title
Amazon Virtual Private Cloud (VPC) | AWS Tutorial For Beginners | AWS Training Video | Simplilearn
description
🔥 AWS Cloud Architect Masters Program (Discount Coupon - YTBE15):https://www.simplilearn.com/aws-cloud-architect-certification-training-course?utm_campaign=23AugustTubebuddyExpCC&utm_medium=DescriptionFF&utm_source=youtube
🔥IIT Guwahati Professional Certificate Program In Cloud Computing And DevOps (India Only): https://www.simplilearn.com/professional-certificate-program-cloud-computing-devops?utm_campaign=AWS-fpxDGU2KdkA&utm_medium=DescriptionFirstFold&utm_source=youtube
🔥 Caltech Cloud Computing Bootcamp (US Only): https://www.simplilearn.com/cloud-computing-bootcamp-certification-course?utm_campaign=AWS-fpxDGU2KdkA&utm_medium=DescriptionFirstFold&utm_source=youtube
This Amazon VPC tutorial will give an overview of AWS VPC along with demo on how to create a custom VPC. Amazon Virtual Private Cloud (VPC) is a commercial cloud computing service that provides users a virtual private cloud, by provisioning a logically isolated section of Amazon Web Services (AWS) Cloud. Enterprise customers are able to access the Amazon Elastic Compute Cloud (EC2) over an IPsec based virtual private network. Unlike traditional EC2 instances which are allocated internal and external IP numbers by Amazon, the customer can assign IP numbers of their choosing from one or more subnets. By giving the user the option of selecting which AWS resources are public facing and which are not, VPC provides much more granular control over security.
This AWS VPC Tutorial will explain the following topics:
-( 00:09 ) AWS VPC Introduction
-( 02:24 ) Amazon VPC Terminology
-( 02:45 ) Amazon VPC Definition
-( 03:06 ) Amazon VPC Diagram
-( 04:06 ) Default AWS VPC
-( 05:10 ) AWS Custom VPC
-( 05:32 ) Hardware VPN Access
-( 06:20 ) AWS VPC Peering
-( 07:36 ) AWS VPC Creation Demo
-( 13:10 ) AWS Elastic IP Address Demo
-( 15:54 ) AWS Subnet Tutorial
-( 19:55 ) AWS Networking Tutorial
-( 21:51 ) AWS Internet Gateway Creation
-( 23:26 ) AWS Route Table Tutorial
-( 33:27 ) Using Security Grops and Network ACLs in Amazon VPC
-( 33:44 ) AWS Security Gropus Tutorial
-( 48:00 ) AWS VPC Best Practices
#Simplilearnaws #awstutorial #awstrainingvideos #awscertification #awstraining
đź“š For a more detailed understanding on AWS, do visit: https://www.simplilearn.com/dissecting-aws-virtual-private-cloud-vpc-article?&utm_medium=Description&utm_source=youtube
You will find in-depth content on AWS. Browse further to discover similar resources on related topics, made available to you as a learning path. Enjoy top-quality learning for FREE.
🔥Enroll for Free on the Simplilearn Cloud Computing Courses and get course completion certificate: https://www.simplilearn.com/skillup-free-online-courses?utm_campaign=AWS&utm_medium=Description&utm_source=youtube
➡️ About Post Graduate Program In Cloud Computing
This Post Graduate Program in Cloud Computing helps you become an expert in designing, planning, and scaling cloud implementations. Our Cloud Computing course helps you master the core skill sets required to design and deploy dynamically scalable and reliable applications on three popular cloud platform providers: Microsoft Azure, AWS, and GCP.
âś… Key Features
- Caltech CTME Post Graduate Certificate
- Enrolment in Simplilearn’s JobAssist
- Receive up to 30 CEUs from Caltech CTME
- Simplilearn's JobAssist helps you get noticed by top hiring companies
- Attend Masterclasses from Caltech CTME instructors
- Live virtual classes led by industry experts, hands-on projects and integrated labs
- Online Convocation by Caltech CTME Program Director
- 40+ Hands-On Projects and Integrated Labs
- Capstone Project in 4 Domains
- Caltech CTME Circle Membership
âś… Skills Covered
- Cloud Provider Selection
- Application Migration
- Performance Testing
- Cloud Workloads
- Identity Access Management
- Autoscaling
- Disaster Recovery
- Web Services and API
- Cloud Migration and Deployment
- Database Management
- MultiCloud Deployment
- Storage Services
👉 Learn More At: https://www.simplilearn.com/pgp-cloud-computing-certification-training-course?utm_campaign=AWS-fpxDGU2KdkA&utm_medium=Description&utm_source=youtube
🔥🔥 Interested in Attending Live Classes? Call Us: IN - 18002127688 / US - +18445327688
detail
{'title': 'Amazon Virtual Private Cloud (VPC) | AWS Tutorial For Beginners | AWS Training Video | Simplilearn', 'heatmap': [{'end': 338.146, 'start': 301.255, 'weight': 0.72}, {'end': 639.1, 'start': 605.288, 'weight': 0.761}, {'end': 776.096, 'start': 702.692, 'weight': 0.918}, {'end': 907.829, 'start': 840.625, 'weight': 0.733}, {'end': 1248.288, 'start': 1231.781, 'weight': 0.805}, {'end': 1486.966, 'start': 1409.645, 'weight': 0.928}, {'end': 1579.448, 'start': 1544.81, 'weight': 0.751}, {'end': 1751.725, 'start': 1612.583, 'weight': 0.815}, {'end': 1985.379, 'start': 1944.077, 'weight': 0.791}], 'summary': 'This aws tutorial covers amazon vpc, including an overview, managing vpc, elastic ip, vpc subnets, aws networking fundamentals, security groups, network acls, and custom vpc design, with specific examples and best practices for integrating local resources with the cloud.', 'chapters': [{'end': 562.886, 'segs': [{'end': 68.153, 'src': 'embed', 'start': 34.112, 'weight': 0, 'content': [{'end': 37.074, 'text': 'One such service is the Amazon Virtual Private Cloud.', 'start': 34.112, 'duration': 2.962}, {'end': 44.938, 'text': 'This lesson talks about creating virtual networks that closely resemble the ones that operate in your own data centers,', 'start': 38.035, 'duration': 6.903}, {'end': 49.679, 'text': 'but with the added benefit of being able to take full advantage of AWS.', 'start': 44.938, 'duration': 4.741}, {'end': 51.44, 'text': "So let's get started.", 'start': 50.399, 'duration': 1.041}, {'end': 68.153, 'text': "In this lesson, you'll learn all about virtual private clouds and understand their concept.", 'start': 63.191, 'duration': 4.962}], 'summary': 'Learn about amazon virtual private cloud for virtual networks in aws.', 'duration': 34.041, 'max_score': 34.112, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA34112.jpg'}, {'end': 122.651, 'src': 'embed', 'start': 96.333, 'weight': 3, 'content': [{'end': 100.294, 'text': "And we'll take a look at network ACLs and how they're used in Amazon VPC.", 'start': 96.333, 'duration': 3.961}, {'end': 109.696, 'text': "We'll also review the Amazon VPC best practices and also the costs associated with running a VPC in the Amazon cloud.", 'start': 101.354, 'duration': 8.342}, {'end': 116.157, 'text': 'Welcome to the Amazon virtual private cloud and subnet section.', 'start': 112.236, 'duration': 3.921}, {'end': 122.651, 'text': "In this section, we're going to have an overview of what Amazon VPC is and how you use it.", 'start': 117.17, 'duration': 5.481}], 'summary': 'Overview of amazon vpc, including network acls, best practices, and costs.', 'duration': 26.318, 'max_score': 96.333, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA96333.jpg'}, {'end': 174.814, 'src': 'embed', 'start': 147.614, 'weight': 1, 'content': [{'end': 156.801, 'text': "There's subnets, root tables, elastic IP addresses, internet gateways, NAT gateways, network ACLs, and security groups.", 'start': 147.614, 'duration': 9.187}, {'end': 164.226, 'text': "And in the next sections, we're going to take a look at each of these and build our own custom VPC that we'll use throughout this course.", 'start': 157.501, 'duration': 6.725}, {'end': 174.814, 'text': "Amazon defines a VPC as a virtual private cloud that enables you to launch AWS resources into a virtual network that you've defined.", 'start': 165.627, 'duration': 9.187}], 'summary': 'Amazon vpc enables launching aws resources into a virtual network with subnets, routing tables, eips, internet gateways, nat gateways, network acls, and security groups.', 'duration': 27.2, 'max_score': 147.614, 'thumbnail': ''}, {'end': 330.625, 'src': 'embed', 'start': 301.255, 'weight': 2, 'content': [{'end': 306.577, 'text': 'So in the coming sections will take a look at all of these different items that you can see on this default VPC.', 'start': 301.255, 'duration': 5.322}, {'end': 315.26, 'text': "But why wouldn't you just use the default VPC? Well, the default VPC is great for launching new instances when you're testing AWS.", 'start': 307.057, 'duration': 8.203}, {'end': 324.783, 'text': 'But creating a custom VPC allows you to make things more secure and you can customize your virtual network as you can define your own IP address range.', 'start': 316.08, 'duration': 8.703}, {'end': 330.625, 'text': 'You can create your own subnets that are both private and public, and you can tighten down your security settings.', 'start': 325.183, 'duration': 5.442}], 'summary': 'Creating a custom vpc provides more security and customization options compared to the default vpc, including defining ip address ranges and creating private and public subnets.', 'duration': 29.37, 'max_score': 301.255, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA301255.jpg'}, {'end': 338.146, 'src': 'heatmap', 'start': 301.255, 'weight': 0.72, 'content': [{'end': 306.577, 'text': 'So in the coming sections will take a look at all of these different items that you can see on this default VPC.', 'start': 301.255, 'duration': 5.322}, {'end': 315.26, 'text': "But why wouldn't you just use the default VPC? Well, the default VPC is great for launching new