AWS Networking Cookbook
eBook - ePub

AWS Networking Cookbook

  1. 366 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

AWS Networking Cookbook

Book details
Book preview
Table of contents
Citations

About This Book

Over 50 recipes covering all you need to know about AWS networkingAbout This Book• Master AWS networking concepts with AWS Networking Cookbook.• Design and implement highly available connectivity and multi-regioned AWS solutions• A recipe-based guide that will eliminate the complications of AWS networking.• A guide to automate networking services and featuresWho This Book Is ForThis book targets administrators, network engineers, and solution architects who are looking at optimizing their cloud platform's connectivity. Some basic understanding of AWS would be beneficial.What You Will Learn• Create basic network in AWS• Create production grade network in AWS• Create global scale network in AWS• Security and Compliance with AWS Network• Troubleshooting, best practices and limitations of AWS network• Pricing model of AWS network components• Route 53 and Cloudfront concepts and routing policies• VPC Automation using Ansible and CloudFormationIn DetailThis book starts with practical recipes on the fundamentals of cloud networking and gradually moves on to configuring networks and implementing infrastructure automation. This book then supplies in-depth recipes on networking components like Network Interface, Internet Gateways, DNS, Elastic IP addresses, and VPN CloudHub. Later, this book also delves into designing, implementing, and optimizing static and dynamic routing architectures, multi-region solutions, and highly available connectivity for your enterprise.Finally, this book will teach you to troubleshoot your VPC's network, increasing your VPC's efficiency. By the end of this book, you will have advanced knowledge of AWS networking concepts and technologies and will have mastered implementing infrastructure automation and optimizing your VPC.Style and approachA set of exciting recipes on using AWS Networking services more effectively.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access AWS Networking Cookbook by Satyajit Das, Jhalak Modi in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Networking. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2017
ISBN
9781787286245
Edition
1
Topic
Computer Science
Subtopic
Computer Networking
Index
Computer Science

Cloud Security and Network Compliance

In this chapter, we will cover the following recipes:
  • Setting up CloudFront--EC2 origin
  • Setting up CloudFront--S3 origin
  • Geographic restrictions with Amazon CloudFront
  • Customizing error responses in CloudFront
  • Setting up CloudWatch monitoring
  • Setting up ELB and Auto Scaling
  • Trusted Advisor
  • Protecting log information--sending logs to CloudWatch
  • Starting CloudTrail
  • Submitting a penetration testing request

Introduction

Network security is evaluated by each organization making sure it assesses the effectiveness of your defenses. Internet-facing systems receive several hundreds or even millions of attack attempts every day. Many of these are simple scans that our security system can defend against, but others catch you by surprise, unexpectedly shifting into incident investigation and cleanup mode.
This chapter provides assistance in securing a network by explaining important concepts and inter-relationships of security controls.
First of all, we need to understand the shared responsibility model, as infrastructure security is shared between AWS and customer and it varies from different service models of Infrastructure as a Service (IAAS), Platform as a Service (PAAS), and Software as a Service (SAAS).
AWS provides a global infrastructure responsible for the following:
  • Underlying hardware
  • Physical security
  • Network security and compliance
  • Virtualization and underlying infrastructure
  • Facilities
As a customer, you need to take care of the following:
  • OS
  • Ingress and outgress traffic from your instance
  • AMI hardening and security
  • Data in transit and rest
  • AWS credentials and single sign on (SSO)
  • IAM user policies and roles
Here is a simplified diagram to explain the shared responsibility model:
  • Customers are responsible for their security and compliance IN the Cloud
  • AWS is responsible for the security OF the Cloud
AWS Shared Responsibiliy Model
As AWS takes care of the underlying setup, it allows you to scale and innovate while maintaining a secure environment.

Types of attack

Here we will be looking at various types of attacks and how to mitigate them with the help of different AWS services:
  • Distributed Denial of Service (DDoS): This is a malicious attempt based on bandwidth or resource consumption. DDOS attacks can cause harm without even modifying or touching the intended victim:
    • Network consumption: Attackers flood your environment with a large volume of spoofed packets to consume all your network bandwidth.
    • Resource consumption: These attempts can sometimes be so strong that they target the vital resources of your system such as CPU cycles, hard disk space, and so on.
  • Peer identity compromise/identity spoofing/man-in-the-middle: Hackers try to listen to traffic between two network nodes, looking for passwords, password hashes, and program instructions.
  • IP/DNS spoofing: Attackers try to impersonate a user, device, or client to directly attack the host.
  • Port scanning: The attacker tries to connect to a selected port or sometimes all ports to exploit the environment. The attacker works in the series of your system to understand the weakness.
Here are some best practices:
  • Always use a Security Group
  • Set up a Network ACL
  • Use IPSec or Direct Connect for trusted connections
  • Protect data in transit and rest
  • Turn on VPC flow logs
  • Always transfer data via SSL/TLS endpoints
  • Ensure regular reviews of security controls and policies.

Setting up CloudFront--EC2 origin

CloudFront is a Content Delivery Network (CDN) service provided by AWS. CloudFront offers a globally distributed network which serves cache content such as images, videos, and static fil...

Table of contents

  1. Title Page
  2. Copyright
  3. Credits
  4. About the Authors
  5. About the Reviewers
  6. www.PacktPub.com
  7. Customer Feedback
  8. Preface
  9. Getting Started with AWS Networking Components
  10. Building Your Own Custom VPC
  11. VPC Advanced Components
  12. Configuring Global Scale Infrastructure
  13. Working with Infrastructure Automation
  14. Working with Route 53
  15. Cloud Security and Network Compliance
  16. Troubleshooting and VPC Limits
  17. Pricing of VPC and Related Components