AWS Networking Contd

• The Network Diagram of VPC
  
• Now lets create an ec2 instance in the subnet1
  
  
  
  
  
• Generally when we try to use cidr notations for restricting or specifying range of ip addresses

100.100.100.0/24 
  => Network Id: 100.100.100
  => if we use this in security groups or nacls down the line it represents all the ip addresses from 100.100.100.0 - 100.100.100.255

100.100.0.0/16 => 100.100.0.0 to 100.100.255.255 

0.0.0.0/0 => 0.0.0.0 to 255.255.255.255 => all ip addresses

17.18.19.20/32 => 17.18.19.20

• When we deal with Security groups or NACLs
  • IP Range => CIDR Notation
  • Protocol =>
    • TCP
    • UDP
    • ICMP
  • Port =>
    • ssh works on 22 port on TCP
    • http works on 80 port on TCP
    • RDP works on 3389 port on TCP
  • Incoming Packets (Ingress/Inbound) or Outgoing packets (Egress/Outbound)
• Now Let me create a security in our vpc which allows all traffic from 19.20.21.22
  • i.e all protocols, all ports from 19.20.21.22/32 (inbound)
  • allow SSH (tcp 22) from anywhere
  • By default aws security group enables all outgoing traffic
  • Create a security group
    
    
    
    
• Exercise: Create a Security group in your vpc which
  • opens all the traffic from with in vpc
  • http port (tcp port 80) from anywhere
  • ssh port (tcp port 22) from anywhere
  • tcp port 8080 from anywhere
    
    
• AWS will not allow any connections from internet by default, for this we need to learn about internet gateways and also Route tables.