instances when you're testing AWS.", 'start': 307.057, 'duration': 8.203}, {'end': 324.783, 'text': 'But creating a custom VPC allows you to make things more secure and you can customize your virtual network as you can define your own IP address range.', 'start': 316.08, 'duration': 8.703}, {'end': 330.625, 'text': 'You can create your own subnets that are both private and public, and you can tighten down your security settings.', 'start': 325.183, 'duration': 5.442}, {'end': 338.146, 'text': "By default, instances that you launch into a VPC can't communicate with your own network.", 'start': 332.864, 'duration': 5.282}], 'summary': 'Custom vpcs offer more security and customization, including own ip range and private subnets.', 'duration': 36.891, 'max_score': 301.255, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA301255.jpg'}, {'end': 410.909, 'src': 'embed', 'start': 384.269, 'weight': 4, 'content': [{'end': 392.635, 'text': "A peering connection could be made between your own VPCs or with a VPC in another AWS account, as long as it's in the same region.", 'start': 384.269, 'duration': 8.366}, {'end': 397.719, 'text': 'So what that means is, if you have instances in VPC A,', 'start': 394.096, 'duration': 3.623}, {'end': 403.884, 'text': "they wouldn't be able to communicate with instances in VPC B or C unless you set up a peering connection.", 'start': 397.719, 'duration': 6.165}, {'end': 406.986, 'text': 'Peering is a one-to-one relationship.', 'start': 405.165, 'duration': 1.821}, {'end': 410.909, 'text': 'A VPC can have multiple peering connections to other VPCs.', 'start': 407.506, 'duration': 3.403}], 'summary': 'Peering connections enable vpcs to communicate in the same region, allowing multiple connections.', 'duration': 26.64, 'max_score': 384.269, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA384269.jpg'}], 'start': 8.453, 'title': 'Amazon vpc overview', 'summary': 'Provides an overview of amazon virtual private cloud (vpc), discussing its role in integrating local resources with the cloud, covering topics such as ip addresses, subnets, gateways, security groups, best practices, and costs.', 'chapters': [{'end': 562.886, 'start': 8.453, 'title': 'Aws solutions architect lesson 4: amazon vpc overview', 'summary': 'Explains the concept of amazon virtual private cloud (vpc), emphasizing its role in integrating local resources with the cloud, covering topics such as public, private, and elastic ip addresses, subnets, internet gateways, nat gateways, security groups, network acls, vpc best practices, and costs associated with running a vpc in the amazon cloud.', 'duration': 554.433, 'highlights': ['The chapter emphasizes the concept of Amazon VPC, emphasizing its role in integrating local resources with the cloud, running applications transparently to end users, and fully and seamlessly integrating local resources with the cloud.', 'It covers various topics related to VPC, such as public, private, and elastic IP addresses, subnets, Internet gateways, NAT gateways, security groups, and network ACLs.', 'The chapter highlights the importance of understanding VPC best practices and the costs associated with running a VPC in the Amazon cloud.', 'It explains the process of creating a custom VPC, allowing users to select the IP address range, create subnets, configure route tables, set up network gateways, and define security settings using security groups and network access control lists.', 'The chapter also details the concept of VPC peering, highlighting its one-to-one relationship, the lack of support for transitive peering, and the restriction on peering connections for VPCs with overlapping CIDRs.']}], 'duration': 554.433, 'thumbnail': '', 'highlights': ['The chapter emphasizes the concept of Amazon VPC, integrating local resources with the cloud.', 'It covers various topics related to VPC, such as IP addresses, subnets, gateways, security groups, and costs.', 'It explains the process of creating a custom VPC, allowing users to select the IP address range and define security settings.', 'The chapter highlights the importance of understanding VPC best practices and associated costs.', 'The chapter details the concept of VPC peering, highlighting its one-to-one relationship and restrictions on peering connections.']}, {'end': 1055.453, 'segs': [{'end': 595.625, 'src': 'embed', 'start': 564.587, 'weight': 2, 'content': [{'end': 566.009, 'text': 'Next, you get to choose the tenancy.', 'start': 564.587, 'duration': 1.422}, {'end': 568.751, 'text': "There's two options, default and dedicated.", 'start': 566.769, 'duration': 1.982}, {'end': 575.048, 'text': "If you select dedicated, then your EC2 instances will reside on hardware that's dedicated to you.", 'start': 569.443, 'duration': 5.605}, {'end': 579.652, 'text': 'So your performance is going to be great, but your cost is going to be significantly higher.', 'start': 575.068, 'duration': 4.584}, {'end': 582.114, 'text': "So I'm going to stick with default.", 'start': 580.332, 'duration': 1.782}, {'end': 585.036, 'text': 'And we just click on yes, create.', 'start': 583.094, 'duration': 1.942}, {'end': 588.239, 'text': "It'll take a couple of seconds.", 'start': 586.858, 'duration': 1.381}, {'end': 595.625, 'text': 'And then in our VPC dashboard we can see our Simply Learn VPC has been created.', 'start': 590.38, 'duration': 5.245}], 'summary': 'Choose tenancy: default vs dedicated for ec2 instances, opt for default to save costs, vpc created', 'duration': 31.038, 'max_score': 564.587, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA564587.jpg'}, {'end': 639.1, 'src': 'heatmap', 'start': 605.288, 'weight': 0.761, 'content': [{'end': 606.989, 'text': 'Which is our default route table.', 'start': 605.288, 'duration': 1.701}, {'end': 614.23, 'text': "So there it is and we can see that it's only allowing local traffic at the moment.", 'start': 610.289, 'duration': 3.941}, {'end': 617.451, 'text': 'We go back to the VPC again.', 'start': 615.651, 'duration': 1.8}, {'end': 621.192, 'text': "We can see it's been given a default network ACL.", 'start': 618.271, 'duration': 2.921}, {'end': 624.373, 'text': "And we'll click on that and have a look.", 'start': 623.013, 'duration': 1.36}, {'end': 630.814, 'text': 'And you can see this is very similar to what we looked at in the lesson.', 'start': 627.631, 'duration': 3.183}, {'end': 636.017, 'text': "So it's allowing all traffic from all sources inbound and outbound.", 'start': 631.894, 'duration': 4.123}, {'end': 639.1, 'text': 'Now if we go to the subnet section.', 'start': 637.298, 'duration': 1.802}], 'summary': 'Default route table allows only local traffic. default network acl allows all traffic from all sources.', 'duration': 33.812, 'max_score': 605.288, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA605288.jpg'}, {'end': 735.441, 'src': 'embed', 'start': 712.648, 'weight': 3, 'content': [{'end': 720.973, 'text': 'When you launch a new instance is given a private IP address and an internal DNS hostname that resolves to the private IP address of the instance.', 'start': 712.648, 'duration': 8.325}, {'end': 724.995, 'text': "But if you want to connect to this from the Internet, it's not going to work.", 'start': 721.613, 'duration': 3.382}, {'end': 729.938, 'text': "So then you'd need a public IP address which is reachable from the Internet.", 'start': 726.376, 'duration': 3.562}, {'end': 735.441, 'text': 'You can use public IP addresses for communication between your instances and the Internet.', 'start': 730.558, 'duration': 4.883}], 'summary': 'New instances are given private ip & dns, require public ip for internet access.', 'duration': 22.793, 'max_score': 712.648, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA712648.jpg'}, {'end': 787.363, 'src': 'heatmap', 'start': 702.692, 'weight': 4, 'content': [{'end': 708.157, 'text': 'Now, private IP addresses are IP addresses that are not reachable over the Internet,', 'start': 702.692, 'duration': 5.465}, {'end': 711.62, 'text': "and they're used for communication between instances in the same network.", 'start': 708.157, 'duration': 3.463}, {'end': 720.973, 'text': 'When you launch a new instance is given a private IP address and an internal DNS hostname that resolves to the private IP address of the instance.', 'start': 712.648, 'duration': 8.325}, {'end': 724.995, 'text': "But if you want to connect to this from the Internet, it's not going to work.", 'start': 721.613, 'duration': 3.382}, {'end': 729.938, 'text': "So then you'd need a public IP address which is reachable from the Internet.", 'start': 726.376, 'duration': 3.562}, {'end': 735.441, 'text': 'You can use public IP addresses for communication between your instances and the Internet.', 'start': 730.558, 'duration': 4.883}, {'end': 741.805, 'text': 'Each instance that receives a public IP address is also given an external DNS hostname.', 'start': 736.522, 'duration': 5.283}, {'end': 748.675, 'text': 'Public IP addresses are associated with your instances from the Amazon pool of public IP addresses.', 'start': 742.89, 'duration': 5.785}, {'end': 757.183, 'text': 'When you stop or terminate your instance, the public IP address is released and a new one is associated when the instance starts.', 'start': 749.976, 'duration': 7.207}, {'end': 765.01, 'text': 'So if you want your instance to retain its public IP address, you need to use something called an elastic IP address.', 'start': 758.264, 'duration': 