SlideShare a Scribd company logo

Creating Your Virtual Data Center

Monica Trantow
Monica Trantow

In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint. Presented by: Koen Biggelaar, Senior Manager Solutions Architecture, Amazon Web Services Customer Guest: Jurjan Woltman, Architect, Wehkamp

1 of 67
Download to read offline
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Koen vd Biggelaar, Sr. Mgr. Solution Architecture, AWS Jurjan Woltman, Architect, Wehkamp May 2016 Creating Your Virtual Data Center VPC Fundamentals and Connectivity Options
EC2 instance
172.31.0.128 172.31.0.129 172.31.1.24 172.31.1.27 54.4.5.6 54.2.3.4 VPC
What to Expect from the Session • Get familiar with VPC concepts • Walk through a basic VPC setup • Learn about the ways in which you can tailor your virtual network to meet your needs • Get a customer story • And there is more
Walkthrough: Setting Up an Internet-Connected VPC
Creating an Internet-Connected VPC: Steps Choosing an address range Setting up subnets in Availability Zones Creating a route to the Internet Authorizing traffic to/from the VPC
Choose address ranges
CIDR Notation Review CIDR range example: 172.31.0.0/16 1010 1100 0001 1111 0000 0000 0000 0000
Choosing IP Address Ranges for Your VPC 172.31.0.0/16 Recommended: RFC1918 range Recommended: /16 (64K addresses)
Set up subnets
Choosing IP Address Ranges for Your Subnets 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet 172.31.0.0/24 172.31.1.0/24 172.31.2.0/24 eu-west-1a eu-west-1b eu-west-1c
Auto-assign Public IP: All instances will get an automatically assigned public IP
More on Subnets • Recommended for most customers: • /16 VPC (64K addresses) • /24 subnets (251 addresses) • One subnet per Availability Zone
Create a route to the Internet
Routing in Your VPC • Route tables contain rules for which packets go where • Your VPC has a default route table • …but you can assign different route tables to different subnets
Traffic destined for my VPC stays in my VPC
Internet Gateway Send packets here if you want them to reach the Internet
Everything that isn’t destined for the VPC: Send to the Internet
Authorizing traffic: Network ACLs, Security groups
Network ACLs = Stateless Firewall Rules
Security Groups Follow the Structure of Your Application “MyWebServers” security group “MyBackends” security group Allow only “MyWebServers”
Security Groups = Stateful Firewall In English: Hosts in this group are reachable from the Internet on port 80 (HTTP)
Security Groups = Stateful Firewall In English: Only instances in the MyWebServers security group can reach instances in this security group
Security Groups in VPCs: Additional Notes • VPC allows creation of egress as well as ingress security group rules • Best practice: Whenever possible, specify allowed traffic by reference (other security groups) • Many application architectures lend themselves to a 1:1 relationship between security groups (who can reach me) and IAM roles (what I can do).
Connectivity Options For VPCs
Beyond Internet Connectivity Subnet routing options Connecting to your corporate network Connecting to other VPCs
Routing on a subnet basis: Internal-facing subnets
Different Route Tables for Different Subnets VPC subnet VPC subnet Has route to Internet Has no route to Internet
Internet Access via NAT Gateway VPC subnet VPC subnet 0.0.0.0/0 0.0.0.0/0 Public IP: 54.161.0.39 NAT Gateway
Connecting to other VPCs: VPC Peering
Shared Services VPC Using VPC Peering Common/core services • Authentication/directory • Monitoring • Logging • Remote administration • Scanning
VPC Peering VPC Peering 172.31.0.0/16 10.55.0.0/16 Orange security group Blue security group ALLOW
Steps to Establish Peering: Initiate Request 172.31.0.0/16 10.55.0.0/16 Step 1 Initiate peering request
Steps to Establish Peering: Initiate Request
Steps to Establish Peering: Accept Request 172.31.0.0/16 10.55.0.0/16 Step 1 Initiate peering request Step 2 Accept peering request
Steps to Establish Peering: Accept Request
Steps to Establish Peering: Create Route 172.31.0.0/16 10.55.0.0/16Step 1 Initiate peering request Step 2 Accept peering request Step 3 Create routes In English: Traffic destined for the peered VPC should go to the peering
Connecting to your network: Virtual private network & Amazon Direct Connect
Extend your own network into your VPC VPN Direct Connect
VPN: What you need to know Customer gateway Virtual gateway Two IPSec tunnels 192.168.0.0/16 172.31.0.0/16 192.168/16 Your networking device
