SlideShare uma empresa Scribd logo

AWS Connectivity, VPC Design and Security Pro Tips

Shiva Narayanaswamy
Shiva Narayanaswamy

AWS Connectivity, VPC Design and Security Pro Tips

Internet
1 de 100
Baixar para ler offline
Agenda
Agenda •  AWS Connectivity –  Direct Connect
What isAWS Direct Connect… •  Dedicated, private pipes into AWS •  Create private (VPC) or public interfaces to AWS •  Cheaper data-out rates than Internet (data-in still free) •  Consistent network performance compared to Internet •  Multiple AWS accounts can share a connection
Why useAWS Direct Connect? $0.000 $0.050 $0.100 $0.150 First 10TB Next 40TB Next 100TB Next 350TB Direct Connect Internet
Public Subnet Availability Zone A Private Subnet Public Subnet Availability Zone B Private Subnet Instance A 10.1.1.11 /24 Instance C 10.1.3.33 /24 Instance B 10.1.2.22 /24 Instance D 10.1.4.44 /24 VPC CIDR: 10.1.0.0 /16 Virtual Private Gateway (VGW) Internet Gateway (IGW) Only 1 IGW and 1 VGW per VPC VPN connection Customer data center Customer data center AWS Direct Connect Route Table Destination Target 10.1.0.0/16 local Internal CIDR VGW
Direct Connect – Single Link, Single CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network ` ` VGW AWS Network DX POP Location Cross Connect Customer Gateway Router Circuit to Customers Network Customers Network Backbone Circuit to Customers Site Customer Provider Edge Router Customers Local Network Demarcation
Direct Connect – Single Link, Single CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network ` ` From - To CGW to VGW VGW to CGW Route 172.16.0.0/16 10.1.0.0/16 Metric - - eBGP From - To Customer to CGW CGW to Customer Route 172.16.0.0/16 10.1.0.0/16 Routing – Probably eBGP Layer 2 VLAN Connectivity BGP is a requirement for Direct Connect: http://aws.amazon.com/directconnect/faqs/
VLAN Y VLAN X VIFs virtual private cloud 1 virtual private cloud 2 virtual private cloud N … public endpoints Region Direct Connect Location private VIF 1 public virtual interface (VIF) private VIF 2 VLAN Z VLAN N AWS DX Router Customer Router Each interface can be associated with a different AWS Account. (Hosted Virtual Interfaces)
Public Virtual Interfaces (VIFs)
Private Virtual Interfaces (VIFs)
Agenda •  AWS Connectivity –  VPN –  Design Patterns
Customer Network Only 1 IGW and 1 VGW per VPC
Customer Network
Customer Network
Agenda •  AWS Connectivity –  VPN –  Design Patterns
Direct Connect – Single Link, Single CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network ` ` With IPSEC Failover
Direct Connect – Single Link, Single CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network `` IPSEC over The Internet From - To CGW to VGW VGW to CGW Route 172.16.0.0/16 10.1.0.0/16 Metric - - eBGP With IPSEC Failover
Direct Connect – Dual Links, Single CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network ` `
Direct Connect – Dual Links, Single CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network ` `
Direct Connect – Dual Links, Single CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network ` ` From - To CGW to VGW VGW to CGW Route 172.16.0.0/16 10.1.0.0/16 Metric LP 150 eBGP From - To CGW to VGW VGW to CGW Route 172.16.0.0/17 10.1.0.0/16 Metric LP 90 eBGP -  You can split your route advertisements to the VGW -  Instead of using AS Path Prepend CGW to VGW172.16.128.0/1 7
Direct Connect – Dual Links, Dual CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network ` `
Direct Connect – Dual Links, Dual CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet ` Service Provider Network `
Direct Connect – Dual Links, Dual CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet `` ` Service Provider Network
Direct Connect – Dual Links, Dual CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet ` ` Service Provider Network `
Direct Connect – Dual Links, Dual CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet ` ` Service Provider Network ` BGP AS - Y BGP AS - X iBGP between RoutersiBGP between Routers
Direct Connect – Dual Links, Dual CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet ` ` Service Provider Network ` - So far so good? - What’s wrong with this topology? - SPoF!
Direct Connect – Dual Links, Dual CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customer s Subnet ` ` Service Provider Network `
Direct Connect – Dual Locations, Dual Links VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location - 1 Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet ` ` Service Provider Network ` AWS Direct Connect Customer Gateway Colocation ` DX Location - 2
VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location - 1 Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet ` ` ` AWS Direct Connect Customer Gateway Colocation ` DX Location - 2 DirectConnect – Dual Locations, Dual Links, Dual Routers Service Provider Network
Multi Account DX VPC 1 10.1.0.0/16 Customer Gateway VLAN320Private VI AWS Direct Connect Ethernet Trunk SVI/Sub 320 IP 169.x.x.2IP 169.x.x.1 BGP AS 65xxxBGP AS 17493 VLAN 320 Colocation
Multi-Account Direct Connect Customer Gateway VLAN320 Ethernet Trunk SVI/Sub 320 IP 169.x.x.2 BGP AS 65xxx VPC 1 10.1.0.0/16 Private VI IP 169.x.x.1 BGP AS 17493 VLAN 320 Colocation VPC 2 10.2.0.0/16 IP 169.y.y.1 BGP AS 17493 VLAN 330 VLAN330 SVI/Sub 330 IP 169.y.y.2 BGP AS 65xxx Private VI AWS Direct Connect AWS Account 1
Multi-Account Direct Connect Customer Gateway VLAN320 Ethernet Trunk SVI/Sub 320 IP 169.x.x.2 BGP AS 65xxx VPC 1 10.1.0.0/16 Private VI IP 169.x.x.1 BGP AS 17493 VLAN 320 Colocation VPC 2 10.2.0.0/16 IP 169.y.y.1 BGP AS 17493 VLAN 330 VLAN330 SVI/Sub 330 IP 169.y.y.2 BGP AS 65xxx Private VI AWS Direct Connect AWS Account 1 AWS Account 2
How to Delegate VI to Another Account. Step 1.
Delegate Virtual Interface to Another Account. Step 2.
Agenda –  VPN –  Design Patterns •  VPC Design –  Concepts
AvailabilityZoneA AvailabilityZoneB
AvailabilityZoneA AvailabilityZoneB
VPC A - 10.0.0.0/16 AvailabilityZoneA AvailabilityZoneB Choose your VPC address range •  Your own private, isolated section of the AWS cloud •  Every VPC has a private IP address space •  That maximum CIDR block you can allocate is /16 •  For example 10.0.0.0/16 – this allows 256*256 = 65,536 IP addresses Select IP addressing strategy •  You can’t change the VPC address space once it’s created •  Think about overlaps with other VPCs or existing corporate networks •  Don’t waste address space, but don’t’ constrain your growth either
VPC A - 10.0.0.0/16 AvailabilityZoneA
VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 10.0.5.0/2410.0.4.0/24
VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 Web Bastio n
VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 10.0.5.0/2410.0.4.0/24 EC 2 App “Web servers can connect to app servers on port 8080” Log EC 2 Web Bastion
VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 10.0.5.0/2410.0.4.0/24 EC 2 Ap p “Web servers can connect to app servers on port 8080” “Allow outbound connections to the log server” Log EC 2 Web Bastio n
VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 10.0.5.0/24 Bastio n 10.0.4.0/24 EC 2 Ap p “Web servers can connect to app servers on port 8080” “Allow outbound connections to the log server” “Allow SSH and ICMP from instances in the Bastion security group” Log EC 2 Web
VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 Web Security groups •  Operate at the instance level •  Supports ALLOW rules only •  Are stateful •  Max 50 rules per security group •  Max 5 groups per instance Bastio n
VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 Router 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 Web Bastio n
VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 Router 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 Web “Deny all traffic between the web server subnet and the database server subnet” Bastio n
VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 Router 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 Web Bastio n NACLs are optional •  Applied at subnet level •  Stateless and permit all by default •  ALLOW and DENY •  Applies to all instances in the subnet •  Use as guard rails (port 21, 135,…)
VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 Router 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 WebEC 2 Web Elastic Load Balancer Bastio n
VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 Router 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 WebEC 2 Web Elastic Load Balancer Bastio n
VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 EC 2 10.0.3.0/24 EC 2 Router 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 WebEC 2 WebEC 2 EC 2 Web Elastic load balancers •  Instances can automatically be added and removed from the balancing pool using rules •  You can add instances into security groups at launch time Elastic Load Balancer Auto scalin g Bastio n
VPC A - 10.0.0.0/16 AvailabilityZoneA EC 2 EC 2 EC 2 Ap p EC 2 WebEC 2 WebEC 2 EC 2 Web Internet Gateway VPC Router
VPC A - 10.0.0.0/16 AvailabilityZoneA EC 2 EC 2 EC 2 Ap p EC 2 WebEC 2 WebEC 2 EC 2 Web Internet Gateway VPC Router Internet routing •  Add route tables to subnets to control Internet traffic flows – these become Public subnets •  Internet Gateway routing allows you to allocate a static Elastic IP address or use AWS-managed public IP addresses to your instance
VPC A - 10.0.0.0/16 AvailabilityZoneA EC 2 EC 2 EC 2 Ap p EC 2 WebEC 2 WebEC 2 EC 2 Web Internet Gateway VPC Router Internet routing •  Use a NAT instance to provide Internet connectivity for private subnets - required to access AWS update repositories •  This will also allow back-end servers to route to AWS APIs – for example storing logs on S3, or using Dynamo, SQS, SNS and SWS NA T
VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 EC 2 10.0.3.0/24 EC 2 NA T 10.0.4.0/24 EC 2 Ap p EC 2 WebEC 2 WebEC 2 EC 2 Web VPC Router Amazon S3 DynamoDB Amazon SNS Amazon SQS Internet Gateway NA T
Agenda –  VPN –  Design Patterns •  VPC Design –  Concepts –  Design Patterns
To NACL or not to NACL? Pros Another layer of defense Can speed up deals •  Fits legacy IT models •  Network/FW Engineer’s friend Can help with networking compliance •  Separate groups for SGs/NALCs Explicit deny rules Apply to an entire subnet Cons Adds complexity Can slow down adoption •  Fits legacy IT processes •  DevOps Enemy Potentially not necessary for compliance •  Third-party proactive controls •  SG audits (programmable infra) Stateless FW rules Apply only to subnets/CIDR addresses
NACL Best Practices
Routing Instances Love Them NAT instances VPN tunnels (between VPCs) Data loss prevention Intrusion detection Hate Them Single point of failure Extra costs (EC2, third-party licenses) More for customer to manage Potential network bottleneck
Routing Instance Best Practices
AWS region Public-facing web app Internal company app What’s next? VPN connection Customer data center Multiple VPCs
Multiple VPCs use case
Multiple VPCs tips and tricks
Public-facing web app Internal company app #2 HA pair VPN endpointsCustomer data center Internal company app #3 Internal company app #4 Internal company app #1 Internal company Dev Internal company QA AWS region BackupAD, DNS Monitoring Logging Multiple VPCs over IPSEC VPN
About IPSEC and multiple VPCs
Public-facing web app Internal company app #2 HA pair VPN endpointsCustomer data center Internal company app #3 Internal company app #4 Internal company app #1 Internal company Dev Internal company QA AWS region BackupAD, DNS Monitoring Logging Multiple VPCs over AWS Direct Connect Direct Connect Facility Customer Data Center Physical Connection Logical Connections VLANs Logical Connections VLANs
About AWS Direct Connect and multiple VPCs
•  Security groups and NACLs still apply AWS region Public-facing web app Internal company app #1 HA pair VPN endpoints company data center Internal company app #2 Internal company app #3 Internal company app #4 Services VPC Internal company Dev Internal company QA AD, DNS Monitoring Logging •  Security groups still bound to single VPC Multiple VPCs over VPC Peering
VPC peering use cases
10.1.0.0/16 10.0.0.0/16 •  VPCs within same region Peer Request Peer Accept •  Same or different accounts •  IP space cannot overlap •  Only 1 between any 2 VPCs VPC peering configuration
10.1.0.0/16 10.0.0.0/16 10.0.0.0/16 ✔ Overlapping IP is not a dead end
10.0.0.0/16 10.0.0.0/16 PCX-1 PCX-2 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16 Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C
10.1.0.0/16 10.4.0.0/16 10.0.0.0/16 10.3.0.0/16 172.16.0.0/16 192.168.0.0/16 10.2.0.0/16 172.17.0.0/16 CA
10.1.0.0/16 10.4.0.0/16 10.0.0.0/16 10.3.0.0/16 172.16.0.0/16 192.168.0.0/16 10.2.0.0/16 172.17.0.0/16 company data center 10.10.0.0/16
10.1.0.0/16 10.4.0.0/16 10.0.0.0/16 10.3.0.0/16 172.16.0.0/16 192.168.0.0/16 10.2.0.0/16 172.17.0.0/16 company data center 10.10.0.0/16
10.4.0.0/16 10.0.0.0/16 172.16.0.0/16 192.168.0.0/16 172.17.0.0/16 10.1.0.0/16 10.2.0.0/1610.3.0.0/16
Peer review •  Shared infrastructure services moved to VPC •  1 to 1 peering = app isolation •  Security groups and NACLs still apply AWS region Public-facing web app Internal company app #1 HA pair VPN endpoints company data center Internal company app #2 Internal company app #3 Internal company app #4 Services VPC Internal company Dev Internal company QA AD, DNS Monitoring Logging •  Security groups still bound to single VPC Multiple accounts
About VPC peering and multiple VPCs
Model 1: “Lollipop”
Model 2: “Shared Services Model”
Model 3: “HIPS Model”
Scenario #4 – “Threat Layer Model”
Model 5: “NIDS Model”
Model 6: “Hybrid Model”
S3 VPC endpoint
Agenda –  VPN –  Design Patterns •  VPC Design –  Concepts –  Design Patterns •  Security Pro Tips
MFA
IAM Best Practices
AWS Trusted Advisor
CloudTrail – Log & monitor these! •  API actions with potential impact –  Internet Gateway –  Routes and Route Tables –  Network ACLs –  EC2 instances (run/create/launch/terminate) –  Security Groups –  CloudTrail (stop/delete/update) –  Put[Group/Role/User]Policy –  ModifyAccount –  ModifyBilling, ModifyPaymentMethods –  "Type":"Root" –  Create[User/Role/Group] –  CreateAccessKey
Continuous Change Recording Changing Resources AWS Config History Stream Snapshot (ex. 2014-11-05) AWS Config
ENCRYPT YOUR SENSITIVE DATA
segregate duties With  AWS  IAM  you  get  to  control  who  can  do   what  in  your  AWS  environment  and  from  where     Fine-­‐grained  control  of  your  AWS  cloud  with  two-­‐ factor  authen;ca;on     Integrated  with  your  exis;ng  corporate  directory   using  SAML  2.0  and  single  sign-­‐on   AWS account owner Network management Security management Server management Storage management
DDoS Protection Inbound HTTP CloudFront Amazon S3 WAFDynamic App App AppPeering DDoS users
Instance patching and upgrades
VPC Flow Logs
Discussion…