6.746}, {'end': 776.096, 'text': "An elastic IP address is a static or consistent public IP address that's allocated to your account and can be associated to and from your instances as required.", 'start': 766.169, 'duration': 9.927}, {'end': 780.699, 'text': 'An elastic IP address remains in your account until you choose to release it.', 'start': 776.856, 'duration': 3.843}, {'end': 787.363, 'text': "There is a charge associated with an elastic IP address if it's in your account but not actually allocated to an instance.", 'start': 781.139, 'duration': 6.224}], 'summary': 'Private ip addresses for internal communication, public ip for internet access. elastic ip for consistent public address.', 'duration': 84.671, 'max_score': 702.692, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA702692.jpg'}, {'end': 907.829, 'src': 'heatmap', 'start': 840.625, 'weight': 0.733, 'content': [{'end': 842.106, 'text': 'And it takes a couple of seconds.', 'start': 840.625, 'duration': 1.481}, {'end': 845.765, 'text': "And there's our new elastic IP address.", 'start': 843.283, 'duration': 2.482}, {'end': 852.311, 'text': "Now we'll be using this IP address to associate with the NAT gateway when we build that.", 'start': 846.566, 'duration': 5.745}, {'end': 862.18, 'text': 'AWS defines a subnet as a range of IP addresses in your VPC.', 'start': 857.456, 'duration': 4.724}, {'end': 866.484, 'text': 'You can launch AWS resources into a subnet that you select.', 'start': 863.181, 'duration': 3.303}, {'end': 874.739, 'text': "You can use a public subnet for resources that must be connected to the internet and a private subnet for resources that won't be connected to the internet.", 'start': 867.136, 'duration': 7.603}, {'end': 883.962, 'text': 'The net mask for the default subnet in your VPC is always 20,, which provides up to 4096 addresses per subnet,', 'start': 875.519, 'duration': 8.443}, {'end': 886.403, 'text': 'and a few of them are reserved for AWS use.', 'start': 883.962, 'duration': 2.441}, {'end': 894.346, 'text': 'A VPC can span multiple availability zones, but the subnet is always mapped to a single availability zone.', 'start': 887.524, 'duration': 6.822}, {'end': 895.847, 'text': 'This is important to know.', 'start': 894.807, 'duration': 1.04}, {'end': 899.303, 'text': "So here's our basic diagram, which we're now going to start adding to.", 'start': 896.621, 'duration': 2.682}, {'end': 907.829, 'text': "So we can see the virtual private cloud and you can see the availability zones and now inside each availability zone we've rated a subnet.", 'start': 899.963, 'duration': 7.866}], 'summary': 'Aws vpc allows launching resources in subnets, each with 4096 addresses and mapped to a single availability zone.', 'duration': 67.204, 'max_score': 840.625, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA840625.jpg'}, {'end': 894.346, 'src': 'embed', 'start': 867.136, 'weight': 0, 'content': [{'end': 874.739, 'text': "You can use a public subnet for resources that must be connected to the internet and a private subnet for resources that won't be connected to the internet.", 'start': 867.136, 'duration': 7.603}, {'end': 883.962, 'text': 'The net mask for the default subnet in your VPC is always 20,, which provides up to 4096 addresses per subnet,', 'start': 875.519, 'duration': 8.443}, {'end': 886.403, 'text': 'and a few of them are reserved for AWS use.', 'start': 883.962, 'duration': 2.441}, {'end': 894.346, 'text': 'A VPC can span multiple availability zones, but the subnet is always mapped to a single availability zone.', 'start': 887.524, 'duration': 6.822}], 'summary': 'Aws vpc allows public and private subnets, with default subnet providing up to 4096 addresses per subnet.', 'duration': 27.21, 'max_score': 867.136, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA867136.jpg'}, {'end': 938.34, 'src': 'embed', 'start': 908.709, 'weight': 1, 'content': [{'end': 913.953, 'text': "Now you won't be able to launch any instances unless there are subnets in your VPC,", 'start': 908.709, 'duration': 5.244}, {'end': 918.396, 'text': "so it's good to spread them across availability zones for redundancy and failover purposes.", 'start': 913.953, 'duration': 4.443}, {'end': 923.159, 'text': "There's two different types of subnet, public and private.", 'start': 920.517, 'duration': 2.642}, {'end': 927.635, 'text': 'You use a public subnet for resources that must be connected to the Internet.', 'start': 924.033, 'duration': 3.602}, {'end': 929.216, 'text': 'For example, web servers.', 'start': 928.015, 'duration': 1.201}, {'end': 938.34, 'text': 'A public subnet is made public because the main route table sends the subnets traffic that is destined for the Internet to the Internet gateway.', 'start': 930.216, 'duration': 8.124}], 'summary': 'To launch instances, spread subnets across availability zones for redundancy. use public subnet for internet-connected resources like web servers.', 'duration': 29.631, 'max_score': 908.709, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA908709.jpg'}], 'start': 564.587, 'title': 'Managing vpc, elastic ip, and vpc subnets', 'summary': 'Covers creating a vpc, configuring its settings, understanding public and private ip addresses, elastic ip addresses, and creating public and private subnets across availability zones for redundancy, with a detailed example of creating a public subnet with 251 addresses.', 'chapters': [{'end': 836.182, 'start': 564.587, 'title': 'Managing vpc and elastic ip', 'summary': 'Explains the process of creating a vpc, configuring its settings, and understanding the use of public and private ip addresses, including the concept of elastic ip addresses and their association with instances.', 'duration': 271.595, 'highlights': ['The chapter explains the process of creating a VPC and choosing between default and dedicated tenancy, where dedicated tenancy provides better performance but at a higher cost.', 'It details the settings and components associated with the VPC, such as route tables, network ACLs, and subnets, emphasizing the need to create subnets for launching instances.', 'The distinction between private and public IP addresses is clarified, with an emphasis on their reachability over the Internet and the usage of public IP addresses for communication between instances and the Internet.', 'The concept of elastic IP addresses is introduced, highlighting their static nature, association with instances, and the associated charges if not allocated to an instance.', 'A demonstration of creating an elastic IP address is provided, including the process of allocation and the reminder of charges for unallocated elastic IP addresses.']}, {'end': 1055.453, 'start': 836.202, 'title': 'Creating vpc subnets', 'summary': 'Explains the process of creating public and private subnets in a vpc, emphasizing the importance of spreading them across availability zones for redundancy and failover purposes, and providing a detailed example of creating a public subnet with 251 addresses.', 'duration': 219.251, 'highlights': ["Subnets should be spread across availability zones for redundancy and failover purposes. It's important to spread subnets across availability zones for redundancy and failover purposes to ensure high availability. This is crucial for maintaining service continuity in case of failures.", 'Creating a public subnet with 251 addresses using CIDR block 10.0.1.0/24. The process of creating a public subnet with 251 addresses is demonstrated with the example of using CIDR block 10.0.1.0/24, which provides sufficient addresses for the range.', 'Explanation of public and private subnets, and their use cases. The chapter explains the distinction between public and private subnets and their respective use cases, such as connecting resources to the internet (public subnet) and protecting resources from the internet (private subnet).']}], 'duration': 490.866, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA564587.jpg', 'highlights': ['Creating a public subnet with 251 addresses using CIDR block 10.0.1.0/24', 'Subnets should be spread across availability zones for redundancy and failover purposes', 'The chapter explains the process of creating a VPC and choosing between default and dedicated tenancy', 'The distinction between private and public IP addresses is clarified, with an emphasis on their reachability over the Internet', 'The concept of elastic IP addresses is introduced, highlighting their static nature and association with instances']}, {'end': 1968.51, 'segs': [{'end': 1137.986, 'src': 'embed', 'start': 1090.295, 'weight': 6, 'content': [{'end': 1091.115, 'text': 'So we put the name in.', 'start': 1090.295, 'duration': 0.82}, {'end': 1096.176, 'text': "I'm going to give the private the IP address block of that.", 'start': 1091.155, 'duration': 5.021}, {'end': 1100.433, 'text': "I'm going to put this one in US East 1C.", 'start': 1097.611, 'duration': 2.822}, {'end': 1102.934, 'text': "And it's going to be the private.", 'start': 1101.593, 'duration': 1.341}, {'end': 1107.816, 'text': 'Subnet Obviously I want it to be in the same BPC.', 'start': 1104.074, 'duration': 3.742}, {'end': 1112.219, 'text': 'Beta BDC zone of US East 1C.', 'start': 1109.377, 'duration': 2.842}, {'end': 1115.08, 'text': "And we're going to give it.", 'start': 1114.06, 'duration': 1.02}, {'end': 1117.361, 'text': '10.0.2.0 slash 24.', 'start': 1115.1, 'duration': 2.261}, {'end': 1118.362, 'text': "And we'll click