1. Amazon VPC(Virtual Private Cloud) AWS Black Belt Tech Webinar 2014 ()

2. Agenda VPC VPC [] VPC Peering VPC Q&A 3. Agenda VPC VPC [] VPC Peering VPC Q&A 4. AWS EBS, S3, Glacier, Storage Gateway CloudFront VPC, Route 53, Direct Connect IAM, CloudTrail, CloudHSM Cloud Watch Web Management Console Elastic Beanstalk, Cloud Formation, OpsWorks CLI & SDKs Java, PHP, .NET, Python, Ruby AZRegion RDS, DynamoDB,Redshift, ElastiCache Elastic MapReduce, Kinesis, Data Pipeline AppStream, Cloud Search, SWF, SQS, SES, SNS, Elastic Transcoder EC2, Auto Scaling, Elastic Load Balancing, Workspaces 5. VPC Local IP Address 1EC2IP 6. VPC VPC CIDR / Subnet Route Table Internet Gateway(IGW) VPC Security Group(and DB Security Group) Network Access Control List (NACL) NAT EC2 Dedicated Instance Elastic Network Interface Virtual Private Network (VPN) VPC Peering 7. Amazon VPC AWS VPNAWS AWS 8. AWS AWS EC2 VPC Internet VPC VPN VPN DX 9. VPC3Web VPC 10.0.0.0/16 Availability Zone - B Availability Zone - A Internet Anyone Internet Gateway Public Subnet 10.0.0.0/24 Public Subnet 10.0.2.0/24 Private Subnet 10.0.1.0/24 Private Subnet 10.0.3.0/24 Amazon RDS Amazon RDS Web 10.0.0.7 EC2 Instance EC2 Instance Web 10.0.2.7 Corporate data center Customer Office DB DB DC/ VPN DX 10. Classic EC2/Default VPC/VPC Elastic IP Public IP Private IPClassic EC2EC2 Elastic IP Public IP Private IPDefault VPCEC2Default Subnet Elastic IP Public IP Private IPVPCEC2SubnetNon Default VPCDefault VPC 11. default VPC EC2Account Attributes Non-Default VPCDefault VPC 12. AWSIP Elastic IP IP Stop/Start Public IP Public IP Stop/StartIP Private IP IP EC2IP Stop/StartIP Elastic IP Public IP Private IPEC2Subnet 13. Agenda VPC VPC [] VPC Peering VPC Q&A 14. VPC VPC CIDR / Subnet Route Table Internet Gateway(IGW) VPC Security Group Network Access Control List (NACL) NAT EC2 Dedicated Instance Elastic Network Interface Virtual Private Network (VPN) 15. VPC CIDRSubnet Subnet: 10.0.1.0/24 VPC 10.0.0.0/16 Web Server Web Server Subnet: 10.0.2.0/24 CIDRIP Addressxxx.xxx.xxx.xxx/1665,534xxx.xxx.xxx.xxx/204,094xxx.xxx.xxx.xxx/24254xxx.xxx.xxx.xxx/2814VPC 16. Route Table SubnetRoute Table Public SubnetRoute Table Private SubnetRoute Table IGW(Internet Gateway) 17. Route TableInternet Gateway Public Subnet VPC 10.0.0.0/16 Web Server Private Subnet Web Server Destination Target 10.0.0.0/16 Local 0.0.0.0/0 igw-xxxxx Destination Target 10.0.0.0/16 Local IGWRouting Internet Gateway Internet OKOKNG 18. NAT Private Subnet S3, Route53, DynamoDB, SES, SQSVPCAWS NAT InstanceGlobal IP(Elastic IP, Public IP) AWSNATEC2 AMI 19. NAT Public Subnet VPC 10.0.0.0/16 Web Server Private Subnet Web Server Destination Target 10.0.0.0/16 Local 0.0.0.0/0 igw-xxxxx Destination Target 10.0.0.0/16 Local 0.0.0.0/0 NAT IGWRouting Internet Gateway Internet NAT OKNG 20. VPC Security Group NACL(Network Access Control List) Instance In/Out Subnet In/Out 21. VPC Security Group Security Group EC2 Instance Port 22 (SSH) Port 80 (HTTP) VPC(Inbound) EC2 (Outbound) 22. NACL(Network Access Control) Subnet Inbound, Outbound Inbound Port range() Source(IP) Allow/Deny Outbound Port range() Destination(IP) Allow/Deny 23. DNS Settings VPCDNS " Enable DNS resolution. true FalseVPCDNS " Enable DNS hostname support for instances launched in this VPC. TrueDNS Enable DNS resolutiontrue 24. EC2 Dedicated Instance A EC2 B C A B C Dedicated Instance VPC 