4.64 out of 5
48 reviews on Udemy

AWS Networking in depth: Learn practically in 5 hours

Amazon Web Services (AWS) Networking from basics to advanced with 12 simple to complex real life hands on exercises
Chetan Agrawal
301 students enrolled
Networking in AWS - Basic to Advanced Networking concepts by doing hands on exercises
Whiteboard sessions to see how various networking components work together
Understand how to secure your infrastructure by using appropriate Virtual Private Cloud (VPC) components and firewalls
AWS Public and Private Network connectivity options and their implementation
In depth understanding of VPC, CIDR, Subnets, Route Tables, Security Groups, NACL, NAT Gateway, NAT Instance, VPC Peering, VPC Endpoint, VPC PrivateLink, VPN connection, Direct Connect, Route53 Failover

This course aims to build the complete understanding of Amazon Web Services (AWS) Networking from ground up where students will understand the networking core concepts by doing exercises on their own.

This course contains 2 sections. First section is about Understanding AWS Networking where I have explained starting from very basics the AWS VPC, VPC components and Private connectivity options in AWS . If you are already aware of AWS networking components, then you may want to skip this section and jump directly to hands on exercises section.

1. Understanding AWS Networking in depth

  • Physical on premises networking vs AWS VPC

  • Getting familiar with AWS VPC terminologies – VPC, Subnets, Route tables, Internet Gateway, Security Group, Network ACL

  • Understanding VPC CIDR

  • Understanding Subnets and Route Tables

  • Public Subnet vs Private Subnet

  • Understanding NAT (Network Address Translation) Concept

  • NAT Gateway and NAT instance

  • AWS Private Connectivity options

  • Understanding VPC Peering

  • VPC Endpoint and Privatelink for private connectivity to AWS Services

  • VPN connection

  • Direct Connect

2. AWS Networking Hands on exercises (Basics to Advance)

  1. Create VPC with single public subnet, launch EC2 instance and connect over internet

  2. Create VPC with Pubic and Private subnet, connect to EC2 instance in Private subnet via EC2 instance in Public subnet

  3. Create NAT Gateway and allow EC2 instances in Private subnet to access internet through NAT Gateway

  4. Create and use NAT EC2 instance instead of NAT Gateway

  5. Create VPC Peering between VPCs across AWS regions and connect to EC2 instance over private IP by using VPC peering connection

  6. Create VPC endpoint gateway for S3 and access S3 contents from EC2 instance in Private subnet without requiring internet connection

  7. Create and use VPC Private Link to expose your Web service privately to application hosted in another VPC

  8. Implement AWS region level failover using AWS Route53

  9. Hosting website on S3 using custom domain name from GoDaddy

  10. Hosting HTTPS enabled website using S3 and CloudFront

  11. Advanced Networking: Setup Site-To-Site VPN between AWS VPC and simulated on-premise network

  12. Advanced Networking: Setup AWS and Google Site to Site VPN using Dynamic BGP Routing

Understanding AWS Networking

Basics of AWS Networking (Part 1)

In this lecture, you will learn about Basics of AWS VPC, moving physical to virtual networking, VPC terminologies and how to calculate VPC, Subnets address in CIDR notation

Understanding VPC Subnets and Route Tables (Part 2)

In this lecture, understand how the routing works within VPC to allow communication between subnets or between subnets and internet. What are public subnets, what are private subnets and how to restrict network reaching to your EC2 instances using Security groups and Network ACLs.

Understanding NAT Gateway and NAT Instance (Part 3)

In this lecture, you will understand the very important network component "NAT". Why to use NAT, NAT benefits, the working of NAT (Network address translation) and how to use AWS NAT Gateway to allow instances in private subnets to access internet.

Then we will see how to configure EC2 instance as a NAT and what all it takes to launch and configure EC2 instance to function as NAT.

