ross-humphrey · December 11, 2019 16:55
diff --git a/vpc-spl.txt b/vpc-spl.txt
 Introduction to Amazon Virtual Private Cloud (VPC)
 ---------------------------------------------------------------------------------------------
 
 WHAT IS VIRTUAL PRIVATE CLOUD (VPC)?
 
 Lets you provision a locally isolated section of the AWS cloud where you can launch AWS resources in a virtual
 network you define. You control the virtual networking env, including IP range, creation of subnets, config of route tables and gateways.
 IPv4 and IPv6 can be used.
 
  ---------------------------------------------------------------------------------------------
 
 CREATE AN ELASTIC IP ADDRESS 
 
 VPC will launch a NAT gateway to provide internet access to private resources. The NAT Gateway will be assigned 
 a static IP known as an elastic IP. 
 
 An elastic ip address is a public IPv4 address reachable from the internet.
 Address will not change.
 You can associate the elastic ip with a resource in VPC such as gateway or EC2.
  
 ---------------------------------------------------------------------------------------------
 
 LAUNCH VPC Wizard:
 
 VPC With Single Public Subnet:
 > A single public subnet connected to the internet. Ideal for apps operating only in cloud
 
 VPC with Public and Private subnets:
 > A public subnet for internet facing resources and private subnet for back end resources.
 A NAT gateway is also launched to provide internet access for resources in private subnet. Ideal
 for keeping private resources seperate from the internet. 
 
 VPC with Public and Private Subnets and Hardware VPN access:
 As above but with VPN to corporate data center. Ideal where you have legacy in a data center.
 
 VPC with Private Subnet Only and VPN:
 A private subnet connected to a data center via a VPN. Ideal for bursting into the AWS cloud to provide
 additional resources while remaining secure from internet access. Good for development and test.
 
  
  ---------------------------------------------------------------------------------------------
  
  Using Wizard to create VPC with Public and Private Subnets
  Public IPv4 CIDR: 10.0.25.0/24
  Private subnet IPV4 CIDR: 10.0.50/24
  Name your public and private subnets. 
   
  ---------------------------------------------------------------------------------------------
  
  Internet Gateway:
    > Connects your VPC to the internet
    > If internet gateway no present - VPC has no connectivity to the internet
    > Internet gateways are horizontally scaled, redundant and highly available 
    > Imposes no availability risks or bandwidth constraints on network traffic
   
  ---------------------------------------------------------------------------------------------
  
  Subnets:
    > A subnet is a subset of a a VPC
    > IPv4 CIDR of 10.0.25/24 means that the subnet contains range 10.0.25.0 to 10.0.25.255
    
    Subnet is considered a PUBLIC subnet because in the ROUTE TABLE:
      > Subnet has a Route Table that has a route to an internet gateway makes it a public subnet
    
  ---------------------------------------------------------------------------------------------
  
  Route Tables:
    > 10.0.0.0/16 | local - directs traffic destined for elsewehre in VPC locally within VPC (traffic never leaves)
    > Route 0.0.0.0 | local - directs all traffic to the internet gateway
    
    Routing rules are always evaluated from the most restrictive - through to least restrictive.
    Thus - traffic is first sent internally - then to the internet.
  
  ---------------------------------------------------------------------------------------------
  
  Network ACL
    > Optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of subnets.
    Default
      > Rule 100 inbound allows all traffic in to the subnet
      > Rule 100 outbound allows all traffic out of the public subnet
      > * acts as a catch all
      
  ---------------------------------------------------------------------------------------------
  
  NAT Gateway:
  Allows resources in a private subnet to connect to the internet and other resources outside the VPC. The is an outbound only connection.
  Meaning that the connection must be initated from the private subnet. Resources on the internet cannot initiate an inbound connection.
  This keeps resources private and improves security. 
  
  ---------------------------------------------------------------------------------------------
  
 Security Groups:
  Acts as a virtual firewall for instances under your control. Security groups act at an instance level (EC2 instance) and not 
  subnet level. VPC automatically comes with a default group. If you do not specify a different group - EC2 will use the default. 
  
  Default group permits ALL traffic to access associated resources, but only if the Source is the default security group. 
  Any EC2 in the same security group can communicate with an EC2 in the same security group.
  