yes, create.", 'start': 1117.361, 'duration': 1.001}, {'end': 1128.017, 'text': 'Again, it takes a few seconds.', 'start': 1126.736, 'duration': 1.281}, {'end': 1135.043, 'text': 'OK, let me sort by name.', 'start': 1133.102, 'duration': 1.941}, {'end': 1137.986, 'text': 'So there we are.', 'start': 1135.063, 'duration': 2.923}], 'summary': 'Setting up private subnet with ip address block 10.0.2.0/24 in us east 1c.', 'duration': 47.691, 'max_score': 1090.295, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA1090295.jpg'}, {'end': 1248.288, 'src': 'heatmap', 'start': 1192.18, 'weight': 8, 'content': [{'end': 1197.826, 'text': "And we'll have a demonstration on how to create each of these AWS VPC items.", 'start': 1192.18, 'duration': 5.646}, {'end': 1237.343, 'text': 'So to allow your VPC the ability to connect to the Internet, you need to attach an Internet gateway.', 'start': 1231.781, 'duration': 5.562}, {'end': 1241.725, 'text': 'And you can only attach one Internet gateway per VPC.', 'start': 1238.144, 'duration': 3.581}, {'end': 1248.288, 'text': 'So attaching an Internet gateway is the first stage in permitting Internet access to instances in your VPC.', 'start': 1242.665, 'duration': 5.623}], 'summary': 'Demonstration on creating aws vpc items, including attaching one internet gateway per vpc for internet access.', 'duration': 56.108, 'max_score': 1192.18, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA1192180.jpg'}, {'end': 1299.297, 'src': 'embed', 'start': 1274.945, 'weight': 11, 'content': [{'end': 1282.689, 'text': "Then you need to ensure that your instances have public IP addresses or elastic IP addresses, so they're able to connect to the internet.", 'start': 1274.945, 'duration': 7.744}, {'end': 1296.136, 'text': "Then you need to ensure that your subnet's route table points to the internet gateway and you need to ensure that your network access control and security group rules Allow relevant traffic to flow to and from your instance.", 'start': 1283.789, 'duration': 12.347}, {'end': 1299.297, 'text': 'So you need to allow the rules to let in the traffic you want.', 'start': 1296.576, 'duration': 2.721}], 'summary': "Ensure instances have public ip addresses, subnet's route table points to internet gateway, and network access control and security group rules allow relevant traffic.", 'duration': 24.352, 'max_score': 1274.945, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA1274945.jpg'}, {'end': 1514.34, 'src': 'heatmap', 'start': 1409.645, 'weight': 0, 'content': [{'end': 1411.206, 'text': "And that's what you're going to learn about next.", 'start': 1409.645, 'duration': 1.561}, {'end': 1419.793, 'text': 'A route table determines where network traffic is directed.', 'start': 1416.771, 'duration': 3.022}, {'end': 1422.716, 'text': 'It does this by defining a set of rules.', 'start': 1420.674, 'duration': 2.042}, {'end': 1430.542, 'text': 'Every subnet has to be associated with a route table, and a subnet can only be associated with one route table.', 'start': 1423.856, 'duration': 6.686}, {'end': 1435.638, 'text': 'However, multiple subnets can be associated with the same route table.', 'start': 1431.334, 'duration': 4.304}, {'end': 1448.411, 'text': "Every VPC has a default route table and it's good practice to leave this in its original state and create a new route table to customize the network traffic routes associated with your VPC.", 'start': 1437.66, 'duration': 10.751}, {'end': 1455.278, 'text': "So here's our example, and we've added two route tables, the main route table and the custom route table.", 'start': 1449.472, 'duration': 5.806}, {'end': 1463.202, 'text': 'The new route table or the custom route table will tell the internet gateway to direct internet traffic to the public subnet.', 'start': 1456.758, 'duration': 6.444}, {'end': 1472.008, 'text': 'But the private subnet is still associated to the default route table, the main route table, which does not allow internet traffic to it.', 'start': 1464.003, 'duration': 8.005}, {'end': 1476.731, 'text': 'All traffic inside the private subnet is just remaining local.', 'start': 1472.988, 'duration': 3.743}, {'end': 1486.966, 'text': "In this demonstration, we're going to create a custom route table associated with our Internet gateway and associate our public subnet with it.", 'start': 1479.059, 'duration': 7.907}, {'end': 1497.034, 'text': "So let's go to networking and VPC.", 'start': 1494.993, 'duration': 2.041}, {'end': 1503.42, 'text': "Dashboard will load and we're going to go to route tables.", 'start': 1500.277, 'duration': 3.143}, {'end': 1508.094, 'text': 'Now our VPC only has its main route table at the moment.', 'start': 1505.051, 'duration': 3.043}, {'end': 1511.477, 'text': 'The default one it was given at the time it was created.', 'start': 1508.134, 'duration': 3.343}, {'end': 1514.34, 'text': 'So we want to create a new route table.', 'start': 1512.318, 'duration': 2.022}], 'summary': 'Route tables direct network traffic, with each subnet associated to one table. vpcs have a default table; customization is recommended.', 'duration': 57.582, 'max_score': 1409.645, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA1409645.jpg'}, {'end': 1579.448, 'src': 'heatmap', 'start': 1544.81, 'weight': 0.751, 'content': [{'end': 1546.25, 'text': 'So if we go down here to route.', 'start': 1544.81, 'duration': 1.44}, {'end': 1550.751, 'text': "At the minute you can see it's just like our main route table.", 'start': 1547.891, 'duration': 2.86}, {'end': 1553.812, 'text': 'It just has local access, so we want to click on edit.', 'start': 1550.831, 'duration': 2.981}, {'end': 1556.092, 'text': 'And we want to add another route.', 'start': 1554.572, 'duration': 1.52}, {'end': 1562.714, 'text': 'So the destination is the Internet, which is all the zeros.', 'start': 1557.893, 'duration': 4.821}, {'end': 1564.214, 'text': 'And our target.', 'start': 1563.514, 'duration': 0.7}, {'end': 1569.265, 'text': 'and we click on this, it gives us the option of our internet gateway, which we want to do.', 'start': 1564.804, 'duration': 4.461}, {'end': 1574.107, 'text': 'So now we have internet access to this subnet, sorry to this route table.', 'start': 1569.985, 'duration': 4.122}, {'end': 1576.647, 'text': 'And we click on save.', 'start': 1575.787, 'duration': 0.86}, {'end': 1579.448, 'text': 'Save was successful.', 'start': 1578.568, 'duration': 0.88}], 'summary': 'Configured route to provide internet access to subnet. save successful.', 'duration': 34.638, 'max_score': 1544.81, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA1544810.jpg'}, {'end': 1751.725, 'src': 'heatmap', 'start': 1612.583, 'weight': 0.815, 'content': [{'end': 1613.584, 'text': "So it's just saving that.", 'start': 1612.583, 'duration': 1.001}, {'end': 1624.478, 'text': 'So now we can see that our public subnet is associated with this route table, and this route table is associated with the Internet Gateway.', 'start': 1614.984, 'duration': 9.494}, {'end': 1629.301, 'text': 'So now anything we launch into the public subnet will have Internet access.', 'start': 1624.658, 'duration': 4.643}, {'end': 1635.845, 'text': 'But what if we wanted our instances in the private subnet to have Internet access?', 'start': 1631.142, 'duration': 4.703}, {'end': 1641.489, 'text': "Well, there's a way of doing that with a NAT device, and that's what we're going to look at in the next lecture.", 'start': 1636.766, 'duration': 4.723}, {'end': 1655.469, 'text': 'You can use a NAT device to enable instances in a private subnet to connect to the Internet or other AWS services,', 'start': 1647.884, 'duration': 7.585}, {'end': 1660.953, 'text': 'but prevent the Internet from initiating connections with the instances in the private subnet.', 'start': 1655.469, 'duration': 5.484}, {'end': 1668.458, 'text': 'So we talked earlier about public and private subnets to protect your assets from being directly connected to the Internet.', 'start': 1661.934, 'duration': 6.524}, {'end': 1676.484, 'text': 'For example, your web server would sit in the public subnet and your database in the private subnet, which has no Internet connectivity.', 'start': 1669.139, 'duration': 7.345}, {'end': 1685.762, 'text': 'However, your private subnet database instance might still need internet access or the ability to connect to other AWS resources.', 'start': 1678.257, 'duration': 7.505}, {'end': 1692.006, 'text': 'If so, you can use a network address translation device or a NAT device to do this.', 'start': 1686.622, 'duration': 5.384}, {'end': 1702.092, 'text': 'A NAT device forwards traffic from your private subnet to the internet or other AWS services and then sends the response back to the instances.', 'start': 1693.066, 'duration': 9.026}, {'end': 1708.716, 'text': 'When traffic goes to the Internet, the source IP address of your instance is replaced with the NAT device address.', 'start': 1703.174, 'duration': 5.542}, {'end': 1715.639, 'text': "And when the Internet traffic comes back again, the NAT device translates the address to your instance's private IP address.", 'start': 1709.396, 'duration': 6.243}, {'end': 1720.24, 'text': "So here's our diagram, which is getting ever more complicated.", 'start': 1717.599, 'duration': 2.641}, {'end': 1724.802, 'text': "And if you look in the public subnet, you can see we've now added a NAT device.", 'start': 1720.821, 'duration': 3.981}, {'end': 1729.484, 'text': 'And you have to put