crear un centro de datosvirtual enaws - amazon s3€¦ · damiánarregui, solutions architect, aws...
TRANSCRIPT
![Page 1: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/1.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Damián Arregui, Solutions Architect, AWS
Jueves 1ro de Junio 2016
Crear un centro de datos virtual en AWSFundamentos de VPC y opciones de conectividad
![Page 2: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/2.jpg)
EC2 instance
![Page 3: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/3.jpg)
172.31.0.128
172.31.0.129
172.31.1.24
172.31.1.27
54.4.5.6
54.2.3.4
VPC
![Page 4: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/4.jpg)
What to Expect from the Session
• Get familiar with VPC concepts• Walk through a basic VPC setup• Learn about the ways in which you
can tailor your virtual network to meet your needs
![Page 5: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/5.jpg)
Walkthrough: Setting Up an Internet-Connected VPC
![Page 6: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/6.jpg)
Creating an Internet-Connected VPC: Steps
Choosing an address range
Setting up subnets in Availability Zones
Creating a route to the Internet
Authorizing traffic to/from the VPC
![Page 7: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/7.jpg)
Choose address ranges
![Page 8: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/8.jpg)
CIDR Notation Review
CIDR range example:
172.31.0.0/161010 1100 0001 1111 0000 0000 0000 0000
![Page 9: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/9.jpg)
Choosing IP Address Ranges for Your VPC
172.31.0.0/16
Recommended: RFC1918 range
Recommended: /16
(64K addresses)
![Page 10: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/10.jpg)
Set up subnets
![Page 11: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/11.jpg)
Choosing IP Address Ranges for Your Subnets
172.31.0.0/16
Availability Zone Availability Zone Availability ZoneVPC subnet VPC subnet VPC subnet
172.31.0.0/24 172.31.1.0/24 172.31.2.0/24
eu-west-1a eu-west-1b eu-west-1c
![Page 12: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/12.jpg)
Auto-assign Public IP:All instances will get an automatically assigned public IP
![Page 13: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/13.jpg)
More on Subnets
• Recommended for most customers:• /16 VPC (64K addresses)• /24 subnets (251 addresses)• One subnet per Availability Zone
• When might you do something else?
![Page 14: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/14.jpg)
Create a route to the Internet
![Page 15: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/15.jpg)
Routing in Your VPC
• Route tables contain rules for which packets go where
• Your VPC has a default route table• …but you can assign different route tables
to different subnets
![Page 16: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/16.jpg)
Traffic destined for my VPC stays in my VPC
![Page 17: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/17.jpg)
Internet Gateway
Send packets here if you want them to reach the Internet
![Page 18: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/18.jpg)
Everything that isn’t destined for the VPC:Send to the Internet
![Page 19: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/19.jpg)
Authorizing traffic:Network ACLs,Security groups
![Page 20: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/20.jpg)
Network ACLs = Stateless Firewall Rules
English translation: Allow all traffic in
Can be applied on a subnet basis
![Page 21: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/21.jpg)
Security Groups Follow the Structure of Your Application
“MyWebServers” security group
“MyBackends” security group
Allow only “MyWebServers”
![Page 22: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/22.jpg)
Security Groups = Stateful Firewall
In English: Hosts in this group are reachable from the Internet on port 80 (HTTP)
![Page 23: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/23.jpg)
Security Groups = Stateful Firewall
In English: Only instances in the MyWebServerssecurity group can reach instances in this security group
![Page 24: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/24.jpg)
Security Groups in VPCs: Additional Notes
• VPC allows creation of egress as well as ingress security group rules
• Best practice: Whenever possible, specify allowed traffic by reference (other security groups)
• Many application architectures lend themselves to a 1:1 relationship between security groups (who can reach me) and IAM roles (what I can do).
![Page 25: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/25.jpg)
Connectivity Options For VPCs
![Page 26: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/26.jpg)
Beyond Internet Connectivity
Subnet routing options Connecting to your corporate network
Connecting to other VPCs
![Page 27: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/27.jpg)
Routing on a subnet basis:Internal-facing subnets
![Page 28: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/28.jpg)
Different Route Tables for Different Subnets
VPC subnet
VPC subnet
Has route to Internet
Has no route to Internet
![Page 29: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/29.jpg)
Internet Access via NAT Gateway
VPC subnet VPC subnet
0.0.