Routing to a Virtual Private Gateway In English: Traffic to my 192.168.0.0/16 network goes out the VPN tunnel
VPN vs Direct Connect • Both allow secure connections between your network and your VPC • VPN is a pair of IPSec tunnels over the Internet • Direct Connect is a dedicated line with lower per-GB data transfer rates • For highest availability: Use both
DNS in a VPC
VPC DNS Options Use Amazon DNS server Have EC2 auto-assign DNS hostnames to instances
EC2 DNS Hostnames in a VPC Internal DNS hostname: Resolves to Private IP address External DNS name: Resolves to …
EC2 DNS Hostnames Work From Anywhere: Outside Your VPC C:>nslookup ec2-52-18-10-57.eu-west-1.compute.amazonaws.com Server: globaldnsanycast.amazon.com Address: 10.4.4.10 Non-authoritative answer: Name: ec2-52-18-10-57.eu-west-1.compute.amazonaws.com Address: 52.18.10.57 Outside your VPC: PublicIP address
EC2 DNS Hostnames Work From Anywhere: Inside Your VPC [ec2-user@ip-172-31-0-201 ~]$ dig ec2-52-18-10-57.eu-west-1.compute.amazonaws.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.38.amzn1 <<>>ec2-52-18-10-57.eu-west-1.compute.amazonaws.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36622 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL:0 ;; QUESTIONSECTION: ;ec2-52-18-10-57.eu-west-1.compute.amazonaws.com. IN A ;; ANSWER SECTION: ec2-52-18-10-57.eu-west-1.compute.amazonaws.com. 60 IN A 172.31.0.137 ;; Query time: 2 msec ;; SERVER: 172.31.0.2#53(172.31.0.2) ;; WHEN: Wed Sep 9 22:32:56 2015 ;; MSG SIZE rcvd: 81 Inside your VPC: Private IP address
Route 53 Private Hosted Zones • Control DNS resolution for a domain and subdomains • DNS records take effect only inside associated VPCs • Can use it to override DNS records “on the outside”
Jurjan Woltman, Architect Amazon AWS Summit May 24th, 2016 Running a Microservices Container Platform on AWS
Almost end-of life On Premise Monolith .NET No Automation Scalability limit reached Frontend Technology stack – 2012
7.000.000 PERSONAL WEBSITES TOUCHPOINTS Our Ambition
● Reactive Micro-services architecture ● Polyglot Programmming: Scala, .Net, NodeJS, Java ● Blend of SaaS & Wehkamp proprietary services ● Services expose RESTAPI’s over HTTP/JSON ● Open for integration, internally and externally ● Support for Multi-instances e.g, countries, labels ● And last but not least: Scalable & Resilient Infrastructure
Why AWS ● Maturity & Feature Richness ● Ease of Use ● Development Tooling – Automation is key ● Scalability & Resilience
Availability Zone A Availability Zone C Availability Zone B Dublin One Region with Three Availability Zones
WEHKAMP.IO CIDR: 10.200.48.0/20 Blaze OTA CIDR: 10.200.16.0/20 Blaze P CIDR: 10.200.0.0/20 AWS VPC’s CIDR: 10.200.0.0/16 On Premise VPN Connections Three VPCs to split Development & Production
& Automate everything - VPCs are managed by Cloudformation and Ansible
10.x.x.x/20 Public A 10.x.0.0/24 Public B 10.x.1.0/24 Public C 10.x.2.0/24 Private C 10.x.13.0/24 Private B 10.x.14.0/24 Private A 10.x.15.0/24 VIF • /20 per VPC • /24 per Subnet • Public & Private per AZ
10.x.x.x/20 Public A 10.x.0.0/24 Public B 10.x.1.0/24 Public C 10.x.2.0/24 Private C 10.x.13.0/24 Private B 10.x.14.0/24 Private A 10.x.15.0/24 VIF Mesos Container Platform Cassandra Elastic Search • Our platform is deployed in 3 AZ’s • Pick middleware / tools which are aware
WEHKAMP.IO CIDR: 10.200.48.0/20 Blaze OTA CIDR: 10.200.16.0/20 Blaze P CIDR: 10.200.0.0/20 AWS VPC’s CIDR: 10.200.0.0/16 On Premise VPN Connections Three VPC’s to split Development & Production
Billing IAM Shared Services Back-up Audit Trail control dev acc prd label (nl.wehkamp) control dev acc prd label (be.wehkamp) Reporting Account & VPC REDESIGN ● Single Responsibility ● Security ● Fault-Tolerant ● Shared Resources
redundant fiber Shared Services control dev acc prd label (nl.wehkamp) control dev acc prd label (be.wehkamp) Direct Connect Replace VPN by Direct Connect
What did we learn? ● Start simple and small ● Automate everything! ● VPC’s are different than on-premise networks ● Isolation & strong (naming) conventions
And there is more …
VPC Flow Logs: See All Your Traffic Visibility into effects of security group rules Troubleshooting network connectivity Ability to analyze traffic
VPC Endpoints: S3 Without an Internet Gateway
Creating Your Virtual Data Center
Remember to complete your evaluations!
Ad