NAT devices in the public subnet so that they get Internet connectivity.', 'start': 1725.262, 'duration': 4.222}, {'end': 1736.799, 'text': 'AWS provides two kinds of NAT devices, a NAT gateway and a NAT instance.', 'start': 1731.437, 'duration': 5.362}, {'end': 1744.642, 'text': "AWS recommends a NAT gateway as it's a managed service that provides better availability and bandwidth than NAT instances.", 'start': 1737.699, 'duration': 6.943}, {'end': 1751.725, 'text': 'Each NAT gateway is created in a specific availability zone and is implemented with redundancy in that zone.', 'start': 1745.462, 'duration': 6.263}], 'summary': 'Nat device enables private subnet to access internet, aws recommends nat gateway for better availability and bandwidth.', 'duration': 139.142, 'max_score': 1612.583, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA1612583.jpg'}, {'end': 1685.762, 'src': 'embed', 'start': 1636.766, 'weight': 4, 'content': [{'end': 1641.489, 'text': "Well, there's a way of doing that with a NAT device, and that's what we're going to look at in the next lecture.", 'start': 1636.766, 'duration': 4.723}, {'end': 1655.469, 'text': 'You can use a NAT device to enable instances in a private subnet to connect to the Internet or other AWS services,', 'start': 1647.884, 'duration': 7.585}, {'end': 1660.953, 'text': 'but prevent the Internet from initiating connections with the instances in the private subnet.', 'start': 1655.469, 'duration': 5.484}, {'end': 1668.458, 'text': 'So we talked earlier about public and private subnets to protect your assets from being directly connected to the Internet.', 'start': 1661.934, 'duration': 6.524}, {'end': 1676.484, 'text': 'For example, your web server would sit in the public subnet and your database in the private subnet, which has no Internet connectivity.', 'start': 1669.139, 'duration': 7.345}, {'end': 1685.762, 'text': 'However, your private subnet database instance might still need internet access or the ability to connect to other AWS resources.', 'start': 1678.257, 'duration': 7.505}], 'summary': 'Nat device enables private subnet instances to connect to the internet while preventing inbound connections. it helps in securing assets and facilitating internet access for private subnet resources.', 'duration': 48.996, 'max_score': 1636.766, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA1636766.jpg'}, {'end': 1759.847, 'src': 'embed', 'start': 1731.437, 'weight': 2, 'content': [{'end': 1736.799, 'text': 'AWS provides two kinds of NAT devices, a NAT gateway and a NAT instance.', 'start': 1731.437, 'duration': 5.362}, {'end': 1744.642, 'text': "AWS recommends a NAT gateway as it's a managed service that provides better availability and bandwidth than NAT instances.", 'start': 1737.699, 'duration': 6.943}, {'end': 1751.725, 'text': 'Each NAT gateway is created in a specific availability zone and is implemented with redundancy in that zone.', 'start': 1745.462, 'duration': 6.263}, {'end': 1759.847, 'text': 'A NAT instance is launched from a NAT AMI, an Amazon machine image, and runs as an instance in your VPC.', 'start': 1752.805, 'duration': 7.042}], 'summary': 'Aws offers nat gateway for better availability and bandwidth compared to nat instance.', 'duration': 28.41, 'max_score': 1731.437, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA1731437.jpg'}, {'end': 1808.572, 'src': 'embed', 'start': 1775.712, 'weight': 5, 'content': [{'end': 1779.973, 'text': 'It also needs an elastic IP address, which you can select at the time of launch.', 'start': 1775.712, 'duration': 4.261}, {'end': 1788.485, 'text': 'Once created, you need to update the route table associated with your private subnet to point Internet bound traffic to the NAT gateway.', 'start': 1781.002, 'duration': 7.483}, {'end': 1792.866, 'text': 'This way the instances in your private subnets can communicate with the Internet.', 'start': 1789.145, 'duration': 3.721}, {'end': 1798.908, 'text': 'So if you remember back to the diagram when we had the custom route table which was pointed to the Internet gateway.', 'start': 1793.607, 'duration': 5.301}, {'end': 1808.572, 'text': "Now we're pointing our main route table to the NAT gateway so that the private subnet also gets Internet access, but in a more secure manner.", 'start': 1799.909, 'duration': 8.663}], 'summary': 'Update route table to point internet bound traffic to nat gateway for secure internet access.', 'duration': 32.86, 'max_score': 1775.712, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA1775712.jpg'}, {'end': 1873.948, 'src': 'embed', 'start': 1844.489, 'weight': 1, 'content': [{'end': 1850.394, 'text': "NAT gateways need to be placed in public subnets, so I'm just going to copy the name of this subnet ID.", 'start': 1844.489, 'duration': 5.905}, {'end': 1854.177, 'text': "For the public subnet and you'll see why in a moment.", 'start': 1851.855, 'duration': 2.322}, {'end': 1863.145, 'text': 'so then we go to NAT gateways on the left hand side and we want to create a new NAT gateway.', 'start': 1855.063, 'duration': 8.082}, {'end': 1865.005, 'text': 'so we have to put a subnet in there.', 'start': 1863.145, 'duration': 1.86}, {'end': 1867.266, 'text': 'so we want to choose our public subnet.', 'start': 1865.005, 'duration': 2.261}, {'end': 1873.948, 'text': "as you can see, it truncates a lot of the subnet names on this option, so it's a bit confusing.", 'start': 1867.266, 'duration': 6.682}], 'summary': 'Nat gateways require placement in public subnets to function properly.', 'duration': 29.459, 'max_score': 1844.489, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA1844489.jpg'}], 'start': 1056.753, 'title': 'Aws networking fundamentals', 'summary': 'Covers creating subnets, configuring internet gateways, custom route tables, and nat gateways in aws. it includes specifics such as creating a private subnet with an ip address block of 10.0.2.0/24 in us east 1c and associating subnets with route tables for internet access.', 'chapters': [{'end': 1137.986, 'start': 1056.753, 'title': 'Creating subnets in aws', 'summary': 'Demonstrates the process of creating a new subnet in aws, including specifying ip ranges, availability zones, and vpc zones, with an example of creating a private subnet with an ip address block of 10.0.2.0/24 in us east 1c.', 'duration': 81.233, 'highlights': ['The process involves creating a new subnet in AWS, specifying its IP range, availability zone, and VPC zone.', 'An example of creating a private subnet with an IP address block of 10.0.2.0/24 in US East 1C is demonstrated.', 'The demonstration includes steps such as naming the subnet, selecting the VPC zone, and confirming the creation.', 'It takes a few seconds for the creation process to complete.']}, {'end': 1404.976, 'start': 1138.006, 'title': 'Internet gateways and vpc configuration', 'summary': 'Covers the setup of internet gateways and vpc configuration, including the attachment of an internet gateway to a vpc, enabling internet access for instances by following specific rules, and the demonstration on creating an internet gateway and attaching it to a custom vpc.', 'duration': 266.97, 'highlights': ['The chapter includes the setup of internet gateways and VPC configuration, including the attachment of an internet gateway to a VPC, enabling internet access for instances by following specific rules, and the demonstration on creating an internet gateway and attaching it to a custom VPC. setup of internet gateways, VPC configuration, attaching internet gateway to VPC, enabling internet access for instances, following specific rules, demonstration on creating and attaching internet gateway', 'The demonstration includes creating an internet gateway and attaching it to a custom VPC, ensuring internet access for the VPC and its instances. demonstration on creating and attaching internet gateway, ensuring internet access for VPC and instances', "The process involves ensuring that instances have public or elastic IP addresses, configuring the subnet's route table to point to the internet gateway, and allowing relevant traffic through network access control and security group rules. ensuring instances have public or elastic IP addresses, configuring subnet's route table, allowing relevant traffic through network access control and security group rules"]}, {'end': 1685.762, 'start': 1405.822, 'title': 'Custom route tables in vpc', 'summary': 'Discusses the creation of a custom route table in vpc, associating subnets with route tables, and configuring internet access for subnets through the custom route table and internet gateway.', 'duration': 279.94, 'highlights': ["Creation of custom route table and association with VPC The chapter demonstrates the creation of a custom route table named 'learn' associated with a VPC called 'simply learn'.", 'Configuring internet access for a subnet through custom route table and internet gateway The chapter explains the configuration of internet access for a subnet by changing the route of the custom route table to point to the Internet Gateway, enabling internet access for instances in the associated subnet.', 'Association of subnets with custom route table The chapter describes the association of a public subnet with the custom route table, allowing instances in the public subnet to have internet access.', 'Purpose and usage of NAT device for private subnets The chapter introduces the use of a NAT device to enable instances in a private subnet to connect to the Internet or other AWS services while preventing the Internet from initiating connections with the instances in the private subnet.', 'Protection of assets in public and private subnets The chapter discusses the segregation of assets by placing web servers in public subnets and databases in private subnets, highlighting the need for internet access or connection to other AWS resources in private subnets.']