet gateway, NAT, or VPN
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 7
- Slides 100
- Age 76 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views