Recommended

Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC
Cohesive Networks
 
Vpc (virtual private cloud)
Vpc (virtual private cloud)Vpc (virtual private cloud)
Vpc (virtual private cloud)
RashmiDhanve
 
Aws VPC
Aws VPCAws VPC
Aws VPC
Abhishek Amralkar
 
AWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovAWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan Naydenov
Bogdan Naydenov
 
Amazon Virtual Private Cloud VPC Architecture AWS Web Services
Amazon Virtual Private Cloud VPC Architecture AWS Web ServicesAmazon Virtual Private Cloud VPC Architecture AWS Web Services
Amazon Virtual Private Cloud VPC Architecture AWS Web Services
Robert Wilson
 
An Introduction to Amazon VPC
An Introduction to Amazon VPCAn Introduction to Amazon VPC
An Introduction to Amazon VPC
Sarah Z
 
Datacenter Computing with Apache Mesos - BigData DC
Datacenter Computing with Apache Mesos - BigData DCDatacenter Computing with Apache Mesos - BigData DC
Datacenter Computing with Apache Mesos - BigData DC
Paco Nathan
 
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and EasilyAWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
akramemohemat
 
MEMS IC Substrate Technologies Guide 2025.pptx
MEMS IC Substrate Technologies Guide 2025.pptxMEMS IC Substrate Technologies Guide 2025.pptx
MEMS IC Substrate Technologies Guide 2025.pptx
IC substrate Shawn Wang
 
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Maarten Verwaest
 
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Alan Dix
 
Understanding SEO in the Age of AI.pdf
Understanding SEO in the Age of AI.pdfUnderstanding SEO in the Age of AI.pdf
Understanding SEO in the Age of AI.pdf
Fulcrum Concepts, LLC
 
Digital Technologies for Culture, Arts and Heritage: Insights from Interdisci...
Digital Technologies for Culture, Arts and Heritage: Insights from Interdisci...Digital Technologies for Culture, Arts and Heritage: Insights from Interdisci...
Digital Technologies for Culture, Arts and Heritage: Insights from Interdisci...
Vasileios Komianos
 
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdfICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
Eryk Budi Pratama
 
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
João Esperancinha
 
Harmonizing Multi-Agent Intelligence | Open Data Science Conference | Gary Ar...
Harmonizing Multi-Agent Intelligence | Open Data Science Conference | Gary Ar...Harmonizing Multi-Agent Intelligence | Open Data Science Conference | Gary Ar...
Harmonizing Multi-Agent Intelligence | Open Data Science Conference | Gary Ar...
Gary Arora
 
