- 1. VPC Access
- a. VPN
- i. Hardware-based VPN
- 1. Types of VPN
- a. Client-to-Site: Users that are getting access to corporate resources
- b. Site-to-Site: Corporate office connecting to another corporate office but using the internet
- c. Private Connection (e.g. MPLS): usually don’t have encryption on it
- 2. When you setup a hardware-based VPN is by default AWS side will be configured for port-redundancy
- a. You still need two routers, two internet connections on the client side to take advantage of it
- 1. Types of VPN
- ii. Direct Connect
- 1. Direct connection between co-location host and AWS. Your datacenter will connect to the co-location host.
- 2. Co-location facility is required to make this work. Need to have AWS present within the datacenter or direct-connect provider agreement with AWS.
- 3. Low latency, high speed connection to AWS. 2ms.
- 4. Your equipment will need to be installed there.
- 5. You need to connect your data center to this co-location provider
- a. Over the internet
- b. Over Private Connection to the co-location provider
- 6. By default, does not have port redundancy. Best practice is that you get two ports.
- 7. Setup
- a. Locations will be impacted by the region you are in
- b. Requires further action from the co-location provider
- i. Hardware-based VPN
- b. Gateways
- i. Internet Gateway
- 1. Connection is going through the internet
- ii. Virtual Private Gateway
- 1. AWS side of the gateway configuration
- 2. Create the VPG then attach to the VPC.
- 3. Remote Access VPN, To you need to deploy an instance
- a. RAS or something else to enable remote connectivity
- 4. When setting up the VPN you need to select (or create) a Customer Gateway
- a. You also specify Dynamic or static routing options
- 5. The status will show down on AWS until you configure on premise to accept connections
- 6. You can download configuration for some of the more popular VPN vendors.
- iii. Customer Gateway
- 1. Configured on the customer-side of the gateway configuration
- 2. Dynamic going with BGP, static is typically more common
- 3. Public IP Address of your data center
- i. Internet Gateway
- a. VPN
- 2. VPC Peering
- a. No transitive peering
- b. Same or different accounts
- c. No overlapping network addresses
- d. Setup
- i. Once you create a VPC peering it will submit a request. The other VPC owner needs to accept the request in order to create the peering
Pingback: AWS Certified SysOps Administrator Exam: Study Guide | Sky Cliffs