0.0/
0
0.0.0.0/0
Public IP: 54.161.0.39
NAT Gateway
![Page 30: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/30.jpg)
Connecting to other VPCs:VPC Peering
![Page 31: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/31.jpg)
Shared Services VPC Using VPC Peering
Common/core services• Authentication/directory• Monitoring• Logging• Remote administration• Scanning
![Page 32: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/32.jpg)
VPC Peering
VPC Peering
172.31.0.0/16 10.55.0.0/16
Orange security group Blue security group
ALLOW
![Page 33: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/33.jpg)
Steps to Establish Peering: Initiate Request
172.31.0.0/16 10.55.0.0/16
Step 1
Initiate peering request
![Page 34: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/34.jpg)
Steps to Establish Peering: Initiate Request
![Page 35: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/35.jpg)
Steps to Establish Peering: Accept Request
172.31.0.0/16 10.55.0.0/16
Step 1
Initiate peering request
Step 2
Accept peering request
![Page 36: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/36.jpg)
Steps to Establish Peering: Accept Request
![Page 37: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/37.jpg)
Steps to Establish Peering: Create Route
172.31.0.0/16 10.55.0.0/16Step 1
Initiate peering request
Step 2
Accept peering request
Step 3
Create routes
In English: Traffic destined for the peered VPC should go to the peering
![Page 38: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/38.jpg)
Connecting to your network:Virtual private network &Amazon Direct Connect
![Page 39: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/39.jpg)
Extend your own network into your VPC
VPN
Direct Connect
![Page 40: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/40.jpg)
VPN: What you need to know
Customer gateway
Virtual gateway
Two IPSec tunnels
192.168.0.0/16 172.31.0.0/16
192.168/16
Your networking device
![Page 41: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/41.jpg)
Routing to a Virtual Private Gateway
In English: Traffic to my 192.168.0.0/16 network goes out the VPN tunnel
![Page 42: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/42.jpg)
VPN vs Direct Connect
• Both allow secure connections between your network and your VPC
• VPN is a pair of IPSec tunnels over the Internet
• Direct Connect is a dedicated line with lower per-GB data transfer rates
• For highest availability: Use both
![Page 43: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/43.jpg)
DNS in a VPC
![Page 44: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/44.jpg)
VPC DNS Options
Use Amazon DNS server
Have EC2 auto-assign DNS hostnames to instances
![Page 45: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/45.jpg)
EC2 DNS Hostnames in a VPC
Internal DNS hostname: Resolves to Private IP address
External DNS name: Resolves to…
![Page 46: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/46.jpg)
EC2 DNS Hostnames Work From Anywhere:Outside Your VPCC:\>nslookup ec2-52-18-10-57.eu-west-1.compute.amazonaws.comServer: globaldnsanycast.amazon.comAddress: 10.4.4.10
Non-authoritative answer:Name: ec2-52-18-10-57.eu-west-1.compute.amazonaws.comAddress: 52.18.10.57
Outside your VPC:PublicIP address
![Page 47: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/47.jpg)
EC2 DNS Hostnames Work From Anywhere:Inside Your VPC[ec2-user@ip-172-31-0-201 ~]$ dig ec2-52-18-10-57.eu-west-1.compute.amazonaws.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.38.amzn1 <<>> ec2-52-18-10-57.eu-west-1.compute.amazonaws.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36622;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:;ec2-52-18-10-57.eu-west-1.compute.amazonaws.com. IN A
;; ANSWER SECTION:ec2-52-18-10-57.eu-west-1.compute.amazonaws.com. 60 IN A 172.31.0.137
;; Query time: 2 msec;; SERVER: 172.31.0.2#53(172.31.0.2);; WHEN: Wed Sep 9 22:32:56 2015;; MSG SIZE rcvd: 81
Inside your VPC:Private IP address
![Page 48: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/48.jpg)
Route 53 Private Hosted Zones
• Control DNS resolution for a domain and subdomains
• DNS records take effect only inside associated VPCs
• Can use it to override DNS records “on the outside”
![Page 49: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/49.jpg)
Creating a Route 53 Private Hosted Zone
Private hosted zone
Associated with one or more VPCs
![Page 50: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/50.jpg)
Creating a Route 53 DNS Record
Private Hosted Zoneexample.demohostedzone.org à
172.31.0.99
![Page 51: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/51.jpg)
Querying Private Hosted Zone Records
https://aws.amazon.com/amazon-linux-ami/2015.03-release-notes/[ec2-user@ip-172-31-0-201 ~]$ dig example.demohostedzone.org
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.38.amzn1 <<>> example.demohostedzone.org;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26694;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:;example.demohostedzone.org. IN A
;; ANSWER SECTION:example.demohostedzone.org. 60 IN A 172.31.0.99
;; Query time: 2 msec;; SERVER: 172.31.0.2#53(172.31.0.2);; WHEN: Wed Sep 9 00:13:33 2015;; MSG SIZE rcvd: 60
![Page 52: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/52.jpg)
And so much more
![Page 53: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/53.jpg)
Managed NAT Gateway
![Page 54: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/54.jpg)
VPC Endpoints: S3 Without an Internet Gateway
![Page 55: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/55.jpg)
VPC Flow Logs: See All Your Traffic
Visibility into effects of security group rulesTroubleshooting network connectivityAbility to analyze traffic
![Page 56: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/56.jpg)
Example records
Inbound SSH traffic allowed
2 123456789010 eni-abc123de 172.168.1.12 172.168.1.11 20641 226 20 4249 1438530010 1438530070 ACCEPT OK
![Page 57: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/57.jpg)
Example records (cont.)
Inbound RDP traffic denied
2 123456789010 eni-abc123de 172.168.1.12 172.168.1.11 49761 33896 1 231 1439530000 1439530060 REJECT OK
![Page 58: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/58.jpg)
… Whether or not you’re a networking expert
172.31.0.128
172.31.0.129
172.31.1.24
172.31.1.27
54.4.5.6
54.2.3.4
Manage your network like a boss…
![Page 59: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/59.jpg)
Building on these fundamentals…
![Page 60: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/60.jpg)
ProviderMPLSNetwork
VPCVPC
VPC
VPC
EU-West-1 region
London DX
US-West-2 region
Seattle DX
AP-Northeast-1 region
Tokyo DX
VPC
VPC
VPCVPC
VPC
VPC
VPCBranch
HQ
Branch Branch
![Page 61: Crear un centro de datosvirtual enAWS - Amazon S3€¦ · DamiánArregui, Solutions Architect, AWS Jueves1ro de Junio2016 Crear un centro de datosvirtual enAWS Fundamentos de VPC](https://reader033.vdocuments.site/reader033/viewer/2022042314/5f02e9857e708231d406a059/html5/thumbnails/61.jpg)
¡Gracias!