25. Elastic Network Interfaces VPC ENI Private IP Elastic IP MAC 26. Elastic Network Interfaces " http://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/using-eni.html 27. VPN (Virtual Private Network) AWSVPC BGPVPN Router IPsec VPN IPsec AES 128 bit BGP (Border gateway protocol) URL 28. VPN (Virtual Private Network) VPN Connection IGW Corporate Data center VPC Subnet VPN Gateway VPN Gateway VPCCustomer Gateway Global IPAS Customer GatewayVPN ConnectionVPN Connection Configuration VPN RouterVPN Router 29. Public subnet + Private subnet + VPN GW Public Subnet VPC 10.0.0.0/16 Web Server Private Subnet Web Server Destination Target 10.0.0.0/16 Local 0.0.0.0/0 igw-xxxxx Destination Target 10.0.0.0/16 Local 172.16.0.0/16 VGW IGW OK NGVGW Corporate = 172.16.0.0/16 30. [] VPC VPC CIDR / Subnet Route Table Internet Gateway(IGW) VPC Security Group Network Access Control List (NACL) NAT EC2 Dedicated Instance Elastic Network Interface Virtual Private Network (VPN) 31. Agenda VPC VPC [] VPC Peering VPC Q&A 32. VPC Peering VPCPeering VPCPrivate IP AWSVPCAWS VPCPeering 33. VPC Peering VPC 10.0.0.0/16 Web Server Destination Target 10.0.0.0/16 Local VPC 11.0.0.0/16 Web Server Destination Target 11.0.0.0/16 Local 34. VPC Peering Step1 - Peering Connections VPC Peering Connections Create VPC Peering Connection 35. VPC Peering Step1 - Peering Connections PeeringAWS VPC VPC VPC VPCVPC My accountPeeringVPCVPC Another accountAccount ID VPC ID 36. VPC Peering Step1 - Peering Connections Peering Connection ConsoleStatusPending1 37. VPC Peering Step1 - Peering Connections 2VPCIP 38. VPC Peering Step1 - Peering Connections Peering Connection Accept request Peering Connection 39. VPC Peering Step1 - Peering Connections VPC 10.0.0.0/16 Web Server Destination Target 10.0.0.0/16 Local Destination Target 11.0.0.0/16 Local VPC 11.0.0.0/16 Web Server pcx-12345 40. VPC Peering Step2 - Route Table Route Table DestinationCIDRTargetPeering ConnectionID pcx-XXXXXXX VPCRoute 41. VPC Peering Step2 - Route Table VPC 10.0.0.0/16 Web Server Destination Target 10.0.0.0/16 Local 11.0.0.0/16 pcx-12345 VPC 11.0.0.0/16 Web Server Pcx-12345Destination Target 11.0.0.0/16 Local 10.0.0.0/16 pcx-12345 42. VPC Peering http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/peering-scenarios.html 43. VPC Peering IP AddressVPCPeering PeeringVPCRegion 2Routing PeeringVPCGlobal IP Global IP AWS Solution Architect http://aws.typepad.com/sajp/2014/04/vpc-peering-tips.html 44. Agenda VPC VPC [] VPC Peering VPC Q&A 45. Tag TagVPC 46. Public IP EC2Public IP " Elastic IP Global IP " IPElastic IP 47. DHCP options sets VPCDHCP " domain-name " domain-name-servers DNS " ntp-servers NTP " netbios-name-servers NetBIOS " netbios-node-type NetBIOS http://docs.aws.amazon.com/ja_jp/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html 48. VPC Limits () http://docs.aws.amazon.com/ AmazonVPC/latest/UserGuide/ VPC_Appendix_Limits.html Web http://aws.amazon.com/jp/contact-us/ vpc-request/ AWS 49. VPC VPC VPC Peering Connection VPN Connection 1 $0.05/VPN (13800) 50. VPC PeeringVPC VPCAWS Security GroupNACL, Routing TableVPC AWS VPNDirect Connect(DX)Peering Connection AWS 51. Appendix Amazon VPC Documents http://aws.amazon.com/jp/documentation/vpc/ Amazon VPC http://aws.amazon.com/jp/vpc/ Amazon VPC FAQ http://aws.amazon.com/jp/vpc/faqs/ 52. Webinar AWS http://aws.amazon.com/jp/aws-jp-introduction/ 53.