}, {'end': 1968.51, 'start': 1686.622, 'title': 'Aws nat gateway overview', 'summary': 'Discusses the concept of network address translation (nat) devices in aws, specifically focusing on the differences between nat gateway and nat instance, their deployment, and the process of creating a nat gateway, emphasizing the importance of placing it in the public subnet and associating it with the route table of the private subnet to enable internet access.', 'duration': 281.888, 'highlights': ['NAT gateway provides better availability and bandwidth than NAT instance A NAT gateway is recommended over a NAT instance as it offers better availability and bandwidth. Each NAT gateway is created in a specific availability zone with redundancy.', 'Placing NAT gateway in the public subnet for Internet connectivity NAT gateway needs to be placed in a public subnet to ensure Internet connectivity for the instances in the private subnet.', 'NAT gateway needs an elastic IP address for launch and route table update for traffic redirection NAT gateway requires an elastic IP address for launch and the update of the route table associated with the private subnet to direct Internet-bound traffic to the NAT gateway.']}], 'duration': 911.757, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA1056753.jpg', 'highlights': ['Creation of custom route table and association with VPC', 'Placing NAT gateway in the public subnet for Internet connectivity', 'NAT gateway provides better availability and bandwidth than NAT instance', 'Configuring internet access for a subnet through custom route table and internet gateway', 'Protection of assets in public and private subnets', 'The process involves creating a new subnet in AWS, specifying its IP range, availability zone, and VPC zone', 'An example of creating a private subnet with an IP address block of 10.0.2.0/24 in US East 1C is demonstrated', 'The demonstration includes steps such as naming the subnet, selecting the VPC zone, and confirming the creation', 'The demonstration includes creating an internet gateway and attaching it to a custom VPC, ensuring internet access for the VPC and its instances', 'NAT gateway needs an elastic IP address for launch and route table update for traffic redirection', 'The demonstration includes creating a private subnet with an IP address block of 10.0.2.0/24 in US East 1C', "The process involves ensuring that instances have public or elastic IP addresses, configuring the subnet's route table to point to the internet gateway, and allowing relevant traffic through network access control and security group rules", 'The chapter discusses the segregation of assets by placing web servers in public subnets and databases in private subnets, highlighting the need for internet access or connection to other AWS resources in private subnets', 'The chapter introduces the use of a NAT device to enable instances in a private subnet to connect to the Internet or other AWS services while preventing the Internet from initiating connections with the instances in the private subnet', 'The process involves creating a new subnet in AWS, specifying its IP range, availability zone, and VPC zone', 'The chapter includes the setup of internet gateways and VPC configuration, including the attachment of an internet gateway to a VPC, enabling internet access for instances by following specific rules, and the demonstration on creating an internet gateway and attaching it to a custom VPC. setup of internet gateways, VPC configuration, attaching internet gateway to VPC, enabling internet access for instances, following specific rules, demonstration on creating and attaching internet gateway']}, {'end': 2533.034, 'segs': [{'end': 2057.951, 'src': 'embed', 'start': 1969.11, 'weight': 0, 'content': [{'end': 1971.232, 'text': 'So if we click on routes and edit.', 'start': 1969.11, 'duration': 2.122}, {'end': 1977.018, 'text': 'And we want to add another route and we want to say that all traffic.', 'start': 1973.154, 'duration': 3.864}, {'end': 1985.379, 'text': "Can Either go to the simply known Internet Gateway, which we don't want to do.", 'start': 1980.154, 'duration': 5.225}, {'end': 1988.603, 'text': 'We want to point it to a NAT instance, which is this NAT ID here.', 'start': 1985.419, 'duration': 3.184}, {'end': 1990.605, 'text': 'And we click save.', 'start': 1989.764, 'duration': 0.841}, {'end': 2000.215, 'text': 'So now any instances launched in our private subnet will be able to get Internet access via our NAT Gateway.', 'start': 1993.568, 'duration': 6.647}, {'end': 2011.493, 'text': 'Welcome to the Using Security Groups and Network ACL section.', 'start': 2007.651, 'duration': 3.842}, {'end': 2017.236, 'text': "In this section, we're going to take a look at security groups and network ACLs,", 'start': 2012.553, 'duration': 4.683}, {'end': 2023.118, 'text': "and we're going to have a demonstration on how you create both of these items in the Amazon Web Services Console.", 'start': 2017.236, 'duration': 5.882}, {'end': 2030.202, 'text': 'A security group acts as a virtual firewall that controls the traffic for one or more instances.', 'start': 2025.139, 'duration': 5.063}, {'end': 2036.745, 'text': 'You add rules to each security group that allow traffic to or from its associated instances.', 'start': 2031.062, 'duration': 5.683}, {'end': 2044.003, 'text': 'Basically a security group controls the inbound and outbound traffic for one or more EC2 instances.', 'start': 2037.699, 'duration': 6.304}, {'end': 2052.108, 'text': 'Security groups can be found on both the EC2 and VPC dashboards in the AWS web management console.', 'start': 2045.324, 'duration': 6.784}, {'end': 2057.951, 'text': "We're going to cover them here in this section and you'll see them crop up again in the EC2 lesson.", 'start': 2052.648, 'duration': 5.303}], 'summary': 'Configuring routes to point to a nat instance for private subnet internet access. explaining security groups and network acls in aws.', 'duration': 88.841, 'max_score': 1969.11, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA1969110.jpg'}, {'end': 2104.114, 'src': 'embed', 'start': 2080.01, 'weight': 3, 'content': [{'end': 2087.317, 'text': 'Now obviously a web server needs HTTP and HTTPS traffic as a minimum to be able to access it.', 'start': 2080.01, 'duration': 7.307}, {'end': 2095.889, 'text': "So here is an example of the security group table and you can see we're allowing HTTP and HTTPS,", 'start': 2088.484, 'duration': 7.405}, {'end': 2101.532, 'text': "the ports that are associated with those two and the sources, and we're allowing it from the Internet.", 'start': 2095.889, 'duration': 5.643}, {'end': 2104.114, 'text': "We're basically allowing all traffic to those ports.", 'start': 2101.552, 'duration': 2.562}], 'summary': 'Web server allows http and https traffic from the internet.', 'duration': 24.104, 'max_score': 2080.01, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA2080010.jpg'}, {'end': 2535.516, 'src': 'embed', 'start': 2509.095, 'weight': 2, 'content': [{'end': 2513.738, 'text': 'So we can select the simply then web server security group as the source traffic.', 'start': 2509.095, 'duration': 4.643}, {'end': 2516.56, 'text': 'But Microsoft SQL Server data.', 'start': 2514.458, 'duration': 2.102}, {'end': 2518.341, 'text': "So we'll select that.", 'start': 2517.62, 'duration': 0.721}, {'end': 2526.628, 'text': 'Now our SQL Server is obviously going to be a Windows instance, so from time to time we might need to log in and configure it.', 'start': 2518.801, 'duration': 7.827}, {'end': 2528.85, 'text': 'So we want to give RDP access.', 'start': 2526.728, 'duration': 2.122}, {'end': 2533.034, 'text': 'Now again, you would probably put a specific IP range in there.', 'start': 2529.731, 'duration': 3.303}, {'end': 2535.516, 'text': "We're just going to do all traffic for now.", 'start': 2533.694, 'duration': 1.822}], 'summary': 'Selecting web server security group as source traffic for microsoft sql server data and providing rdp access for windows instance.', 'duration': 26.421, 'max_score': 2509.095, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA2509095.jpg'}], 'start': 1969.11, 'title': 'Security groups & network acls in aws', 'summary': 'Covers the creation and application of security groups and network acls in the amazon web services console, highlighting the control of inbound and outbound traffic, various examples of security group configurations for different server types, and the default permissive nature of security group rules. it also demonstrates the creation of security groups for web and db servers, including setting inbound and outbound rules, with specific examples of allowing http, https, and sql server traffic, emphasizing the importance of securing applications into security groups.', 'chapters': [{'end': 2198.968, 'start': 1969.11, 'title': 'Using security groups & network acls', 'summary': 'Covers the creation and application of security groups and network acls in the amazon web services console, highlighting the control