Popular Tags:

AWS Access Management

January 10, 2018 at 10:30 pm

In the AWS Certified Cloud Practitioner course at CBT Nuggets, trainer Anthony Sequeira will help you understand the fundamentals of AWS Cloud, including concepts crucial to the deployment and operation of this platform. Learn about key services, basic security aspects, and administrative components, while preparing for Amazon’s Certified Cloud Practitioner exam. This example Nugget from the course covers Access Management topics in the scope of the exam.

3.5.b EIGRP Neighbor Relationships

January 10, 2018 at 9:56 pm
You need to login to view this content. Please . Not a Member? Join Us

VPC Peerings in AWS

January 10, 2018 at 12:59 am

VPC Peerings

An often overlooked feature with VPCs in AWS is your ability to create peering relationships between them. AWS calls this, appropriately, VPC Peerings. These objects permit you to route traffic between VPCs and offer the following killer features:

  • You can route traffic between your own VPCs
  • You can route traffic between your VPC and a VPC in another AWS account
  • Some regions even support an inter-region VPC Peering connection
  • The VPC Peering is not physical hardware, it is not a gateway or VPN connection; this ensures high availability for the peering using the global infrastructure of AWS

The steps you perform for the creation of a VPC Peering are simple:

  1. Request the peering from a Requestor VPC to an Acceptor VPC
  2. Once the Peering is accepted, manually add the routes you desire to the routing tables in the two VPCs
  3. Modify Security Groups appropriately to permit the desired access to resources across the VPCs

There are important restrictions to keep in mind for intra-region VPC Peerings:

  • The CIDR ranges cannot overlap
  • There is a limit to the overall number of VPC Peerings you can have; this is a soft limit that you can contact AWS about of course
  • You cannot have more than one VPC Peering between two VPCs
  • They do support Placement Groups with some limitations
  • There is no Unicast Reverse Path Forwarding security protections permitted

The restrictions for inter-region VPC Peerings are as follows:

  • The Security Groups cannot reference each other across the regions
  • DNS will not function across the regions seamlessly like within a region
  • IPv6 communications are not supported in this design
  • The MTU is 1500
  • Inter-region VPC Peerings are limited to only certain regions currently

3.5.a EIGRP Intro and Packet and Route Types

January 9, 2018 at 4:51 pm
You need to login to view this content. Please . Not a Member? Join Us

Route 53 in AWS

January 8, 2018 at 10:36 pm

Route 53

A key networking element to AWS is the DNS service named Route 53. Remember, DNS is how we resolve IP addresses to domain names. For example – we access www.yahoo.com by typing that friendly name in a Web browser. Behind the scenes, DNS finds the correct IP address for this name. Think of DNS as a massive phone book. This phone book is distributed to servers all over the globe to ensure resolution can always occur. Hopefully.

It is no surprise that AWS offers a DNS service. After all, AWS has networks all over the world already. They also want to make sure they can provide DNS names to customers for their resources they build in the cloud.

Here are fun facts that you should know about Route 53:

  • It is completely compliant with IPv6
  • While Route 53 makes it easy to access resources inside of your AWS infrastructure, you could also use it to provide resolution for resources you have outside of their cloud
  • Route 53 is capable of DNS health checks so you can ensure traffic is sent to healthy nodes in your infrastructure
  • Amazon Route 53 Traffic Flow makes it easy for you to manage traffic globally through a variety of routing types, including Latency Based Routing, Geo DNS, Geoproximity, and Weighted Round Robin—all of which can be combined with DNS Failover in order to enable a variety of low-latency, fault-tolerant architectures
  • Route 53 also offers domain name registrations, so if you need a domain name for your organization, you do not have to shop beyond AWS for this service
  • Private DNS services are possible if you want to use the name resolution inside private VPC structures without advertising names to the public Internet
  • Route 53 supports redirection, so you can redirect traffic destined for one domain to another without explicitly impacting the clients
  • S3 Zone Apex support now exists – this makes it possible to permit access to your website using just the domain name – for example, http://abcompany.com

AWS Cloud Practitioner at CBT Nuggets

.75.1 Lab Exam Strategies; Config Section- Core vs Non-Core Tasks

January 8, 2018 at 10:15 am
You need to login to view this content. Please . Not a Member? Join Us

A Default VPC in AWS

January 7, 2018 at 7:03 pm

VPC

Amazon tries to lower your barrier to entry when it comes to quickly making resources available via the cloud. As such, you are built a nice default VPC. This post walks you through what is created for you.

  • The default VPC itself – there is a unique ID associated with this for identification and a CIDR range (172.31.0.0/16)
  • Subnets – you get a subnet in each of your Availability Zones; these subnets are publicly reachable; they are /20 and feature 4091 available addresses
  • Route Table – there is a route table constructed for you; it directs 172.31.0.0/16 to stay local, and there is a default route (0.0.0.0/0) directing traffic to an Internet Gateway constructed for you
  • Internet Gateway – this allows your default VPC resources to reach the outside world
  • DHCP Options Set – there is an entry done for you which contains the domain name associated with your default VPC
  • Network ACL – there is a Network ACL associated with all three of your subnets; it is completely permissive by default; it allows all traffic inbound and all traffic outbound
  • Security Group – there is a default security group created for you; it is restrictive in nature in that it permits no traffic inbound

Note there are plenty of other VPC components available for your default VPC, but you would need to configure them. These components include:

  • Egress only Internet Gateways
  • Elastic IPs
  • Endpoints
  • Endpoint Services
  • NAT Gateways
  • Peering Connections
  • Customer Gateways
  • Virtual Private Gateways
  • VPN Connections

CCIERS

1.1.a IOS XE Flash Cards

January 7, 2018 at 8:33 am
You need to login to view this content. Please . Not a Member? Join Us