AWS networking is based on the principle of security by design. All communication between AWS services and devices, whether it’s within a single AWS region or across regions, is encrypted. This means that your data is always protected while in transit.
In addition, AWS networking provides built-in redundancy and scalability. This means that if one network connection goes down, there are multiple others that can take its place. And if you need to increase capacity, you can add more connections.
AWS networking is also designed for high availability. This means that your applications and services can continue to run even if one or more AWS regions become unavailable.
What is AWS networking?
AWS networking is a secure, scalable, and high-availability network infrastructure that enables you to run your applications and services on AWS.
AWS Networking Concepts
AWS Account: Your account is the root of your AWS network. It includes all of the resources that you create in AWS, such as Amazon EC2 instances, Amazon S3 buckets, and so on.
AWS Region: An AWS region is a physical location where AWS operates data centers. Regions are isolated from each other and provide you with low-latency connectivity to your users.
AWS Availability Zone: An AWS Availability Zone is a physically isolated location within an AWS region. Each Availability Zone is highly available, with redundant power, networking, and connectivity.
AWS Edge Location: An AWS Edge Location is a point of presence for AWS, which is typically a data center that is used to cache content and provide low-latency connectivity to users. Edge Locations are located in major cities around the world and are used by Amazon CloudFront to deliver content to users with low latency.
VPC: A VPC is an isolated network within an AWS region. You can launch AWS resources into a VPC to provide isolation from other AWS accounts and control over your network traffic.
Subnet: A subnet is a range of IP addresses in a VPC. You can launch AWS resources into a subnet to provide isolation from other subnets in the VPC.
Internet Gateway: An Internet Gateway is a VPC component that allows communication between your VPC and the Internet.
NAT Instance: A NAT instance is an Amazon EC2 instance that forwards traffic from your private subnets to the Internet. NAT instances allow you to preserve the privacy of your AWS resources while still providing Internet connectivity.
Network ACL: A Network ACL is a VPC component that controls traffic in and out of your subnets. Network ACLs can be used to allow or deny traffic based on IP addresses, port numbers, and so on.
Route Table: A Route Table is a VPC component that controls the routing of traffic in and out of your subnets. Route Tables can be used to create static or dynamic routes.
Security Group: A Security Group is a VPC component that controls traffic in and out of your AWS resources. Security Groups can be used to allow or deny traffic based on IP addresses, port numbers, and so on.
VPN Connection: A VPN Connection is a VPC component that allows you to connect your VPC to another network, such as your on-premises network. VPN Connections are used to extend your network into the cloud.
Elastic IP Address: An elastic IP address is a public IP address that you can allocate to an AWS resource, such as an EC2 instance.
Elastic Load Balancer: An elastic load balancer is a device that automatically distributes incoming traffic across multiple AWS resources, such as EC2 instances.
AWS Direct Connect: AWS Direct Connect is a service that allows you to connect your own network directly to an AWS region.
AWS Transit Gateway: Transit Gateway is a service that allows you to connect your VPCs and on-premises networks to a single gateway.
EC2: Elastic Compute Cloud (EC2) is a web service that provides resizable compute capacity in the cloud.
EBS: Elastic Block Store (EBS) is a web service that provides block-level storage volumes for use with EC2 instances.
S3: Simple Storage Service (S3) is a web service that provides object-level storage in the cloud.
RDS: Amazon Relational Database Service (RDS) is a web service that makes it easy to set up, operate, and scale a relational database in the cloud.
CloudWatch: Amazon CloudWatch is a monitoring and logging service for AWS resources and applications.
Route 53: Amazon Route 53 is a DNS service that provides reliable, low-latency name resolution for AWS resources.
Private Link: PrivateLink is a service that allows you to connect your VPCs and on-premises networks to AWS services using private IP addresses.