Recomendados

AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAmazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCAmazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
Advanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit GatewayAdvanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit GatewayAmazon Web Services
 
Aws VPC
Aws VPCAws VPC
Aws VPCAbhishek Amralkar
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAmazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 

Recomendados

AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAmazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCAmazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
Advanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit GatewayAdvanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit GatewayAmazon Web Services
 
Aws VPC
Aws VPCAws VPC
Aws VPCAbhishek Amralkar
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAmazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API GatewayMark Bate
 
Amazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Web Services
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Web Services
 
Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Tejoy Vachhrajani
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
AWS Account Best Practices
AWS Account Best PracticesAWS Account Best Practices
AWS Account Best PracticesAmazon Web Services
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentalsAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Introduction to CloudFront
Introduction to CloudFrontIntroduction to CloudFront
Introduction to CloudFrontAmazon Web Services
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAMKnoldus Inc.
 
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateDeep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateAmazon Web Services
 
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar SeriesImproving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar SeriesAmazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive Amazon Web Services
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS LambdaAmazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...Amazon Web Services
 
AWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovAWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovBogdan Naydenov
 

Mais conteúdo relacionado

Mais procurados

Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API GatewayMark Bate
 
Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Tejoy Vachhrajani
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAMKnoldus Inc.
 