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz
 
Top 5 Qualities to Look for in Salesforce Partners in 2025
Top 5 Qualities to Look for in Salesforce Partners in 2025Top 5 Qualities to Look for in Salesforce Partners in 2025
Top 5 Qualities to Look for in Salesforce Partners in 2025
Damco Salesforce Services
 
machines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdfmachines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdf
AmirStern2
 
AI-proof your career by Olivier Vroom and David WIlliamson
AI-proof your career by Olivier Vroom and David WIlliamsonAI-proof your career by Olivier Vroom and David WIlliamson
AI-proof your career by Olivier Vroom and David WIlliamson
UXPA Boston
 
Building the Customer Identity Community, Together.pdf
Building the Customer Identity Community, Together.pdfBuilding the Customer Identity Community, Together.pdf
Building the Customer Identity Community, Together.pdf
Cheryl Hung
 
An Overview of Salesforce Health Cloud & How is it Transforming Patient Care
An Overview of Salesforce Health Cloud & How is it Transforming Patient CareAn Overview of Salesforce Health Cloud & How is it Transforming Patient Care
An Overview of Salesforce Health Cloud & How is it Transforming Patient Care
Cyntexa
 
Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)
Kaya Weers
 
Config 2025 presentation recap covering both days
Config 2025 presentation recap covering both daysConfig 2025 presentation recap covering both days
Config 2025 presentation recap covering both days
TrishAntoni1
 
fennec fox optimization algorithm for optimal solution
fennec fox optimization algorithm for optimal solutionfennec fox optimization algorithm for optimal solution
fennec fox optimization algorithm for optimal solution
shallal2
 
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptxReimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
John Moore
 
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdfKit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Wonjun Hwang
 
Unlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web AppsUnlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web Apps
Maximiliano Firtman
 
2024 Trend Updates: What Really Works In SEO & Content Marketing
2024 Trend Updates: What Really Works In SEO & Content Marketing2024 Trend Updates: What Really Works In SEO & Content Marketing
2024 Trend Updates: What Really Works In SEO & Content Marketing
Search Engine Journal
 
Storytelling For The Web: Integrate Storytelling in your Design Process
Storytelling For The Web: Integrate Storytelling in your Design ProcessStorytelling For The Web: Integrate Storytelling in your Design Process
Storytelling For The Web: Integrate Storytelling in your Design Process
Chiara Aliotta
 
Ad

More Related Content

Recently uploaded (20)

MEMS IC Substrate Technologies Guide 2025.pptx
MEMS IC Substrate Technologies Guide 2025.pptxMEMS IC Substrate Technologies Guide 2025.pptx
MEMS IC Substrate Technologies Guide 2025.pptx
IC substrate Shawn Wang
 
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Maarten Verwaest
 
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Alan Dix
 
Understanding SEO in the Age of AI.pdf
Understanding SEO in the Age of AI.pdfUnderstanding SEO in the Age of AI.pdf
Understanding SEO in the Age of AI.pdf
Fulcrum Concepts, LLC
 
Digital Technologies for Culture, Arts and Heritage: Insights from Interdisci...
Digital Technologies for Culture, Arts and Heritage: Insights from Interdisci...Digital Technologies for Culture, Arts and Heritage: Insights from Interdisci...
Digital Technologies for Culture, Arts and Heritage: Insights from Interdisci...
Vasileios Komianos
 
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdfICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
Eryk Budi Pratama
 
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
João Esperancinha
 
Harmonizing Multi-Agent Intelligence | Open Data Science Conference | Gary Ar...
Harmonizing Multi-Agent Intelligence | Open Data Science Conference | Gary Ar...Harmonizing Multi-Agent Intelligence | Open Data Science Conference | Gary Ar...
Harmonizing Multi-Agent Intelligence | Open Data Science Conference | Gary Ar...
Gary Arora
 