Understanding VPC Peering, VPC Endpoint, VPN and Direct Connect (Part 4)

In this lecture, understand advanced networking features of AWS. To start with, we will see how to connect two VPCs over a private network using VPC peering followed by VPC Endpoint. We will also see an overview of AWS and On-premise connectivity options in the form of VPN connection and DirectConnect. In the exercises section, you will find an exercise for setting up VPN connection using AWS Virtual Private Gateway.

That's all you need to know as an intermediary level AWS solution architect or devops engineer or developer when it comes to Networking in AWS.

Please move on to Section 2 and complete all Hands on exercises. This should definitely give you confidence to design and create network architecture for any given requirements.

AWS VPC - Hands On Exercises

VPC with Public Subnet (Hands On)

This is our first exercise and its very simple. Make sure you follow each step carefully and remember what we did so that while doing next exercises, it will be easy for you to set the things up quickly.

In this exercise, learn how to setup VPC with Public Subnet and connect to EC2 instance launched in this Subnet.

Here, we are not using default VPC. In the real world scenario, when you would require a Web application to be accessible over internet, typically you will create this kind of the setup. Optionally, you may choose to assign Elastic IP to EC2 instance instead of Public IP as Elastic IPs remains associated with the instance even after instance restart or you can detach and re-attach to another EC2 instance.

VPC with Public and Private Subnets (Hands On)

In this exercise, learn how to setup VPC with Public and Private subnets. We then create EC2 instances in each subnet and connect to Private EC2 instance via EC2 instance in Public Subnet.

In real life, you would have Web server or public facing instances in Public subnets and Application servers/Database servers in private subnet. You can build your network as explained in this video and achieve the desired network security and isolation.

NAT Gateway (Hands On)

In this exercise, learn how to NAT Gateway to allow EC2 instances in Private subnet to access internet.

In real life, you will have Application servers/Database servers in private subnet but still need to have internet connectivity to download packages from the internet. For this NAT can be used where it allows instances in private subnet to access internet but we can not reach to these instances from over the internet

NAT EC2 Instance (Hands On)

In this exercise, learn how to use EC2 instance as NAT instead of NAT Gateway.

Understand that NAT Gateway is managed AWS service which automatically scales and is highly available in the AZ. When we use EC2 instance as NAT, its called NAT Instance. In that case, the availability and bandwidth scaling is limited and hence NAT Instance might not be a good choice for deploying in production environment. Typically people deploy NAT instance in Dev/QA environments and use NAT Gateway in Production environment.

VPC Peering across AWS Regions (Hands On)

In this exercise, learn how to setup VPC peering between 2 VPCs across AWS Regions. VPC Peering is very important feature of AWS networking by which you can create private connectivity between 2 VPC. The EC2 instances in these VPCs can communicate with each other over Private IP addresses.

With VPC Peering, you don't require to have VPN connection and no need to expose your applications over internet if only other customers in AWS need to access it securely.

VPC Peering Use cases and Limitations

This lecture captures the VPC peering features, limitations and use cases. Though VPC Peering is an important offering from AWS, it has been designed in a way that it does not allow transitive access. Due to this, VPC peering is a safe networking construct which you can use to allow private communication between workloads hosted in same or different AWS accounts in same  or different AWS regions.

VPC Endpoint to connect to S3 over Private network (Hands On)

In this exercise, we will see how to use VPC Endpoint gateway which enables a private connection between VPC and another AWS service (currently only S3 and DynamoDB). If enabled, you do not require IGW or NAT when EC2 needs to access S3 or DynamoDB in same AWS region. The traffic between VPC & AWS service does not leave the Amazon network.

VPC endpoint gateway scales automatically and provides consistent bandwidth for S3 or DynamoDB access. Using VPC endpoint gateway instead of internet to access S3. It saves you considerable data transfer cost (and NAT charges). Also VPC endpoint gateway scales automatically as more bandwidth is required.

VPC PrivateLink to expose Application services privately (Hands On)

In this exercise, you will learn how your applications hosted privately in AWS  can be exposed securely to other AWS services.

