Welcome to Day 50 of the #100DaysOfDevOps Challenge! Today we will cover the Basics of networking on AWS Amazon Web Services.

Networking on Amazon Web Services (AWS) is a crucial aspect of building and managing cloud-based applications and services. AWS provides a wide range of networking services and features that allow you to create scalable, secure, and highly available network architectures. Here are some of the key networking components and concepts in AWS:

1. Amazon Virtual Private Cloud (VPC):

   • VPC is the fundamental building block for networking on AWS. It allows you to create an isolated section of the AWS cloud where you can launch resources like EC2 instances, RDS databases, and more.

   • With VPC, you have full control over your network, including defining subnets, route tables, and security groups.

As you can see in the image above, VPC is an isolated network in a region, and it spans all the AZs in that region.
When you create an AWS account, it gives you a default VPC. I will explain what all things a default VPC offers, then I will show you how you can create one yourself.

A default VPC gives you four things -

1. IP address ranges/CIDR block

2. Subnets in availability zones

3. Routers to route out to the internet

4. Security groups and network access control lists (NACLs) for security

So, I will be talking about each of these 4 topics -

1. IP addressing

2. Creating Subnets

3. Routing

4. Security

In some places, I will also be explaining some standard networking terms like CIDR blocks, etc. If you are familiar with them, feel free to skip them.

IP addressing

In the default VPC, AWS gives you some range of IP addresses so that anything that will be deployed in that VPC will get an IP address from that IP address range. We denote IP address ranges with a CIDR (Classless Inter-Domain Routing) block. For example, AWS gives you 172.31.0.0/16 range of addresses for the default VPC.

Let's understand this CIDR block - Open any IP calculator like http://jodies.de/ipcalc and calculate the IP ranges that belong to this CIDR block.

As you can see in the image, where 16 is the netmask, saying the first 16 bits in the addresses are constant (here equal to 172.31), so that gives us the option to change rest 16 bits. By changing the last 16 bits i.e., previous two blocks of 8 bits (172.31.x.x), we can generate 65536 (256*256) IP addresses. That's how you represent the IP address range with CIDR blocks.

So, In the address range 172.31.0.0/16 (172.31 describes the network because of the 16 netmask, and 0.0 part will describe the host i.e., the actual system on the network)

Also, 172.31.0.0/16 falls within RFC 1918 ranges. RFC 1918 are reserved IP address ranges for private networks, so they don’t exist publicly on the Internet. So if you create something in your VPC, its IP address is not going to conflict with anything on the Internet because its private. If you want to talk to something on the Internet, you can’t have an IP address conflict. Even when you have two services talking to each other on-premise, both of those services’ VPCs should have different CIDR ranges so that IP addresses of instances inside them don’t overlap, because overlapping addresses can’t talk to each other easily.

So, when you create a VPC, you specify a CIDR block (saying all the machines that will be deployed in this VPC will receive an IP address from this range).

1. Subnets:

   • Subnets are subdivisions of a VPC. You can place resources within different subnets to control their network access and segmentation.

2. Internet Gateway (IGW):

   • An IGW allows your VPC to connect to the public internet, enabling resources to communicate with the outside world.

3. Virtual Private Network (VPN):

   • AWS offers several VPN options, including Site-to-Site VPN and AWS Client VPN, to securely connect your on-premises network to your VPC.

4. Direct Connect:

   • AWS Direct Connect provides a dedicated network connection from your on-premises data center to AWS, bypassing the public internet for more reliable and secure communication.

5. Elastic Load Balancer (ELB):

   • ELB distributes incoming traffic across multiple instances, improving the availability and fault tolerance of your applications.

6. Security Groups:

   • Security Groups act as virtual firewalls for your EC2 instances. You can control inbound and outbound traffic by defining rules in these groups.

7. Network Access Control Lists (NACLs):

   • NACLs are stateless, network-level access control lists that control traffic at the subnet level.

8. Route Tables:

   • Route tables determine how network traffic is directed within a VPC. You can configure routes to route traffic between subnets and to the internet.

9. Peering Connections:

   • VPC peering allows you to connect multiple VPCs, enabling them to communicate with each other as if they were on the same network.

10. Transit Gateway:

    • Transit Gateway simplifies network connectivity between multiple VPCs and on-premises data centers.

11. Virtual Private Network (VPC) Endpoints:

    • VPC endpoints allow you to privately connect your VPC to AWS services like S3 and DynamoDB without using an internet gateway.

12. AWS Global Accelerator:

    • This service improves the availability and performance of applications by routing traffic over the AWS global network.

13. AWS CloudFront:

    • CloudFront is a content delivery network (CDN) service that caches and serves content closer to end-users, improving performance and reducing latency.

14. VPC Flow Logs:

    • Flow logs capture information about IP traffic going to and from network interfaces in your VPC.

When designing your network on AWS, you should consider the AWS-Well Architected to . AWS provides various tools and services to help you meet these requirements. Planning and implementing the right networking architecture is crucial to building robust and reliable applications in the AWS cloud.