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz
 
Top 5 Qualities to Look for in Salesforce Partners in 2025
Top 5 Qualities to Look for in Salesforce Partners in 2025Top 5 Qualities to Look for in Salesforce Partners in 2025
Top 5 Qualities to Look for in Salesforce Partners in 2025
Damco Salesforce Services
 
machines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdfmachines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdf
AmirStern2
 
AI-proof your career by Olivier Vroom and David WIlliamson
AI-proof your career by Olivier Vroom and David WIlliamsonAI-proof your career by Olivier Vroom and David WIlliamson
AI-proof your career by Olivier Vroom and David WIlliamson
UXPA Boston
 
Building the Customer Identity Community, Together.pdf
Building the Customer Identity Community, Together.pdfBuilding the Customer Identity Community, Together.pdf
Building the Customer Identity Community, Together.pdf
Cheryl Hung
 
An Overview of Salesforce Health Cloud & How is it Transforming Patient Care
An Overview of Salesforce Health Cloud & How is it Transforming Patient CareAn Overview of Salesforce Health Cloud & How is it Transforming Patient Care
An Overview of Salesforce Health Cloud & How is it Transforming Patient Care
Cyntexa
 
Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)
Kaya Weers
 
Config 2025 presentation recap covering both days
Config 2025 presentation recap covering both daysConfig 2025 presentation recap covering both days
Config 2025 presentation recap covering both days
TrishAntoni1
 
fennec fox optimization algorithm for optimal solution
fennec fox optimization algorithm for optimal solutionfennec fox optimization algorithm for optimal solution
fennec fox optimization algorithm for optimal solution
shallal2
 
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptxReimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
John Moore
 
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdfKit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Wonjun Hwang
 
Unlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web AppsUnlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web Apps
Maximiliano Firtman
 
MEMS IC Substrate Technologies Guide 2025.pptx
MEMS IC Substrate Technologies Guide 2025.pptxMEMS IC Substrate Technologies Guide 2025.pptx
MEMS IC Substrate Technologies Guide 2025.pptx
IC substrate Shawn Wang
 
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Limecraft Webinar - 2025.3 release, featuring Content Delivery, Graphic Conte...
Maarten Verwaest
 
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Alan Dix
 
Understanding SEO in the Age of AI.pdf
Understanding SEO in the Age of AI.pdfUnderstanding SEO in the Age of AI.pdf
Understanding SEO in the Age of AI.pdf
Fulcrum Concepts, LLC
 
Digital Technologies for Culture, Arts and Heritage: Insights from Interdisci...
Digital Technologies for Culture, Arts and Heritage: Insights from Interdisci...Digital Technologies for Culture, Arts and Heritage: Insights from Interdisci...
Digital Technologies for Culture, Arts and Heritage: Insights from Interdisci...
Vasileios Komianos
 
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdfICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
Eryk Budi Pratama
 
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
Could Virtual Threads cast away the usage of Kotlin Coroutines - DevoxxUK2025
João Esperancinha
 
Harmonizing Multi-Agent Intelligence | Open Data Science Conference | Gary Ar...
Harmonizing Multi-Agent Intelligence | Open Data Science Conference | Gary Ar...Harmonizing Multi-Agent Intelligence | Open Data Science Conference | Gary Ar...
Harmonizing Multi-Agent Intelligence | Open Data Science Conference | Gary Ar...
Gary Arora
 
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz
 
Top 5 Qualities to Look for in Salesforce Partners in 2025
Top 5 Qualities to Look for in Salesforce Partners in 2025Top 5 Qualities to Look for in Salesforce Partners in 2025
Top 5 Qualities to Look for in Salesforce Partners in 2025
Damco Salesforce Services
 
machines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdfmachines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdf
AmirStern2
 
AI-proof your career by Olivier Vroom and David WIlliamson
AI-proof your career by Olivier Vroom and David WIlliamsonAI-proof your career by Olivier Vroom and David WIlliamson
AI-proof your career by Olivier Vroom and David WIlliamson
UXPA Boston
 