of inbound and outbound traffic, various examples of security group configurations for different server types, and the default permissive nature of security group rules.', 'duration': 229.858, 'highlights': ['The chapter covers the creation and application of security groups and network ACLs in the Amazon Web Services Console, highlighting the control of inbound and outbound traffic, various examples of security group configurations for different server types, and the default permissive nature of security group rules.', 'Instances in private subnet gain Internet access via the NAT Gateway, which is pointed to a NAT instance, enhancing network connectivity and enabling Internet access for the private subnet instances.', 'Security groups act as virtual firewalls controlling inbound and outbound traffic for EC2 instances, with rules added to each security group dictating traffic permissions, providing a comprehensive firewall solution for one or more instances.', "Example of a security group configuration for a web server, allowing HTTP and HTTPS traffic from the Internet, illustrating the specific ports and sources that are permitted to access the server, enhancing the server's accessibility while maintaining security measures.", 'Example of a security group configuration for a database server, showcasing the allowance of SQL Server port and RDP access, with specific source IP restrictions, ensuring secure access to the server while preventing unauthorized attempts from the Internet.']}, {'end': 2533.034, 'start': 2201.269, 'title': 'Creating security groups for web and db servers', 'summary': 'Demonstrates the creation of security groups for web and db servers, including setting inbound and outbound rules, with specific examples of allowing http, https, and sql server traffic, emphasizing the importance of securing applications into security groups.', 'duration': 331.765, 'highlights': ['The chapter demonstrates the creation of security groups for web and DB servers, emphasizing the importance of securing applications into security groups. The best practice of tearing applications into security groups is highlighted, aligning with the demonstration of creating security groups for web and DB servers.', 'Setting inbound and outbound rules for the security groups, including allowing HTTP, HTTPS, and SQL Server traffic. The detailed process of setting inbound and outbound rules for the security groups is explained, with specific examples of allowing HTTP, HTTPS, and SQL Server traffic.', 'Emphasizing the importance of securing applications into security groups and setting specific rules for allowing traffic from different security groups or specific IP addresses. The emphasis on securing applications into security groups and setting specific rules for allowing traffic from different security groups or specific IP addresses is highlighted, aligning with the best practice mentioned.']}], 'duration': 563.924, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA1969110.jpg', 'highlights': ['Instances in private subnet gain Internet access via the NAT Gateway, enhancing network connectivity and enabling Internet access for the private subnet instances.', 'Security groups act as virtual firewalls controlling inbound and outbound traffic for EC2 instances, providing a comprehensive firewall solution for one or more instances.', 'Example of a security group configuration for a database server, showcasing the allowance of SQL Server port and RDP access, with specific source IP restrictions, ensuring secure access to the server while preventing unauthorized attempts from the Internet.', "Example of a security group configuration for a web server, allowing HTTP and HTTPS traffic from the Internet, illustrating the specific ports and sources that are permitted to access the server, enhancing the server's accessibility while maintaining security measures.", 'The chapter covers the creation and application of security groups and network ACLs in the Amazon Web Services Console, highlighting the control of inbound and outbound traffic, various examples of security group configurations for different server types, and the default permissive nature of security group rules.']}, {'end': 2784.502, 'segs': [{'end': 2606.827, 'src': 'embed', 'start': 2565.622, 'weight': 0, 'content': [{'end': 2572.746, 'text': 'You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.', 'start': 2565.622, 'duration': 7.124}, {'end': 2578.888, 'text': "Here is our network diagram and we've added network ACLs to the mix.", 'start': 2574.147, 'duration': 4.741}, {'end': 2583.629, 'text': 'Now you can see they sit somewhere between the root tables and the subnets.', 'start': 2579.288, 'duration': 4.341}, {'end': 2591.611, 'text': 'This diagram makes it a little bit clearer and you can see that a network ACL sits in between a root table and a subnet.', 'start': 2585.409, 'duration': 6.202}, {'end': 2595.872, 'text': 'And also you can see an example of the default network ACL.', 'start': 2592.571, 'duration': 3.301}, {'end': 2601.973, 'text': 'Which is configured to allow all traffic to flow in and out of the subnets to which is associated.', 'start': 2597.032, 'duration': 4.941}, {'end': 2606.827, 'text': 'Each network ACL includes a rule whose rule number is an asterisk.', 'start': 2602.944, 'duration': 3.883}], 'summary': 'Network acls provide additional vpc security, with default acl allowing all traffic.', 'duration': 41.205, 'max_score': 2565.622, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA2565622.jpg'}, {'end': 2739.063, 'src': 'embed', 'start': 2658.47, 'weight': 1, 'content': [{'end': 2662.231, 'text': 'However, an ACL can be associated with multiple subnets.', 'start': 2658.47, 'duration': 3.761}, {'end': 2668.492, 'text': 'An ACL contains a list of numbered rules which are evaluated in order, starting with the lowest.', 'start': 2663.331, 'duration': 5.161}, {'end': 2674.954, 'text': "As soon as a rule matches traffic, it's applied regardless of any higher numbered rules that may contradict it.", 'start': 2669.193, 'duration': 5.761}, {'end': 2682.776, 'text': "AWS recommends incrementing your rules by a factor of 100, so there's plenty of room to implement new rules at a later date.", 'start': 2675.874, 'duration': 6.902}, {'end': 2687.177, 'text': 'Unlike security groups, ACLs are stateless.', 'start': 2684.336, 'duration': 2.841}, {'end': 2692.459, 'text': 'Responses to allowed inbound traffic are subject to the rules for outbound traffic.', 'start': 2687.876, 'duration': 4.583}, {'end': 2700.665, 'text': "Welcome to the network ACL demonstration, where we're just going to have an overview of ACLs, where they are in the dashboard.", 'start': 2694.341, 'duration': 6.324}, {'end': 2708.31, 'text': "You don't need to know a huge amount about them for the exam.", 'start': 2705.769, 'duration': 2.541}, {'end': 2710.332, 'text': 'You just need to know how they work and where they are.', 'start': 2708.351, 'duration': 1.981}, {'end': 2713.056, 'text': "So let's go to networking and VPC.", 'start': 2711.095, 'duration': 1.961}, {'end': 2719.237, 'text': "And on when the dashboard loads on the left hand side under security, there's network ACLs.", 'start': 2714.596, 'duration': 4.641}, {'end': 2720.258, 'text': 'Just click on that.', 'start': 2719.557, 'duration': 0.701}, {'end': 2728.8, 'text': "Now you can see some ACLs that are in my my AWS account, so we want the one that's associated with our simply learn VPC.", 'start': 2720.898, 'duration': 7.902}, {'end': 2731.321, 'text': 'So if we extend this VPC.', 'start': 2729.02, 'duration': 2.301}, {'end': 2737.142, 'text': "Column That's our network ACLS simply then VPC.", 'start': 2732.401, 'duration': 4.741}, {'end': 2739.063, 'text': "Now let's give it a name because.", 'start': 2737.583, 'duration': 1.48}], 'summary': 'Aws acls contain numbered rules, recommended to increment by 100, are stateless, and apply to inbound and outbound traffic.', 'duration': 80.593, 'max_score': 2658.47, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA2658470.jpg'}], 'start': 2533.694, 'title': 'Network acls in vpc', 'summary': 'Discusses the concept of network acls in vpc, emphasizing their role as an optional security layer, comparison to security groups, and positioning within the vpc network structure. it also explains the purpose and configuration of network acls, emphasizing the importance of rule evaluation order and the recommendation to increment rules by a factor of 100, as well as demonstrating how to access and modify acls in the aws dashboard.', 'chapters': [{'end': 2606.827, 'start': 2533.694, 'title': 'Network acls in vpc', 'summary': 'Discusses the concept of network acls in vpc, highlighting their role as an optional security layer, their comparison to security groups, and their positioning within the vpc network structure.', 'duration': 73.133, 'highlights': ['Network ACLs act as a firewall for controlling traffic in and out of subnets, adding an extra layer of security to the VPC.', 'They are comparable to security groups and are positioned between root tables and subnets in the VPC network structure.', 'The default network ACL is configured to allow all traffic to flow in and out of associated subnets.']