Networking & Content Delivery

Overview

AWS networking services provide isolation, connectivity, traffic management, and content delivery for cloud workloads.

Amazon VPC (Virtual Private Cloud):

• Logically isolated virtual network in AWS. You define IP address ranges, subnets, route tables, and gateways.
• Public Subnet — Has a route to an Internet Gateway; resources can be accessed from the internet.
• Private Subnet — No direct internet access; uses NAT Gateway for outbound traffic.
• Internet Gateway (IGW) — Enables bidirectional internet access for resources with public IPs.
• NAT Gateway — Allows private subnet resources to initiate outbound internet traffic; blocks inbound.
• Security Groups — Stateful virtual firewall at the instance/ENI level; ALLOW rules only; return traffic auto-permitted.
• Network ACLs (NACLs) — Stateless firewall at the subnet level; support ALLOW and DENY rules; evaluated in order.
• VPC Peering — Private networking between two VPCs (same or different accounts/regions).
• VPC Endpoints — Private connection to AWS services without internet gateway or NAT.

DNS & Routing:

• Amazon Route 53 — Managed DNS service; supports routing policies: Simple, Weighted, Latency-based, Failover, Geolocation, Geoproximity.
• Amazon CloudFront — Global CDN; caches content at 400+ edge locations; reduces latency; integrates with WAF and Shield.

Connectivity:

• AWS Site-to-Site VPN — Encrypted IPSec tunnel over the public internet between on-premises and AWS VPC.
• AWS Direct Connect — Dedicated private fiber connection from your data center to AWS; bypasses internet; consistent performance.
• AWS Global Accelerator — Routes traffic through AWS's private backbone; improves availability and performance; provides static IPs.

API Management:

• Amazon API Gateway — Managed service to create, publish, and secure REST, HTTP, and WebSocket APIs.

Practice Linked Questions