Building the Customer Identity Community, Together.pdf
Building the Customer Identity Community, Together.pdfBuilding the Customer Identity Community, Together.pdf
Building the Customer Identity Community, Together.pdf
Cheryl Hung
 
An Overview of Salesforce Health Cloud & How is it Transforming Patient Care
An Overview of Salesforce Health Cloud & How is it Transforming Patient CareAn Overview of Salesforce Health Cloud & How is it Transforming Patient Care
An Overview of Salesforce Health Cloud & How is it Transforming Patient Care
Cyntexa
 
Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)
Kaya Weers
 
Config 2025 presentation recap covering both days
Config 2025 presentation recap covering both daysConfig 2025 presentation recap covering both days
Config 2025 presentation recap covering both days
TrishAntoni1
 
fennec fox optimization algorithm for optimal solution
fennec fox optimization algorithm for optimal solutionfennec fox optimization algorithm for optimal solution
fennec fox optimization algorithm for optimal solution
shallal2
 
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptxReimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
John Moore
 
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdfKit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Kit-Works Team Study_팀스터디_김한솔_nuqs_20250509.pdf
Wonjun Hwang
 
Unlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web AppsUnlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web Apps
Maximiliano Firtman
 

Featured (20)

2024 Trend Updates: What Really Works In SEO & Content Marketing
2024 Trend Updates: What Really Works In SEO & Content Marketing2024 Trend Updates: What Really Works In SEO & Content Marketing
2024 Trend Updates: What Really Works In SEO & Content Marketing
Search Engine Journal
 
Storytelling For The Web: Integrate Storytelling in your Design Process
Storytelling For The Web: Integrate Storytelling in your Design ProcessStorytelling For The Web: Integrate Storytelling in your Design Process
Storytelling For The Web: Integrate Storytelling in your Design Process
Chiara Aliotta
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
OECD Directorate for Financial and Enterprise Affairs
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
SocialHRCamp
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
 
2024 Trend Updates: What Really Works In SEO & Content Marketing
2024 Trend Updates: What Really Works In SEO & Content Marketing2024 Trend Updates: What Really Works In SEO & Content Marketing
2024 Trend Updates: What Really Works In SEO & Content Marketing
Search Engine Journal
 
Storytelling For The Web: Integrate Storytelling in your Design Process
Storytelling For The Web: Integrate Storytelling in your Design ProcessStorytelling For The Web: Integrate Storytelling in your Design Process
Storytelling For The Web: Integrate Storytelling in your Design Process
Chiara Aliotta
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
OECD Directorate for Financial and Enterprise Affairs
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
SocialHRCamp
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
 