By definition, AWS PrivateLink simplifies the security of data shared with cloud-based applications by eliminating the exposure of data to the public Internet. AWS PrivateLink provides private connectivity between VPCs, AWS services, and on-premises applications, securely on the Amazon network. AWS PrivateLink makes it easy to connect services across different accounts and VPCs to significantly simplify the network architecture.

In this exercise, we will host a Webserver service in one of the VPC in private subnet and will expose this service to service consumer in other VPC.

AWS Route53 DNS Management and Website hosting - Hands on exercises

Hosting website on S3 with custom domain name from Godaddy (Hands On)

In this lecture, we will see how to host static website on S3. However AWS provides custom aws dns names for website hence we need to map our own domain name to AWS provided dns name. This is done using AWS Route53 service. Here for this exercise, I have got my domain from Godaddy and I updated godaddy DNS to resolve to AWS Route53 DNS. Then added record set in AWS Route53 to point the my custom domain to S3.

Note that AWS S3 does not provide a single IP address for websites hosted on S3, hence we have to use Route53 Alias record set to point our domain name to S3 DNS.

Secure website with HTTPS using S3 and CloudFront (Hands on)

In this lecture, we will see how to enable HTTPS for websites hosted on S3. In the last lecture we hosted static website on S3 however we can't make it HTTPS as S3 does not support uploading SSL certificates. For this we need to have CloudFront (CDN) which acts as a front end for our website. We can deploy SSL certificate on CloudFront and it also caches the static contents like Pictures/Media giving user better experience by serving the contents from the nearest edge location.

For this exercise, we need to have your own domain name. You can buy that either from AWS or from any other domain registrar like Godaddy or namecheap etc. To know how to redirect your DNS queries from domain registrar to AWS Route53, please refer earlier lecture "Hosting website on S3 using custom domain name.."

Route53 DNS Region Level Failover (Hands On)

In this exercise, we will see how to use Route53 to achieve AWS Region level failover. As you already know we can use ELB with backend EC2 instances to achieve high availability within same AWS region. However many a times its required to distribute your workloads across AWS regions e.g for failover, country specific regulations, providing lower latency to endusers etc. In this case, we need to manage the traffic at DNS level and its done using different AWS Route53 routing policies.

In this exercise, we will be using Failover routing policy where we configure the Primary and Secondary sites in different AWS regions and then simulate the primary site failure which results in DNS switching to secondary site.

Advanced: AWS VPN Connectivity - Hands on exercises

AWS Site-To-Site VPN Connection (Hands On)

In this exercise, we will see how to setup Site-To-Site IPSec VPN connection between AWS VPC and simulated data center.  As we don't have our own datacenter (physical) router on the other end, we will use EC2 instance as VPN endpoint which has OpenSWAN VPN software installed.

After completing this exercise, you will know how VPN works in real world. As a next step, you may also want to  setup VPN connectivity between AWS and Google Cloud or AWS and Azure cloud.

Advanced Networking: AWS and Google Cloup Site to Site VPN using BGP Routing

In this lecture, we are going to see how to setup site to site VPN using BGP routing. BGP stands for Border Gateway Protocol and used widely for dynamic routing between different AS (Autonomous Systems). BGP stabilizes the network by identifying optimal network paths using Path vector protocol, policy based and rules based routing. If the routing is done within AS then its called internal BGP or iBGP however when its between different AS then its called external BGP or eBGP.

In this lecture, we will setup eBGP between AWS and Google network. This kind of hybrid networks are always seen in big enterprises where there are multiple ISP networks.

You can view and review the lecture materials indefinitely, like an on-demand channel.
Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don't have an internet connection, some instructors also let their students download course lectures. That's up to the instructor though, so make sure you get on their good side!
4.6 out of 5
48 Ratings

Detailed Rating

Stars 5
Stars 4
Stars 3
Stars 2
Stars 1
30-Day Money-Back Guarantee


6 hours on-demand video
Full lifetime access
Access on mobile and TV
Certificate of Completion