zoukankan      html  css  js  c++  java
  • [AWS

    VPC & Subnets

    VPC: private network to deploy your resources (regional resource)

    Subnets: partition your network inside your VPC (AZ resource)

    Public subnet: able to access internet

    Private subnet: not able to access internet

    To define access to the internet and between subnets, we use Route Tables

    Internet Gateway & NAT Gateways

    Internet Gateways

    Public subnets ables to access internet is because of internet gateways

    Public subnets have a route to the internet gateway.

    NAT Gateways

    For private gateways, to access internet, we use NAT Gateway / instance. 

    NAT Gateways (AWS-managed) & NAT instances (self-managed) allow your instances in your Private Subnets to access internet while remaning private.

    The way it works is: NAT lives in public subnet and has route to IGW, then private subnet connet to NAT, then it able to access internet,

    Public subnet has first firewall which is NACL, it can allow and deny traffic from and to subnet.

    Security Groups is a firewall for EC2 instance, by default deny all traffic, you need to tell what you want to allow.

    Security groups are stateful, you traffic can go out, then it can go back in as well.

    VPC Perring is used for communication between two VCP.

    VPC Endpoints

    • Endpoints allow you to connect to AWS service using a private network instead of the public www network
    • ALl the AWS services are public, any time you use an AWS service, EC2 talks publicly in AWS
    • If you want to access S3 or DynamoDB outside VPC, you can use VPC Endpoints Gateway. 
    • VPC endpoint Gateway: S3 & DyanmoDB Only
    • VPC endpoint interface: the rest
    • Only used within VPC

    • VPN & DC CANNOT access VPC endpoints. Because VPC endpoint is only for AWS service inside VPC

    3 tiers: 

    • Public subnet: ELB, NAT
    • Private subnet: ALB, AZ, EC2
    • Data Subent: Aurora, RDS, ElastiCache

  • 相关阅读:
    小米手机4 rom 下载链接
    java 两个线程交替打印到100
    获取积分最多的人(二)
    刷题通过的题目排名
    考试分数(二)
    牛客的课程订单分析(二)
    牛客的课程订单分析(三)
    docker使用小记
    Dynamic Graph Collaborative Filtering
    Learnable Embedding Sizes for Recommender Systems
  • 原文地址:https://www.cnblogs.com/Answer1215/p/14847788.html
Copyright © 2011-2022 走看看