Ad

Creating Your Virtual Data Center

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Koen vd Biggelaar, Sr. Mgr. Solution Architecture, AWS Jurjan Woltman, Architect, Wehkamp May 2016 Creating Your Virtual Data Center VPC Fundamentals and Connectivity Options
  • 4. What to Expect from the Session • Get familiar with VPC concepts • Walk through a basic VPC setup • Learn about the ways in which you can tailor your virtual network to meet your needs • Get a customer story • And there is more
  • 5. Walkthrough: Setting Up an Internet-Connected VPC
  • 6. Creating an Internet-Connected VPC: Steps Choosing an address range Setting up subnets in Availability Zones Creating a route to the Internet Authorizing traffic to/from the VPC
  • 8. CIDR Notation Review CIDR range example: 172.31.0.0/16 1010 1100 0001 1111 0000 0000 0000 0000
  • 9. Choosing IP Address Ranges for Your VPC 172.31.0.0/16 Recommended: RFC1918 range Recommended: /16 (64K addresses)
  • 11. Choosing IP Address Ranges for Your Subnets 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet 172.31.0.0/24 172.31.1.0/24 172.31.2.0/24 eu-west-1a eu-west-1b eu-west-1c
  • 12. Auto-assign Public IP: All instances will get an automatically assigned public IP
  • 13. More on Subnets • Recommended for most customers: • /16 VPC (64K addresses) • /24 subnets (251 addresses) • One subnet per Availability Zone
  • 14. Create a route to the Internet
  • 15. Routing in Your VPC • Route tables contain rules for which packets go where • Your VPC has a default route table • …but you can assign different route tables to different subnets
  • 16. Traffic destined for my VPC stays in my VPC
  • 17. Internet Gateway Send packets here if you want them to reach the Internet
  • 18. Everything that isn’t destined for the VPC: Send to the Internet
  • 20. Network ACLs = Stateless Firewall Rules
  • 21. Security Groups Follow the Structure of Your Application “MyWebServers” security group “MyBackends” security group Allow only “MyWebServers”
  • 22. Security Groups = Stateful Firewall In English: Hosts in this group are reachable from the Internet on port 80 (HTTP)
  • 23. Security Groups = Stateful Firewall In English: Only instances in the MyWebServers security group can reach instances in this security group
  • 24. Security Groups in VPCs: Additional Notes • VPC allows creation of egress as well as ingress security group rules • Best practice: Whenever possible, specify allowed traffic by reference (other security groups) • Many application architectures lend themselves to a 1:1 relationship between security groups (who can reach me) and IAM roles (what I can do).
  • 26. Beyond Internet Connectivity Subnet routing options Connecting to your corporate network Connecting to other VPCs
  • 27. Routing on a subnet basis: Internal-facing subnets
  • 28. Different Route Tables for Different Subnets VPC subnet VPC subnet Has route to Internet Has no route to Internet
  • 29. Internet Access via NAT Gateway VPC subnet VPC subnet 0.0.0.0/0 0.0.0.0/0 Public IP: 54.161.0.39 NAT Gateway
  • 30. Connecting to other VPCs: VPC Peering
  • 31. Shared Services VPC Using VPC Peering Common/core services • Authentication/directory • Monitoring • Logging • Remote administration • Scanning
  • 32. VPC Peering VPC Peering 172.31.0.0/16 10.55.0.0/16 Orange security group Blue security group ALLOW
  • 33. Steps to Establish Peering: Initiate Request 172.31.0.0/16 10.55.0.0/16 Step 1 Initiate peering request
  • 34. Steps to Establish Peering: Initiate Request
  • 35. Steps to Establish Peering: Accept Request 172.31.0.0/16 10.55.0.0/16 Step 1 Initiate peering request Step 2 Accept peering request
  • 36. Steps to Establish Peering: Accept Request
  • 37. Steps to Establish Peering: Create Route 172.31.0.0/16 10.55.0.0/16Step 1 Initiate peering request Step 2 Accept peering request Step 3 Create routes In English: Traffic destined for the peered VPC should go to the peering
  • 38. Connecting to your network: Virtual private network & Amazon Direct Connect
  • 39. Extend your own network into your VPC VPN Direct Connect
  • 40. VPN: What you need to know Customer gateway Virtual gateway Two IPSec tunnels 192.168.0.0/16 172.31.0.0/16 192.168/16 Your networking device
