AWS Certified SysOps Administrator Part III: VPC Access & VPC Peering


  • 1. VPC Access
    • a. VPN
      • i. Hardware-based VPN
        • 1. Types of VPN
          • a. Client-to-Site: Users that are getting access to corporate resources
          • b. Site-to-Site: Corporate office connecting to another corporate office but using the internet
          • c. Private Connection (e.g. MPLS): usually don’t have encryption on it
        • 2. When you setup a hardware-based VPN is by default AWS side will be configured for port-redundancy
          • a. You still need two routers, two internet connections on the client side to take advantage of it
      • ii. Direct Connect
        • 1. Direct connection between co-location host and AWS. Your datacenter will connect to the co-location host.
        • 2. Co-location facility is required to make this work. Need to have AWS present within the datacenter or direct-connect provider agreement with AWS.
        • 3. Low latency, high speed connection to AWS. 2ms.
        • 4. Your equipment will need to be installed there.
        • 5. You need to connect your data center to this co-location provider
          • a. Over the internet
          • b. Over Private Connection to the co-location provider
        • 6. By default, does not have port redundancy. Best practice is that you get two ports.
        • 7. Setup
          • a. Locations will be impacted by the region you are in
          • b. Requires further action from the co-location provider
    • b. Gateways
      • i. Internet Gateway
        • 1. Connection is going through the internet
      • ii. Virtual Private Gateway
        • 1. AWS side of the gateway configuration
        • 2. Create the VPG then attach to the VPC.
        • 3. Remote Access VPN, To you need to deploy an instance
          • a. RAS or something else to enable remote connectivity
        • 4. When setting up the VPN you need to select (or create) a Customer Gateway
        • a. You also specify Dynamic or static routing options
        • 5. The status will show down on AWS until you configure on premise to accept connections
        • 6. You can download configuration for some of the more popular VPN vendors.
      • iii. Customer Gateway
        • 1. Configured on the customer-side of the gateway configuration
        • 2. Dynamic going with BGP, static is typically more common
        • 3. Public IP Address of your data center
  • 2. VPC Peering
    • a. No transitive peering
    • b. Same or different accounts
    • c. No overlapping network addresses
    • d. Setup
      • i. Once you create a VPC peering it will submit a request. The other VPC owner needs to accept the request in order to create the peering

One thought on “AWS Certified SysOps Administrator Part III: VPC Access & VPC Peering

  1. Pingback: AWS Certified SysOps Administrator Exam: Study Guide | Sky Cliffs

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s