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateDeep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateAmazon Web Services
 
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar SeriesImproving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar SeriesAmazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive Amazon Web Services
 

Mais procurados (20)

Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
 
Amazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Virtual Private Cloud
Amazon Virtual Private Cloud
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
 
Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
 
AWS Account Best Practices
AWS Account Best PracticesAWS Account Best Practices
AWS Account Best Practices
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
 
AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentals
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
Introduction to CloudFront
Introduction to CloudFrontIntroduction to CloudFront
Introduction to CloudFront
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
 
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateDeep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
 
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar SeriesImproving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS Lambda
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 

Destaque

ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...Amazon Web Services
 
AWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovAWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovBogdan Naydenov
 
DevOps, Common use cases, Architectures, Best Practices
DevOps, Common use cases, Architectures, Best PracticesDevOps, Common use cases, Architectures, Best Practices
DevOps, Common use cases, Architectures, Best PracticesShiva Narayanaswamy
 
AWS FSI Symposium 2017 NYC- CTP & Cloud Migration Best Practices
AWS FSI Symposium 2017 NYC- CTP & Cloud Migration Best PracticesAWS FSI Symposium 2017 NYC- CTP & Cloud Migration Best Practices
AWS FSI Symposium 2017 NYC- CTP & Cloud Migration Best PracticesAmazon Web Services
 
Migrate Enterprise Applications Framework and Guiding Principles.pdf
Migrate Enterprise Applications Framework and Guiding Principles.pdfMigrate Enterprise Applications Framework and Guiding Principles.pdf
Migrate Enterprise Applications Framework and Guiding Principles.pdfAmazon Web Services
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
 
Planning the Migration to the Cloud - AWS India Summit 2012
Planning the Migration to the Cloud - AWS India Summit 2012Planning the Migration to the Cloud - AWS India Summit 2012
Planning the Migration to the Cloud - AWS India Summit 2012Amazon Web Services
 
Accelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAccelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAmazon Web Services
 
(ISM201) Migrating to AWS: 7,700 Systems & 5 Global Data Centers
(ISM201) Migrating to AWS: 7,700 Systems & 5 Global Data Centers(ISM201) Migrating to AWS: 7,700 Systems & 5 Global Data Centers
(ISM201) Migrating to AWS: 7,700 Systems & 5 Global Data CentersAmazon Web Services
 
Cloud Native, Cloud First, and Hybrid - AWS Summit Bahrain 2017
Cloud Native, Cloud First, and Hybrid - AWS Summit Bahrain 2017Cloud Native, Cloud First, and Hybrid - AWS Summit Bahrain 2017
Cloud Native, Cloud First, and Hybrid - AWS Summit Bahrain 2017Amazon Web Services
 
Data Center Migration to the AWS Cloud
Data Center Migration to the AWS CloudData Center Migration to the AWS Cloud
Data Center Migration to the AWS CloudTom Laszewski
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Amazon Web Services
 

Destaque (13)

ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
 
AWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovAWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan Naydenov
 
DevOps, Common use cases, Architectures, Best Practices
DevOps, Common use cases, Architectures, Best PracticesDevOps, Common use cases, Architectures, Best Practices
DevOps, Common use cases, Architectures, Best Practices
 
AWS FSI Symposium 2017 NYC- CTP & Cloud Migration Best Practices
AWS FSI Symposium 2017 NYC- CTP & Cloud Migration Best PracticesAWS FSI Symposium 2017 NYC- CTP & Cloud Migration Best Practices
AWS FSI Symposium 2017 NYC- CTP & Cloud Migration Best Practices
 
Migrate Enterprise Applications Framework and Guiding Principles.pdf
Migrate Enterprise Applications Framework and Guiding Principles.pdfMigrate Enterprise Applications Framework and Guiding Principles.pdf
Migrate Enterprise Applications Framework and Guiding Principles.pdf
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
 
Planning the Migration to the Cloud - AWS India Summit 2012
Planning the Migration to the Cloud - AWS India Summit 2012Planning the Migration to the Cloud - AWS India Summit 2012
Planning the Migration to the Cloud - AWS India Summit 2012
 
Accelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAccelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdf
 
(ISM201) Migrating to AWS: 7,700 Systems & 5 Global Data Centers
(ISM201) Migrating to AWS: 7,700 Systems & 5 Global Data Centers(ISM201) Migrating to AWS: 7,700 Systems & 5 Global Data Centers
(ISM201) Migrating to AWS: 7,700 Systems & 5 Global Data Centers
 
Cloud Native, Cloud First, and Hybrid - AWS Summit Bahrain 2017
Cloud Native, Cloud First, and Hybrid - AWS Summit Bahrain 2017Cloud Native, Cloud First, and Hybrid - AWS Summit Bahrain 2017
Cloud Native, Cloud First, and Hybrid - AWS Summit Bahrain 2017
 
Data Center Migration to the AWS Cloud
Data Center Migration to the AWS CloudData Center Migration to the AWS Cloud
Data Center Migration to the AWS Cloud
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 

Semelhante a AWS Connectivity, VPC Design and Security Pro Tips

Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載Amazon Web Services
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載Amazon Web Services
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitAmazon Web Services
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...Amazon Web Services
 
(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct Connect(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct ConnectAmazon Web Services
 
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessThe Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessAmazon Web Services
 
AWS Summit Auckland - Fundamentals of Networking in AWS
AWS Summit Auckland - Fundamentals of Networking in AWSAWS Summit Auckland - Fundamentals of Networking in AWS
AWS Summit Auckland - Fundamentals of Networking in AWSAmazon Web Services
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data CenterMonica Trantow
 
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...Amazon Web Services
 
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and EasilyAWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easilyakramemohemat
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
 
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...Amazon Web Services
 
AWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsAWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsKent Plummer
 
A day in the life of a billion packets - AWS Summit Cape Town 2017
A day in the life of a billion packets - AWS Summit Cape Town 2017A day in the life of a billion packets - AWS Summit Cape Town 2017
A day in the life of a billion packets - AWS Summit Cape Town 2017Amazon Web Services
 
From One to Many: Evolving VPC Design
From One to Many: Evolving VPC DesignFrom One to Many: Evolving VPC Design
From One to Many: Evolving VPC DesignAmazon Web Services
 

Semelhante a AWS Connectivity, VPC Design and Security Pro Tips (20)

VPC and DX PoP @ HKG
VPC and DX PoP @ HKGVPC and DX PoP @ HKG
VPC and DX PoP @ HKG
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
 
(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct Connect(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct Connect
 
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessThe Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
 
AWS Summit Auckland - Fundamentals of Networking in AWS
AWS Summit Auckland - Fundamentals of Networking in AWSAWS Summit Auckland - Fundamentals of Networking in AWS
AWS Summit Auckland - Fundamentals of Networking in AWS
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data Center
 
Creating a Virtual Data Center
Creating a Virtual Data CenterCreating a Virtual Data Center
Creating a Virtual Data Center
 
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
 
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and EasilyAWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
 
AWS VPC
AWS VPCAWS VPC
AWS VPC
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
 
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
 
AWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsAWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN Solutions
 
A day in the life of a billion packets - AWS Summit Cape Town 2017
A day in the life of a billion packets - AWS Summit Cape Town 2017A day in the life of a billion packets - AWS Summit Cape Town 2017
A day in the life of a billion packets - AWS Summit Cape Town 2017
 
From One to Many: Evolving VPC Design
From One to Many: Evolving VPC DesignFrom One to Many: Evolving VPC Design
From One to Many: Evolving VPC Design
 

Mais de Shiva Narayanaswamy

Pets, Cattle, Rabbits and Microbes
Pets, Cattle, Rabbits and Microbes Pets, Cattle, Rabbits and Microbes
Pets, Cattle, Rabbits and Microbes Shiva Narayanaswamy
 
Leveraging Elastic Web Scale Computing with AWS
Leveraging Elastic Web Scale Computing with AWS Leveraging Elastic Web Scale Computing with AWS
Leveraging Elastic Web Scale Computing with AWSShiva Narayanaswamy
 
Build high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWSBuild high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWSShiva Narayanaswamy
 
Your APIs can be soft and fluffy
Your APIs can be soft and fluffyYour APIs can be soft and fluffy
Your APIs can be soft and fluffyShiva Narayanaswamy
 
Innovation at Scale - Top 10 AWS questions when you start
Innovation at Scale - Top 10 AWS questions when you startInnovation at Scale - Top 10 AWS questions when you start
Innovation at Scale - Top 10 AWS questions when you startShiva Narayanaswamy
 
Dev/Test Environment Provisioning and Management on AWS
Dev/Test Environment Provisioning and Management on AWSDev/Test Environment Provisioning and Management on AWS
Dev/Test Environment Provisioning and Management on AWSShiva Narayanaswamy
 
Application Lifecycle Management and Event Driven Programming on AWS
Application Lifecycle Management and Event Driven Programming on AWSApplication Lifecycle Management and Event Driven Programming on AWS
Application Lifecycle Management and Event Driven Programming on AWSShiva Narayanaswamy
 
Leveraging elastic web scale computing with AWS
Leveraging elastic web scale computing with AWS Leveraging elastic web scale computing with AWS
Leveraging elastic web scale computing with AWSShiva Narayanaswamy
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSShiva Narayanaswamy
 
Continuous delivery and deployment on AWS
Continuous delivery and deployment on AWSContinuous delivery and deployment on AWS
Continuous delivery and deployment on AWSShiva Narayanaswamy
 

Mais de Shiva Narayanaswamy (20)

State of Union - Containerz
State of Union - ContainerzState of Union - Containerz
State of Union - Containerz
 
Pets, Cattle, Rabbits and Microbes
Pets, Cattle, Rabbits and Microbes Pets, Cattle, Rabbits and Microbes
Pets, Cattle, Rabbits and Microbes
 
Leveraging Elastic Web Scale Computing with AWS
Leveraging Elastic Web Scale Computing with AWS Leveraging Elastic Web Scale Computing with AWS
Leveraging Elastic Web Scale Computing with AWS
 
Platform for Innovation - AWS
Platform for Innovation - AWSPlatform for Innovation - AWS
Platform for Innovation - AWS
 
Application Delivery Patterns
Application Delivery PatternsApplication Delivery Patterns
Application Delivery Patterns
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
 
ECS and ECR deep dive
ECS and ECR deep diveECS and ECR deep dive
ECS and ECR deep dive
 
AWS Tagging Strategy
AWS Tagging StrategyAWS Tagging Strategy
AWS Tagging Strategy
 
AWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic ScaleAWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic Scale
 
Build high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWSBuild high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWS
 
Your APIs can be soft and fluffy
Your APIs can be soft and fluffyYour APIs can be soft and fluffy
Your APIs can be soft and fluffy
 
Innovation at Scale - Top 10 AWS questions when you start
Innovation at Scale - Top 10 AWS questions when you startInnovation at Scale - Top 10 AWS questions when you start
Innovation at Scale - Top 10 AWS questions when you start
 
DevOps and AWS
DevOps and AWSDevOps and AWS
DevOps and AWS
 
Event driven infrastructure
Event driven infrastructureEvent driven infrastructure
Event driven infrastructure
 
Dev/Test Environment Provisioning and Management on AWS
Dev/Test Environment Provisioning and Management on AWSDev/Test Environment Provisioning and Management on AWS
Dev/Test Environment Provisioning and Management on AWS
 
Application Lifecycle Management and Event Driven Programming on AWS
Application Lifecycle Management and Event Driven Programming on AWSApplication Lifecycle Management and Event Driven Programming on AWS
Application Lifecycle Management and Event Driven Programming on AWS
 
Leveraging elastic web scale computing with AWS
Leveraging elastic web scale computing with AWS Leveraging elastic web scale computing with AWS
Leveraging elastic web scale computing with AWS
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWS
 
AWS EC2 and ELB troubleshooting
AWS EC2 and ELB troubleshootingAWS EC2 and ELB troubleshooting
AWS EC2 and ELB troubleshooting
 
Continuous delivery and deployment on AWS
Continuous delivery and deployment on AWSContinuous delivery and deployment on AWS
Continuous delivery and deployment on AWS
 

Último

Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.soniya singh
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 

Último (20)

Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 

AWS Connectivity, VPC Design and Security Pro Tips

  • 1.
  • 4. What isAWS Direct Connect… •  Dedicated, private pipes into AWS •  Create private (VPC) or public interfaces to AWS •  Cheaper data-out rates than Internet (data-in still free) •  Consistent network performance compared to Internet •  Multiple AWS accounts can share a connection
  • 5. Why useAWS Direct Connect? $0.000 $0.050 $0.100 $0.150 First 10TB Next 40TB Next 100TB Next 350TB Direct Connect Internet
  • 6. Public Subnet Availability Zone A Private Subnet Public Subnet Availability Zone B Private Subnet Instance A 10.1.1.11 /24 Instance C 10.1.3.33 /24 Instance B 10.1.2.22 /24 Instance D 10.1.4.44 /24 VPC CIDR: 10.1.0.0 /16 Virtual Private Gateway (VGW) Internet Gateway (IGW) Only 1 IGW and 1 VGW per VPC VPN connection Customer data center Customer data center AWS Direct Connect Route Table Destination Target 10.1.0.0/16 local Internal CIDR VGW
  • 7. Direct Connect – Single Link, Single CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network ` ` VGW AWS Network DX POP Location Cross Connect Customer Gateway Router Circuit to Customers Network Customers Network Backbone Circuit to Customers Site Customer Provider Edge Router Customers Local Network Demarcation
  • 8. Direct Connect – Single Link, Single CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network ` ` From - To CGW to VGW VGW to CGW Route 172.16.0.0/16 10.1.0.0/16 Metric - - eBGP From - To Customer to CGW CGW to Customer Route 172.16.0.0/16 10.1.0.0/16 Routing – Probably eBGP Layer 2 VLAN Connectivity BGP is a requirement for Direct Connect: http://aws.amazon.com/directconnect/faqs/
  • 9. VLAN Y VLAN X VIFs virtual private cloud 1 virtual private cloud 2 virtual private cloud N … public endpoints Region Direct Connect Location private VIF 1 public virtual interface (VIF) private VIF 2 VLAN Z VLAN N AWS DX Router Customer Router Each interface can be associated with a different AWS Account. (Hosted Virtual Interfaces)
  • 11.
  • 13.
  • 14. Agenda •  AWS Connectivity –  VPN –  Design Patterns
  • 15. Customer Network Only 1 IGW and 1 VGW per VPC
  • 18. Agenda •  AWS Connectivity –  VPN –  Design Patterns
  • 19. Direct Connect – Single Link, Single CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network ` ` With IPSEC Failover
  • 20. Direct Connect – Single Link, Single CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network `` IPSEC over The Internet From - To CGW to VGW VGW to CGW Route 172.16.0.0/16 10.1.0.0/16 Metric - - eBGP With IPSEC Failover
  • 21. Direct Connect – Dual Links, Single CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network ` `
  • 22. Direct Connect – Dual Links, Single CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network ` `
  • 23. Direct Connect – Dual Links, Single CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network ` ` From - To CGW to VGW VGW to CGW Route 172.16.0.0/16 10.1.0.0/16 Metric LP 150 eBGP From - To CGW to VGW VGW to CGW Route 172.16.0.0/17 10.1.0.0/16 Metric LP 90 eBGP -  You can split your route advertisements to the VGW -  Instead of using AS Path Prepend CGW to VGW172.16.128.0/1 7
  • 24. Direct Connect – Dual Links, Dual CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet Service Provider Network ` `
  • 25. Direct Connect – Dual Links, Dual CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet ` Service Provider Network `
  • 26. Direct Connect – Dual Links, Dual CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet `` ` Service Provider Network
  • 27. Direct Connect – Dual Links, Dual CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet ` ` Service Provider Network `
  • 28. Direct Connect – Dual Links, Dual CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet ` ` Service Provider Network ` BGP AS - Y BGP AS - X iBGP between RoutersiBGP between Routers
  • 29. Direct Connect – Dual Links, Dual CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet ` ` Service Provider Network ` - So far so good? - What’s wrong with this topology? - SPoF!
  • 30. Direct Connect – Dual Links, Dual CGW VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location Customer Edge Router 172.16.0.0/16 Customers DC Customer s Subnet ` ` Service Provider Network `
  • 31. Direct Connect – Dual Locations, Dual Links VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location - 1 Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet ` ` Service Provider Network ` AWS Direct Connect Customer Gateway Colocation ` DX Location - 2
  • 32. VPC 1 10.1.0.0/16 AWS Direct Connect Customer Gateway Colocation DX Location - 1 Customer Edge Router 172.16.0.0/16 Customers DC Customers Subnet ` ` ` AWS Direct Connect Customer Gateway Colocation ` DX Location - 2 DirectConnect – Dual Locations, Dual Links, Dual Routers Service Provider Network
  • 33. Multi Account DX VPC 1 10.1.0.0/16 Customer Gateway VLAN320Private VI AWS Direct Connect Ethernet Trunk SVI/Sub 320 IP 169.x.x.2IP 169.x.x.1 BGP AS 65xxxBGP AS 17493 VLAN 320 Colocation
  • 34. Multi-Account Direct Connect Customer Gateway VLAN320 Ethernet Trunk SVI/Sub 320 IP 169.x.x.2 BGP AS 65xxx VPC 1 10.1.0.0/16 Private VI IP 169.x.x.1 BGP AS 17493 VLAN 320 Colocation VPC 2 10.2.0.0/16 IP 169.y.y.1 BGP AS 17493 VLAN 330 VLAN330 SVI/Sub 330 IP 169.y.y.2 BGP AS 65xxx Private VI AWS Direct Connect AWS Account 1
  • 35. Multi-Account Direct Connect Customer Gateway VLAN320 Ethernet Trunk SVI/Sub 320 IP 169.x.x.2 BGP AS 65xxx VPC 1 10.1.0.0/16 Private VI IP 169.x.x.1 BGP AS 17493 VLAN 320 Colocation VPC 2 10.2.0.0/16 IP 169.y.y.1 BGP AS 17493 VLAN 330 VLAN330 SVI/Sub 330 IP 169.y.y.2 BGP AS 65xxx Private VI AWS Direct Connect AWS Account 1 AWS Account 2
  • 36. How to Delegate VI to Another Account. Step 1.
  • 37. Delegate Virtual Interface to Another Account. Step 2.
  • 38. Agenda –  VPN –  Design Patterns •  VPC Design –  Concepts
  • 41. VPC A - 10.0.0.0/16 AvailabilityZoneA AvailabilityZoneB Choose your VPC address range •  Your own private, isolated section of the AWS cloud •  Every VPC has a private IP address space •  That maximum CIDR block you can allocate is /16 •  For example 10.0.0.0/16 – this allows 256*256 = 65,536 IP addresses Select IP addressing strategy •  You can’t change the VPC address space once it’s created •  Think about overlaps with other VPCs or existing corporate networks •  Don’t waste address space, but don’t’ constrain your growth either
  • 42. VPC A - 10.0.0.0/16 AvailabilityZoneA
  • 43. VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 10.0.5.0/2410.0.4.0/24
  • 44. VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 Web Bastio n
  • 45. VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 10.0.5.0/2410.0.4.0/24 EC 2 App “Web servers can connect to app servers on port 8080” Log EC 2 Web Bastion
  • 46. VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 10.0.5.0/2410.0.4.0/24 EC 2 Ap p “Web servers can connect to app servers on port 8080” “Allow outbound connections to the log server” Log EC 2 Web Bastio n
  • 47. VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 10.0.5.0/24 Bastio n 10.0.4.0/24 EC 2 Ap p “Web servers can connect to app servers on port 8080” “Allow outbound connections to the log server” “Allow SSH and ICMP from instances in the Bastion security group” Log EC 2 Web