  • 41. Routing to a Virtual Private Gateway In English: Traffic to my 192.168.0.0/16 network goes out the VPN tunnel
  • 42. VPN vs Direct Connect • Both allow secure connections between your network and your VPC • VPN is a pair of IPSec tunnels over the Internet • Direct Connect is a dedicated line with lower per-GB data transfer rates • For highest availability: Use both
  • 43. DNS in a VPC
  • 44. VPC DNS Options Use Amazon DNS server Have EC2 auto-assign DNS hostnames to instances
  • 45. EC2 DNS Hostnames in a VPC Internal DNS hostname: Resolves to Private IP address External DNS name: Resolves to …
  • 46. EC2 DNS Hostnames Work From Anywhere: Outside Your VPC C:>nslookup ec2-52-18-10-57.eu-west-1.compute.amazonaws.com Server: globaldnsanycast.amazon.com Address: 10.4.4.10 Non-authoritative answer: Name: ec2-52-18-10-57.eu-west-1.compute.amazonaws.com Address: 52.18.10.57 Outside your VPC: PublicIP address
  • 47. EC2 DNS Hostnames Work From Anywhere: Inside Your VPC [ec2-user@ip-172-31-0-201 ~]$ dig ec2-52-18-10-57.eu-west-1.compute.amazonaws.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.38.amzn1 <<>>ec2-52-18-10-57.eu-west-1.compute.amazonaws.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36622 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL:0 ;; QUESTIONSECTION: ;ec2-52-18-10-57.eu-west-1.compute.amazonaws.com. IN A ;; ANSWER SECTION: ec2-52-18-10-57.eu-west-1.compute.amazonaws.com. 60 IN A 172.31.0.137 ;; Query time: 2 msec ;; SERVER: 172.31.0.2#53(172.31.0.2) ;; WHEN: Wed Sep 9 22:32:56 2015 ;; MSG SIZE rcvd: 81 Inside your VPC: Private IP address
  • 48. Route 53 Private Hosted Zones • Control DNS resolution for a domain and subdomains • DNS records take effect only inside associated VPCs • Can use it to override DNS records “on the outside”
  • 50. Almost end-of life On Premise Monolith .NET No Automation Scalability limit reached Frontend Technology stack – 2012
  • 52. ● Reactive Micro-services architecture ● Polyglot Programmming: Scala, .Net, NodeJS, Java ● Blend of SaaS & Wehkamp proprietary services ● Services expose RESTAPI’s over HTTP/JSON ● Open for integration, internally and externally ● Support for Multi-instances e.g, countries, labels ● And last but not least: Scalable & Resilient Infrastructure
  • 53. Why AWS ● Maturity & Feature Richness ● Ease of Use ● Development Tooling – Automation is key ● Scalability & Resilience
  • 54. Availability Zone A Availability Zone C Availability Zone B Dublin One Region with Three Availability Zones
  • 55. WEHKAMP.IO CIDR: 10.200.48.0/20 Blaze OTA CIDR: 10.200.16.0/20 Blaze P CIDR: 10.200.0.0/20 AWS VPC’s CIDR: 10.200.0.0/16 On Premise VPN Connections Three VPCs to split Development & Production
  • 56. & Automate everything - VPCs are managed by Cloudformation and Ansible
  • 57. 10.x.x.x/20 Public A 10.x.0.0/24 Public B 10.x.1.0/24 Public C 10.x.2.0/24 Private C 10.x.13.0/24 Private B 10.x.14.0/24 Private A 10.x.15.0/24 VIF • /20 per VPC • /24 per Subnet • Public & Private per AZ
  • 58. 10.x.x.x/20 Public A 10.x.0.0/24 Public B 10.x.1.0/24 Public C 10.x.2.0/24 Private C 10.x.13.0/24 Private B 10.x.14.0/24 Private A 10.x.15.0/24 VIF Mesos Container Platform Cassandra Elastic Search • Our platform is deployed in 3 AZ’s • Pick middleware / tools which are aware
  • 59. WEHKAMP.IO CIDR: 10.200.48.0/20 Blaze OTA CIDR: 10.200.16.0/20 Blaze P CIDR: 10.200.0.0/20 AWS VPC’s CIDR: 10.200.0.0/16 On Premise VPN Connections Three VPC’s to split Development & Production
  • 60. Billing IAM Shared Services Back-up Audit Trail control dev acc prd label (nl.wehkamp) control dev acc prd label (be.wehkamp) Reporting Account & VPC REDESIGN ● Single Responsibility ● Security ● Fault-Tolerant ● Shared Resources
  • 61. redundant fiber Shared Services control dev acc prd label (nl.wehkamp) control dev acc prd label (be.wehkamp) Direct Connect Replace VPN by Direct Connect
  • 62. What did we learn? ● Start simple and small ● Automate everything! ● VPC’s are different than on-premise networks ● Isolation & strong (naming) conventions
  • 63. And there is more …
  • 64. VPC Flow Logs: See All Your Traffic Visibility into effects of security group rules Troubleshooting network connectivity Ability to analyze traffic
  • 65. VPC Endpoints: S3 Without an Internet Gateway
  翻译: