- 366 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
AWS Networking Cookbook
About This Book
Over 50 recipes covering all you need to know about AWS networkingAbout This Book⢠Master AWS networking concepts with AWS Networking Cookbook.⢠Design and implement highly available connectivity and multi-regioned AWS solutions⢠A recipe-based guide that will eliminate the complications of AWS networking.⢠A guide to automate networking services and featuresWho This Book Is ForThis book targets administrators, network engineers, and solution architects who are looking at optimizing their cloud platform's connectivity. Some basic understanding of AWS would be beneficial.What You Will Learn⢠Create basic network in AWS⢠Create production grade network in AWS⢠Create global scale network in AWS⢠Security and Compliance with AWS Network⢠Troubleshooting, best practices and limitations of AWS network⢠Pricing model of AWS network components⢠Route 53 and Cloudfront concepts and routing policies⢠VPC Automation using Ansible and CloudFormationIn DetailThis book starts with practical recipes on the fundamentals of cloud networking and gradually moves on to configuring networks and implementing infrastructure automation. This book then supplies in-depth recipes on networking components like Network Interface, Internet Gateways, DNS, Elastic IP addresses, and VPN CloudHub. Later, this book also delves into designing, implementing, and optimizing static and dynamic routing architectures, multi-region solutions, and highly available connectivity for your enterprise.Finally, this book will teach you to troubleshoot your VPC's network, increasing your VPC's efficiency. By the end of this book, you will have advanced knowledge of AWS networking concepts and technologies and will have mastered implementing infrastructure automation and optimizing your VPC.Style and approachA set of exciting recipes on using AWS Networking services more effectively.
Frequently asked questions
Information
Cloud Security and Network Compliance
- Setting up CloudFront--EC2 origin
- Setting up CloudFront--S3 origin
- Geographic restrictions with Amazon CloudFront
- Customizing error responses in CloudFront
- Setting up CloudWatch monitoring
- Setting up ELB and Auto Scaling
- Trusted Advisor
- Protecting log information--sending logs to CloudWatch
- Starting CloudTrail
- Submitting a penetration testing request
Introduction
- Underlying hardware
- Physical security
- Network security and compliance
- Virtualization and underlying infrastructure
- Facilities
- OS
- Ingress and outgress traffic from your instance
- AMI hardening and security
- Data in transit and rest
- AWS credentials and single sign on (SSO)
- IAM user policies and roles
- Customers are responsible for their security and compliance IN the Cloud
- AWS is responsible for the security OF the Cloud
Types of attack
- Distributed Denial of Service (DDoS): This is a malicious attempt based on bandwidth or resource consumption. DDOS attacks can cause harm without even modifying or touching the intended victim:
- Network consumption: Attackers flood your environment with a large volume of spoofed packets to consume all your network bandwidth.
- Resource consumption: These attempts can sometimes be so strong that they target the vital resources of your system such as CPU cycles, hard disk space, and so on.
- Peer identity compromise/identity spoofing/man-in-the-middle: Hackers try to listen to traffic between two network nodes, looking for passwords, password hashes, and program instructions.
- IP/DNS spoofing: Attackers try to impersonate a user, device, or client to directly attack the host.
- Port scanning: The attacker tries to connect to a selected port or sometimes all ports to exploit the environment. The attacker works in the series of your system to understand the weakness.
- Always use a Security Group
- Set up a Network ACL
- Use IPSec or Direct Connect for trusted connections
- Protect data in transit and rest
- Turn on VPC flow logs
- Always transfer data via SSL/TLS endpoints
- Ensure regular reviews of security controls and policies.
Setting up CloudFront--EC2 origin
Table of contents
- Title Page
- Copyright
- Credits
- About the Authors
- About the Reviewers
- www.PacktPub.com
- Customer Feedback
- Preface
- Getting Started with AWS Networking Components
- Building Your Own Custom VPC
- VPC Advanced Components
- Configuring Global Scale Infrastructure
- Working with Infrastructure Automation
- Working with Route 53
- Cloud Security and Network Compliance
- Troubleshooting and VPC Limits
- Pricing of VPC and Related Components