Apologies for the lack of posts recently, however I’ve recently been studying for the AWS Advanced Networking Specialty Exam. Since re:Invent at the latter end of 2017 I’d made the decision to take a little time off of the studying but that changed when Sybex Published the AWS official study guide for the Advanced Networking Specialty. To date the book is still not available here in the UK as the release date seems to keep being delayed (perhaps due to distribution issues) but I was able to order it directly from Amazon.com in the US and get it shipped.
AWS Advanced Networking Official Study Guide
The book itself I thought was extremely good and covered the topics in pretty good detail and what I really liked was that it covered a number of the newer services such as PrivateLink and GuardDuty.
Continue reading “AWS Advanced Networking Specialty”
In this post I’m going to go into further detail regarding the varying Amazon VPC Architectural Options. When first deploying VPC it seems similar to a traditional Data Centre, however there are a variety of reasons to consider a multi-VPC strategy. These reasons include:
- Provide security configuration appropriate to VPC, improving overall security posture.
- De-risk changes by minimizing the blast radius, accelerate deployment of changes.
- VPC specific configurations, rather than multiple configurations within a single VPC.
- Simplifies operational viewpoint based on the segregation.
- Provides granular network control and integration, only connecct to relevant networks.
- Leverage multiple VPC constructs effectively, route tables, subnets, NACLs, Peering, DNS.
- Supports automated deployment of resources into segregated VPCs.
- VPC can become part of the automation fabric, removing Data Centre mindset.
- Mitigates limits for very large VPCs, e.g. maximum practical security groups and rule limits.
- Reduce risk of VPCs constraints, e.g. network, subnet size is fixed at creation time.
Continue reading “VPC Architectural Options”
Amazon Virtual Private Cloud
- Amazon Virtual Private Cloud (VPC) is a virtual network that resembles a traditional network that you would operate in your own Data Centre, with the benefits of using the scalable infrastructure of AWS.
- Although it ‘resembles’ does not mean it is identical. Amazon VPC is a software defined network which provides familiar constructs that implements controls and rules in the EC2 hypervisor for network traffic.
- It enables network, workload or environmental isolation for application deployment, management and operations.
Continue reading “Amazon VPC Constructs”
You have been asked to virtually extend two existing data centres into AWS to support a highly available application that depends on existing, on-premises resources located in multiple data centres and static content that is served from an Amazon Simple Storage Service (S3) bucket. Your design currently includes a dual-tunnel VPN connection between your CGW and VGW. Which component of your architecture represents a potential single point of failure that you should consider changing to make the solution more highly available? (Choose 1)
a. No changes are necessary: the network architecture is currently highly available.
b. Add another CGW in a different data centre and create another dual-tunnel VPN connection.
c. Add another VGW in a different availability zone can create another dual-tunnel VPN connection.
d. Add a second VGW in a different availability zone, and a CGW in a different data centre, and create another dual-tunnel VPN connection.
This question is testing your understanding of VPN’s and the varying elements that go into the creation of establishing a VPN Connection with AWS.
Continue reading “AWS SA Professional – Practice Question 10”