  When adding resources to the VPC you can create additional security groups to permit or deny access to resources in the VPC.
  
  
 
 DELETE:
 44.229.214.179
	Introduction to Amazon Virtual Private Cloud (VPC)
	---------------------------------------------------------------------------------------------

	WHAT IS VIRTUAL PRIVATE CLOUD (VPC)?

	Lets you provision a locally isolated section of the AWS cloud where you can launch AWS resources in a virtual
	network you define. You control the virtual networking env, including IP range, creation of subnets, config of route tables and gateways.
	IPv4 and IPv6 can be used.

	---------------------------------------------------------------------------------------------

	CREATE AN ELASTIC IP ADDRESS

	VPC will launch a NAT gateway to provide internet access to private resources. The NAT Gateway will be assigned
	a static IP known as an elastic IP.

	An elastic ip address is a public IPv4 address reachable from the internet.
	Address will not change.
	You can associate the elastic ip with a resource in VPC such as gateway or EC2.

	---------------------------------------------------------------------------------------------

	LAUNCH VPC Wizard:

	VPC With Single Public Subnet:
	> A single public subnet connected to the internet. Ideal for apps operating only in cloud

	VPC with Public and Private subnets:
	> A public subnet for internet facing resources and private subnet for back end resources.
	A NAT gateway is also launched to provide internet access for resources in private subnet. Ideal
	for keeping private resources seperate from the internet.

	VPC with Public and Private Subnets and Hardware VPN access:
	As above but with VPN to corporate data center. Ideal where you have legacy in a data center.

	VPC with Private Subnet Only and VPN:
	A private subnet connected to a data center via a VPN. Ideal for bursting into the AWS cloud to provide
	additional resources while remaining secure from internet access. Good for development and test.


	---------------------------------------------------------------------------------------------

	Using Wizard to create VPC with Public and Private Subnets
	Public IPv4 CIDR: 10.0.25.0/24
	Private subnet IPV4 CIDR: 10.0.50/24
	Name your public and private subnets.

	---------------------------------------------------------------------------------------------

	Internet Gateway:
	> Connects your VPC to the internet
	> If internet gateway no present - VPC has no connectivity to the internet
	> Internet gateways are horizontally scaled, redundant and highly available
	> Imposes no availability risks or bandwidth constraints on network traffic

	---------------------------------------------------------------------------------------------

	Subnets:
	> A subnet is a subset of a a VPC
	> IPv4 CIDR of 10.0.25/24 means that the subnet contains range 10.0.25.0 to 10.0.25.255

	Subnet is considered a PUBLIC subnet because in the ROUTE TABLE:
	> Subnet has a Route Table that has a route to an internet gateway makes it a public subnet

	---------------------------------------------------------------------------------------------

	Route Tables:
	> 10.0.0.0/16 \| local - directs traffic destined for elsewehre in VPC locally within VPC (traffic never leaves)
	> Route 0.0.0.0 \| local - directs all traffic to the internet gateway

	Routing rules are always evaluated from the most restrictive - through to least restrictive.
	Thus - traffic is first sent internally - then to the internet.

	---------------------------------------------------------------------------------------------

	Network ACL
	> Optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of subnets.
	Default
	> Rule 100 inbound allows all traffic in to the subnet
	> Rule 100 outbound allows all traffic out of the public subnet
	> * acts as a catch all

	---------------------------------------------------------------------------------------------

	NAT Gateway:
	Allows resources in a private subnet to connect to the internet and other resources outside the VPC. The is an outbound only connection.
	Meaning that the connection must be initated from the private subnet. Resources on the internet cannot initiate an inbound connection.
	This keeps resources private and improves security.

	---------------------------------------------------------------------------------------------

	Security Groups:
	Acts as a virtual firewall for instances under your control. Security groups act at an instance level (EC2 instance) and not
	subnet level. VPC automatically comes with a default group. If you do not specify a different group - EC2 will use the default.

	Default group permits ALL traffic to access associated resources, but only if the Source is the default security group.
	Any EC2 in the same security group can communicate with an EC2 in the same security group.

	When adding resources to the VPC you can create additional security groups to permit or deny access to resources in the VPC.



	DELETE:
	44.229.214.179