Networking¶
From IP addressing basics to designing VPCs for multi-tier applications. Networking is the foundation every AWS architecture is built on.
-
VPC
Virtual Private Cloud — subnets, routing, security groups vs NACLs, NAT Gateways, VPC Endpoints, and peering.
-
Subnetting
CIDR notation, subnet mask binary AND, AWS's 5-reserved-addresses rule, and designing VPC address plans.
Networking in AWS — Quick Map¶
Your application
|
[CloudFront] -> CDN edge caching, DDoS protection
|
[Route 53] -> DNS, health checks, routing policies
|
[ALB / NLB] -> Load balancing (L7 / L4)
|
[VPC] -> Your private network
|
+-- [Public Subnet] -> Internet-facing resources (LB, NAT GW, bastion)
| |
| [Internet Gateway] -> Door to the internet
|
+-- [Private Subnet] -> App servers, databases
|
[NAT Gateway] -> Outbound internet access (updates, API calls)
|
[VPC Endpoints] -> Direct to AWS services (no internet needed)
Key Concepts to Know¶
| Concept | What It Does |
|---|---|
| Security Group | Stateful firewall at the instance level (allow rules only) |
| NACL | Stateless firewall at the subnet level (allow + deny) |
| Route Table | Controls where traffic goes within the VPC |
| Internet Gateway | Bidirectional internet access for public subnets |
| NAT Gateway | Outbound-only internet access for private subnets |
| VPC Endpoint | Private connection to AWS services (no internet) |
| VPC Peering | Private connection between two VPCs |
| Transit Gateway | Hub-and-spoke for connecting many VPCs |