There's more...

Actually, there's a lot more. Despite the amount of code in this recipe, we've really only covered the basics of what's possible with VPCs and networking in AWS. Here are some of the main VPC topics you'll encounter as you progress with your VPC usage:

  • Direct Connect: This is a method of connecting your DC to your VPC using a private, dedicated pipe. Doing this often provides better network performance, and may also be cheaper than a VPN connection over the Internet.
  • Virtual Private Gateway (VPN): You can configure your VPC to connect to your corporate DC over the Internet via VPN. This requires that you run supported VPN hardware in your DC.
  • IPv6 support was added recently. We've left it out to keep things simple.
  • VPC endpoints: This feature exposes AWS endpoints inside your VPC so that you don't have to route traffic over public Internet to consume them. Only S3 is supported at the time of writing.
  • VPC peering: You can peer a VPC to one or more VPCs so that (unencrypted) traffic can flow between them. The IP ranges must not clash and, while the peering is free, you will still need to pay for traffic between VPCs. Transitive peering isn't supported, so if you need traffic to traverse VPCs you'll require a VPN/routing appliance of some kind. Cross-account VPC peering is supported (we use this feature quite often), but cross-region peering isn't yet available.
  • VPC sizing:
    • IPv4: You can deploy networks between sizes /28 and /16.
    • IPv6: Your VPCs will be fixed in size at /56.
    • Once your VPC has been deployed you can't change its size. If you run out of IP space, your only option is to deploy a larger VPC and migrate everything (ouch!), or you can perhaps mitigate your problem with VPC peering. 
  • VPC flow-logs: You will want to enable VPC flow-logs in order to monitor traffic and do any kind of network debugging.
  • Multicast traffic isn't supported.
  • Subnets must reside in a single availability zone; they can't span Availability Zones.
  • Elastic Load Balancers (ELBs) can scale out to use a lot of private IP addresses if you are sending a large amount of traffic through them. Keep this in mind when you're sizing your subnets.
  • The number of VPCs you can deploy is limited to five per region, per account. You can request to increase this limit if necessary. Internet gateways have the same limit, and increasing one limit increases the other.
  • The default VPC:
    • First and foremost, the default VPC is created automatically for you when you create your account. It has some different properties and behaviors to the VPCs you create for yourself.
    • If you try to launch an EC2 instance without specifying a subnet ID, AWS will attempt to launch it in your default VPC.
    • It consists of only public subnets. These subnets are configured to provide a public IP address to all instances by default.
    • It's possible to delete the default VPC in a region. If you do this by mistake, or have simply decided that you'd like to undo this action, you'll need to log a support ticket with AWS to have them create a new one for you.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.149.233.62