Networking Modes in AWS VPC Environments

Explore different networking modes such as Bridge mode with static mapping, Bridge mode with dynamic mapping, and AWS VPC networking mode in an AWS VPC environment with various configurations and scenarios.

• AWS
• VPC
• Networking
• Bridge mode
• Dynamic mapping

hadlee Follow

Uploaded on Jul 18, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Public subnet, public IP, internet gateway VPC Public subnet 172.31.0.0/20 EC2 instance Private IP address: 172.31.16.1 Public IP address: 3.221.88.186 Internet gateway Application Container

2. Private subnet, NAT gateway for internet access VPC Public subnet 172.31.0.0/20 Private subnet 172.31.16.0/20 EC2 instance Private IP address: 172.31.16.1 No public IP Internet gateway Application Container NAT gateway

3. ALB ingress VPC Public subnet 172.31.0.0/20 Private subnet 172.31.16.0/20 EC2 instance Private IP address: 172.31.16.1 No public IP Internet gateway Application Container Application load balancer

4. NLB ingress VPC Public subnet 172.31.0.0/20 Private subnet 172.31.16.0/20 EC2 instance Private IP address: 172.31.16.1 No public IP Internet gateway Application Container Network load balancer

5. API gateway ingress VPC Private subnet 172.31.16.0/20 EC2 instance Private IP address: 172.31.16.1 No public IP Internet gateway Application Container VPC Link Amazon API Gateway

6. Host networking mode Bridge mode with static mapping Private subnet 172.31.16.0/20 Private subnet 172.31.16.0/20 EC2 instance EC2 instance Port 3000 Port 3000 172.31.16.1:3000 172.31.16.1:80 Port 80 Port 3000 Network Bridge Container Container ENI: ENI: 172.31.16.1 172.31.16.1 EC2 instance EC2 instance Port 3000 Port 3000 172.31.16.2:3000 172.31.16.2:80 Port 3000 Port 80 Network Bridge Container Container ENI: ENI: 172.31.16.2 172.31.16.2

7. Bridge networking mode with dynamic mapping Private subnet 172.31.16.0/20 EC2 instance 172.31.16.1:47760 Port 3000 Port 47760 Container Port 45283 172.31.16.1:45283 ENI: Port 3000 172.31.16.1 Container EC2 instance 172.31.16.2:50077 Port 3000 Port 50077 Container Port 52330 172.31.16.2:52330 ENI: Port 3000 172.31.16.2 Container

8. AWS VPC networking mode Private subnet 172.31.16.0/20 EC2 instance EC2 IP: 172.31.16.0 EC2 host level processes ENI Port 80 172.31.16.1:80 Port 80 Container ENI Port 80 172.31.16.2:80 Port 80 Container ENI

9. AWS VPC ENI Trunking Private subnet 172.31.16.0/20 EC2 instance EC2 IP: 172.31.16.0 EC2 host primary ENI ENI 172.31.16.1:80 Port 80 Trunk ENI ENI Port 80 172.31.16.2:80 Port 80 Container Port 80 Container

10. AWS VPC ENI Trunking, secondary IP address range Private subnet 100.64.0.0/19 Private subnet 172.31.16.0/20 EC2 instance EC2 IP: 172.31.16.0 EC2 host primary ENI ENI Port 80 100.64.0.1:80 Port 80 Container Trunk ENI 100.64.0.2:80 Port 80 Port 80 ENI Container

11. NAT gateway access to other services VPC Public subnet 172.31.0.0/20 Private subnet 172.31.16.0/20 Amazon Simple Storage Service (S3) EC2 instance Private IP address: 172.31.16.1 No public IP Internet gateway NAT gateway Amazon Elastic Container Service Application Container Amazon Elastic Container Registry

12. Endpoint access to other services VPC Public subnet 172.31.0.0/20 Private subnet 172.31.16.0/20 S3 Gateway VPC Endpoint Amazon Simple Storage Service (S3) Application Container Internet gateway NAT gateway

13. Endpoint access to other services VPC Public subnet 172.31.0.0/20 Private subnet 172.31.16.0/20 ENI S3 Gateway VPC Endpoint Amazon Simple Storage Service (S3) EC2 instance ENI AWS PrivateLink VPC Endpoint Amazon Elastic Container Service Application Container Internet gateway NAT gateway ENI AWS PrivateLink VPC Endpoint Amazon Elastic Container Registry

14. Service discovery between services Private subnet 172.31.16.0/20 Private subnet 172.31.32.0/20 AWS Cloud Map Container B 172.31.32.1 Container A 172.31.16.1 service-a.local: 172.31.16.1 service-b.local: 172.31.16.2 172.31.32.1 service-c.local: 172.31.32.2 Container B 172.31.16.2 Container C 172.31.32.2

15. Internal load balancer Private subnet 172.31.16.0/20 Private subnet 172.31.32.0/20 Service A Load Balancer Container A 172.31.32.1 Container B 172.31.32.2 Container A 172.31.16.1 Container B 172.31.16.2 Service B Load Balancer

16. AWS App Mesh AWS App Mesh Private subnet 172.31.16.0/20 Private subnet 172.31.32.0/20 AWS Cloud Map ENI ENI Container A Container B 172.31.32.1 172.31.16.1 service-a.local: 172.31.16.1 service-b.local: 172.31.16.2 172.31.32.1 ENI ENI Container B Container C service-c.local: 172.31.32.2 172.31.16.2 172.31.32.2

17. NLB ingress Authentication Service Password Service Client application Authentication Task Password Task TLS mTLS secured mTLS secured secured Service Mesh Gateway Client application Authentication Container Password Container

18. File system EFS access point Certificate renewal task gateway-certs/ EFS access point Amazon Elastic File System The certificate renewal task has root access to the filesystem. It runs periodically on a schedule to regenerate the certificates before they expire. authentication-certs/ EFS access point password-certs/ Each service is configured to be able to connect to a specific access point in EFS and fetch its certificates from that path. The access point limits it to read only the certificates in that path of the filesystem. Authentication Task Password Task TLS mTLS secured mTLS secured secured Service Mesh Gateway Client application Authentication Container Password Container