  • 48. VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 Web Security groups •  Operate at the instance level •  Supports ALLOW rules only •  Are stateful •  Max 50 rules per security group •  Max 5 groups per instance Bastio n
  • 49. VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 Router 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 Web Bastio n
  • 50. VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 Router 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 Web “Deny all traffic between the web server subnet and the database server subnet” Bastio n
  • 51. VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 Router 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 Web Bastio n NACLs are optional •  Applied at subnet level •  Stateless and permit all by default •  ALLOW and DENY •  Applies to all instances in the subnet •  Use as guard rails (port 21, 135,…)
  • 52. VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 Router 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 WebEC 2 Web Elastic Load Balancer Bastio n
  • 53. VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 Router 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 WebEC 2 Web Elastic Load Balancer Bastio n
  • 54. VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 EC 2 10.0.3.0/24 EC 2 Router 10.0.5.0/2410.0.4.0/24 EC 2 Ap p Log EC 2 WebEC 2 WebEC 2 EC 2 Web Elastic load balancers •  Instances can automatically be added and removed from the balancing pool using rules •  You can add instances into security groups at launch time Elastic Load Balancer Auto scalin g Bastio n
  • 55. VPC A - 10.0.0.0/16 AvailabilityZoneA EC 2 EC 2 EC 2 Ap p EC 2 WebEC 2 WebEC 2 EC 2 Web Internet Gateway VPC Router
  • 56. VPC A - 10.0.0.0/16 AvailabilityZoneA EC 2 EC 2 EC 2 Ap p EC 2 WebEC 2 WebEC 2 EC 2 Web Internet Gateway VPC Router Internet routing •  Add route tables to subnets to control Internet traffic flows – these become Public subnets •  Internet Gateway routing allows you to allocate a static Elastic IP address or use AWS-managed public IP addresses to your instance
  • 57. VPC A - 10.0.0.0/16 AvailabilityZoneA EC 2 EC 2 EC 2 Ap p EC 2 WebEC 2 WebEC 2 EC 2 Web Internet Gateway VPC Router Internet routing •  Use a NAT instance to provide Internet connectivity for private subnets - required to access AWS update repositories •  This will also allow back-end servers to route to AWS APIs – for example storing logs on S3, or using Dynamo, SQS, SNS and SWS NA T
  • 58. VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 EC 2 10.0.3.0/24 EC 2 NA T 10.0.4.0/24 EC 2 Ap p EC 2 WebEC 2 WebEC 2 EC 2 Web VPC Router Amazon S3 DynamoDB Amazon SNS Amazon SQS Internet Gateway NA T
  • 59. Agenda –  VPN –  Design Patterns •  VPC Design –  Concepts –  Design Patterns
  • 60. To NACL or not to NACL? Pros Another layer of defense Can speed up deals •  Fits legacy IT models •  Network/FW Engineer’s friend Can help with networking compliance •  Separate groups for SGs/NALCs Explicit deny rules Apply to an entire subnet Cons Adds complexity Can slow down adoption •  Fits legacy IT processes •  DevOps Enemy Potentially not necessary for compliance •  Third-party proactive controls •  SG audits (programmable infra) Stateless FW rules Apply only to subnets/CIDR addresses
  • 62. Routing Instances Love Them NAT instances VPN tunnels (between VPCs) Data loss prevention Intrusion detection Hate Them Single point of failure Extra costs (EC2, third-party licenses) More for customer to manage Potential network bottleneck
  • 64. AWS region Public-facing web app Internal company app What’s next? VPN connection Customer data center Multiple VPCs
  • 66. Multiple VPCs tips and tricks
  • 67. Public-facing web app Internal company app #2 HA pair VPN endpointsCustomer data center Internal company app #3 Internal company app #4 Internal company app #1 Internal company Dev Internal company QA AWS region BackupAD, DNS Monitoring Logging Multiple VPCs over IPSEC VPN
  • 68. About IPSEC and multiple VPCs
  • 69. Public-facing web app Internal company app #2 HA pair VPN endpointsCustomer data center Internal company app #3 Internal company app #4 Internal company app #1 Internal company Dev Internal company QA AWS region BackupAD, DNS Monitoring Logging Multiple VPCs over AWS Direct Connect Direct Connect Facility Customer Data Center Physical Connection Logical Connections VLANs Logical Connections VLANs
  • 70. About AWS Direct Connect and multiple VPCs
  • 71. •  Security groups and NACLs still apply AWS region Public-facing web app Internal company app #1 HA pair VPN endpoints company data center Internal company app #2 Internal company app #3 Internal company app #4 Services VPC Internal company Dev Internal company QA AD, DNS Monitoring Logging •  Security groups still bound to single VPC Multiple VPCs over VPC Peering
  • 73. 10.1.0.0/16 10.0.0.0/16 •  VPCs within same region Peer Request Peer Accept •  Same or different accounts •  IP space cannot overlap •  Only 1 between any 2 VPCs VPC peering configuration
  • 75. 10.0.0.0/16 10.0.0.0/16 PCX-1 PCX-2 Subnet 1 10.1.1.0/24 Subnet 2 10.1.2.0/24 10.1.0.0/16 Route Table Subnet 1 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-1 Route Table Subnet 2 Destination Target 10.1.0.0/16 local 10.0.0.0/16 PCX-2 A B C
  • 80. Peer review •  Shared infrastructure services moved to VPC •  1 to 1 peering = app isolation •  Security groups and NACLs still apply AWS region Public-facing web app Internal company app #1 HA pair VPN endpoints company data center Internal company app #2 Internal company app #3 Internal company app #4 Services VPC Internal company Dev Internal company QA AD, DNS Monitoring Logging •  Security groups still bound to single VPC Multiple accounts
  • 81. About VPC peering and multiple VPCs
  • 83. Model 2: “Shared Services Model”
  • 84. Model 3: “HIPS Model”
  • 85. Scenario #4 – “Threat Layer Model”
  • 86. Model 5: “NIDS Model”
  • 87. Model 6: “Hybrid Model”
  • 89. Agenda –  VPN –  Design Patterns •  VPC Design –  Concepts –  Design Patterns •  Security Pro Tips
  • 90. MFA
  • 93. CloudTrail – Log & monitor these! •  API actions with potential impact –  Internet Gateway –  Routes and Route Tables –  Network ACLs –  EC2 instances (run/create/launch/terminate) –  Security Groups –  CloudTrail (stop/delete/update) –  Put[Group/Role/User]Policy –  ModifyAccount –  ModifyBilling, ModifyPaymentMethods –  "Type":"Root" –  Create[User/Role/Group] –  CreateAccessKey
  • 94. Continuous Change Recording Changing Resources AWS Config History Stream Snapshot (ex. 2014-11-05) AWS Config
  • 96. segregate duties With  AWS  IAM  you  get  to  control  who  can  do   what  in  your  AWS  environment  and  from  where     Fine-­‐grained  control  of  your  AWS  cloud  with  two-­‐ factor  authen;ca;on     Integrated  with  your  exis;ng  corporate  directory   using  SAML  2.0  and  single  sign-­‐on   AWS account owner Network management Security management Server management Storage management
  • 97. DDoS Protection Inbound HTTP CloudFront Amazon S3 WAFDynamic App App AppPeering DDoS users