# Day:12 AWS Networking

### Cloud-Native Networking Services

1. Region the geographical location of your network
    
2. VPC(virtual private cloud) a logically isolated section of the AWS Cloud where you can launch AWS resources
    
3. AZ the data center of your AWS resources
    
4. Subnets a logical partition of an IP network into multiple, smaller network segments
    
5. Security Groups Acts as firewall at the instance level
    
6. NACLS Acts as a firewalls at the subnet level
    
7. Route Tables determine where network traffic from your subnets are Directed
    
8. Internet Gateway Enable access to the Internet
    

### Enterprise/Hybrid Networking:

1. **Direct Connect** dedicated gigabit connection from on- premise data-center to AWS (a very fast connection)
    
2. AWS Virtual Private Network (VPN) a secure connection between on-premise, remote offices, mobile employees.
    
3. Private Links (VPC Interface Endpoints) keeps traffic within the AWS network and not traverse the internet to keep traffic is secure.
    

### Virtual Private Cloud (VPC) and Subnets

1. Virtual Private Cloud (VPC) is a logically isolated section of the AWS Network where you launch your AWS resources. You choose a range of IPs using CIDR Range CIDR Range of 10.0.0.0/16 = 65,536 IP Addresses
    
2. Subnets a logical partition of an IP network into multiple smaller network segments. You are breaking up your IP range for VPC into smaller networks.
    
3. Subnets need to have a smaller CIDR range than to the VPC represent their portion. eg Subnet CIDR Range 10.0.0.0/24 = 256 IP Addresses
    
4. A Public Subnet is one that can reach the internet
    
5. A Private Subnet is one that cannot reach the internet
    

| Network Access Control Lists(NACLs) | Security Groups |
| --- | --- |
| Acts as a virtual firewall at the subnet level You create Allow and Deny rules | Acts as a virtual firewall at the instance level. Implicitly denies all traffic. You create only Allow rules. |
| eg. Block a specific IP address known for abuse | eg. Allow an EC2 instance access on port 22 for SSH |
