1. Internet gateway
An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows
communication between your VPC and the internet. An internet gateway enables resources (like EC2
instances) in your public subnets to connect to the internet.
An Internet Gateway (IGW) is a logical connection between an Amazon VPC and the Internet. It is not a
physical device. Only one can be associated with each VPC. It does not limit the bandwidth of Internet
connectivity. (The only limitation on bandwidth is the size of the Amazon EC2 instance, and it applies to all
traffic — internal to the VPC and out to the Internet.)
If a VPC does not have an Internet Gateway, then the resources in the VPC cannot be accessed from the
Internet (unless the traffic flows via a corporate network and VPN/Direct Connect).
An Internet Gateway allows resources within your VPC to access the internet, and vice versa. In order for this
to happen, there needs to be a routing table entry allowing a subnet to access the IGW.
That is to say — an IGW allows resources within your public subnet to access the internet, and the internet to
access said resources.
A subnet is deemed to be a Public Subnet if it has a Route Table that directs traffic to the Internet Gateway.
How To Create Internet Gateway
a. Create an Internet Gateway
b. Attach it to VPC
c. Add route in your subnet’s route table to point to the internet
d. Your instance must need a publicly routable IP
e. Make sure that your NACLs and SGs allows the traffic to the internet
2. NAT instance basics
The following figure illustrates the NAT instance basics. The main route table is associated with the private
subnet and sends the traffic from the instances in the private subnet to the NAT instance in the public subnet.
The NAT instance then sends the traffic to the internet gateway for the VPC. The traffic is attributed to the
Elastic IP address of the NAT instance. The NAT instance specifies a high port number for the response; if a
response comes back, the NAT instance sends it to an instance in the private subnet based on the port number
for the response.
Internet traffic from the instances in the private subnet is routed to the NAT instance, which then
communicates with the internet. Therefore, the NAT instance must have internet access. It must be in a public
subnet (a subnet that has a route table with a route to the internet gateway), and it must have a public IP
address or an Elastic IP address.
3. Subnet route tables
Your VPC has an implicit router, and you use route tables to control where network traffic is directed. Each
subnet in your VPC must be associated with a route table, which controls the routing for the subnet (subnet
route table). You can explicitly associate a subnet with a particular route table. Otherwise, the subnet is
implicitly associated with the main route table. A subnet can only be associated with one route table at a time,
but you can associate multiple subnets with the same subnet route table.
4. What is a DNS server?
When users type domain names into the URL bar in their browser, DNS servers are responsible for
translating those domain names to numeric IP addresses, leading them to the correct website.
The Domain Name System (DNS) is the phonebook of the Internet. When users type domain names such as
‘google.com’ or ‘nytimes.com’ into web browsers, DNS is responsible for finding the correct IP address for
those sites. Browsers then use those addresses to communicate with origin servers or CDN edge servers to
access website information. This all happens thanks to DNS servers: machines dedicated to answering DNS
queries.
5. What is Subnetting?
Subnetting is the practice of dividing a network into two or smaller networks. It increases routing efficiency,
which helps to enhance the security of the network and reduces the size of the broadcast domain. IP
Subnetting designates high-order bits from the host as part of the network prefix. This method divides a
network into smaller subnets.
6. Why Use Subnetting?
Here are important reasons for using Subnetting:
a. It helps you to maximise IP addressing efficiency.
b. Extend the life of IPV4.
c. Public IPV4 Addresses are scarce.
d. IPV4 Subnetting reduces network traffic by eliminating collision and broadcast traffic and thus
improves overall performance.
e. This method allows you to apply network security policies at the interconnection between subnets.
f.
Optimized IP network performance.
g. Facilitates spanning of large geographical distances.
h. Subnetting process helps to allocate IP addresses that prevent large numbers of IP network addresses
from remaining unused.
i.
Subnets are usually set up geographically for specific offices or particular teams within a business
that allows their network traffic to stay within the location.
7. ELASTIC IP in AWS
An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is
allocated to your AWS account, and is yours until you release it. By using an Elastic IP address, you can
mask the failure of an instance or software by rapidly remapping the address to another instance in your
account.Alternatively, you can specify the Elastic IP address in a DNS record for your domain, so that your
domain points to your instance. For more information, see the documentation for your domain registrar, or
Set up dynamic DNS on Your Amazon Linux instance.
An Elastic IP address is a public IPv4 address, which is reachable from the internet. If your instance does not
have a public IPv4 address, you can associate an Elastic IP address with your instance to enable
communication with the internet. For example, this allows you to connect to your instance from your local
computer.