}, {'end': 2784.502, 'start': 2607.628, 'title': 'Network acl overview and configuration', 'summary': 'Explains the purpose and configuration of network acls, emphasizing the importance of rule evaluation order and the recommendation to increment rules by a factor of 100, as well as demonstrating how to access and modify acls in the aws dashboard.', 'duration': 176.874, 'highlights': ["Network ACL rules are evaluated in order, starting with the lowest numbered rule, and as soon as a rule matches traffic, it's applied regardless of any higher numbered rules that may contradict it. Emphasizes the significance of the order of rules in network ACLs, highlighting the immediate application of a matching rule, regardless of higher numbered rules, providing clarity on rule evaluation process.", "AWS recommends incrementing network ACL rules by a factor of 100 to allow for the implementation of new rules at a later date. Reinforces the importance of incrementing rules by 100, ensuring flexibility for additional rule implementation, and reflecting AWS's recommendation for efficient rule management.", 'ACLs are stateless and responses to allowed inbound traffic are subject to the rules for outbound traffic. Explains the stateless nature of ACLs and the impact on responses to allowed inbound traffic, providing insight into the behavior of ACLs in managing inbound and outbound traffic.', 'Demonstrates accessing and modifying ACLs in the AWS dashboard by providing a step-by-step overview of where to find and configure ACLs within the networking and VPC settings. Illustrates the practical process of accessing and modifying ACLs in the AWS dashboard, offering a clear demonstration of the practical application of the concepts discussed.']}], 'duration': 250.808, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA2533694.jpg', 'highlights': ['Network ACLs act as a firewall for controlling traffic in and out of subnets, adding an extra layer of security to the VPC.', "Network ACL rules are evaluated in order, starting with the lowest numbered rule, and as soon as a rule matches traffic, it's applied regardless of any higher numbered rules that may contradict it.", 'AWS recommends incrementing network ACL rules by a factor of 100 to allow for the implementation of new rules at a later date.', 'They are comparable to security groups and are positioned between root tables and subnets in the VPC network structure.', 'The default network ACL is configured to allow all traffic to flow in and out of associated subnets.', 'ACLs are stateless and responses to allowed inbound traffic are subject to the rules for outbound traffic.', 'Demonstrates accessing and modifying ACLs in the AWS dashboard by providing a step-by-step overview of where to find and configure ACLs within the networking and VPC settings.']}, {'end': 3351.617, 'segs': [{'end': 2909.285, 'src': 'embed', 'start': 2884.416, 'weight': 3, 'content': [{'end': 2890.598, 'text': "where we're going to take a look at the best practices and the costs associated with the Amazon Virtual Private Cloud.", 'start': 2884.416, 'duration': 6.182}, {'end': 2893.979, 'text': 'Always use public and private subnets.', 'start': 2891.958, 'duration': 2.021}, {'end': 2901.182, 'text': "You should use private subnets to secure resources that don't need to be available to the internet, such as database services.", 'start': 2894.659, 'duration': 6.523}, {'end': 2909.285, 'text': 'To provide secure internet access to the instances that reside in your private subnets, you should provide a NAT device.', 'start': 2902.262, 'duration': 7.023}], 'summary': 'Best practices for amazon vpc: use public/private subnets, secure private resources, and provide nat device for internet access.', 'duration': 24.869, 'max_score': 2884.416, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA2884416.jpg'}, {'end': 3005.037, 'src': 'embed', 'start': 2954.752, 'weight': 1, 'content': [{'end': 2957.434, 'text': 'There are various limitations on the VPC components.', 'start': 2954.752, 'duration': 2.682}, {'end': 2970.79, 'text': "For example, you're allowed five VPCs per region, 200 subnets per VPC, 200 route tables per VPC, 500 security groups per VPC,", 'start': 2957.994, 'duration': 12.796}, {'end': 2974.311, 'text': '50 in and outbound rules per VPC.', 'start': 2970.79, 'duration': 3.521}, {'end': 2979.712, 'text': 'However, some of these rules can be increased by raising a ticket with AWS support.', 'start': 2975.211, 'duration': 4.501}, {'end': 2986.855, 'text': 'You should use security groups and network ACLs to secure the traffic coming in and out of your VPC.', 'start': 2981.253, 'duration': 5.602}, {'end': 2994.277, 'text': 'Amazon advises to use security groups for white listing traffic and network ACLs for black listing traffic.', 'start': 2987.635, 'duration': 6.642}, {'end': 2998.793, 'text': 'Amazon recommends tiering your security groups.', 'start': 2996.471, 'duration': 2.322}, {'end': 3005.037, 'text': 'You should create different security groups for different tiers of your infrastructure architecture inside VPC.', 'start': 2999.473, 'duration': 5.564}], 'summary': 'Aws vpc has limitations: 5 vpcs/region, 200 subnets/vpc, 200 route tables/vpc, 500 security groups/vpc, 50 in/outbound rules/vpc. rules can be increased via aws support. use security groups and network acls to secure traffic. amazon advises tiering security groups and using them for whitelisting traffic, while using network acls for blacklisting traffic.', 'duration': 50.285, 'max_score': 2954.752, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA2954752.jpg'}, {'end': 3052.379, 'src': 'embed', 'start': 3025.914, 'weight': 0, 'content': [{'end': 3030.395, 'text': 'Conversely, the database security group will have SQL Server ports already open.', 'start': 3025.914, 'duration': 4.481}, {'end': 3035.196, 'text': 'You should also standardize your security group naming conventions.', 'start': 3032.135, 'duration': 3.061}, {'end': 3044.117, 'text': 'Following a security group naming convention allows Amazon VPC operation and management for large-scale deployments to become much easier.', 'start': 3035.836, 'duration': 8.281}, {'end': 3052.379, 'text': 'Always span your Amazon VPC across multiple subnets in multiple availability zones inside a region.', 'start': 3046.318, 'duration': 6.061}], 'summary': 'Standardize security group naming for easier amazon vpc management.', 'duration': 26.465, 'max_score': 3025.914, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA3025914.jpg'}, {'end': 3102.908, 'src': 'embed', 'start': 3076.792, 'weight': 4, 'content': [{'end': 3083.496, 'text': "You'll also incur standard AWS data transfer charges for all data transferred via the VPN connection.", 'start': 3076.792, 'duration': 6.704}, {'end': 3093.582, 'text': 'If you choose to create a NAT gateway in your VPC, you are charged for each NAT gateway hour that your NAT gateway is provisioned and available.', 'start': 3085.557, 'duration': 8.025}, {'end': 3098.605, 'text': 'Data processing charges apply for each gigabyte processed through the NAT gateway.', 'start': 3094.203, 'duration': 4.402}, {'end': 3102.908, 'text': 'Each partial NAT gateway hour consumed is billed as a full hour.', 'start': 3099.366, 'duration': 3.542}], 'summary': 'Aws charges for data transfer, nat gateway provision, and data processing.', 'duration': 26.116, 'max_score': 3076.792, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA3076792.jpg'}, {'end': 3190.029, 'src': 'embed', 'start': 3160.349, 'weight': 5, 'content': [{'end': 3162.59, 'text': "So let's review the key takeaways from this lesson.", 'start': 3160.349, 'duration': 2.241}, {'end': 3172.924, 'text': "Amazon Virtual Private Cloud, or VPC, enables you to launch AWS resources into a virtual network that you've defined.", 'start': 3165.222, 'duration': 7.702}, {'end': 3179.366, 'text': "This virtual network closely resembles a traditional network that you'd operate in your own data center,", 'start': 3173.524, 'duration': 5.842}, {'end': 3183.427, 'text': 'but with the benefits of using scalable infrastructure of AWS.', 'start': 3179.366, 'duration': 4.061}, {'end': 3187.928, 'text': 'There are three types of IP address in AWS.', 'start': 3185.188, 'duration': 2.74}, {'end': 3190.029, 'text': 'A private IP address.', 'start': 3188.809, 'duration': 1.22}], 'summary': 'Amazon vpc allows launching aws resources into a virtual network resembling traditional network, with benefits of scalable aws infrastructure. three types of ip addresses in aws include private ip address.', 'duration': 29.68, 'max_score': 3160.349, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA3160349.jpg'}, {'end': 3255.36, 'src': 'embed', 'start': 3232.512, 'weight': 6, 'content': [{'end': 3239.777, 'text': "Use a public subnet for resources that must be connected to the Internet and a private subnet for resources that won't be connected to the Internet.", 'start': 3232.512, 'duration': 7.265}, {'end': 3247.413, 'text': 'To allow your VPC the ability to connect to the Internet, you need to attach an Internet gateway to it,', 'start': 3241.368, 'duration': 6.045}, {'end': 3250.976, 'text': 'and you can only attach one Internet gateway per VPC.', 'start': 3247.413, 'duration': 3.563}, {'end': 3255.36, 'text': 'A route table determines where network traffic is directed.', 'start': 3252.417, 'duration': 2.943}], 'summary': 'Use public and private subnets for internet-connected and non-internet-connected resources. attach one internet gateway per vpc for connectivity.', 'duration': 22.848, 'max_score': 3232.512, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA3232512.jpg'}, {'end': 3304.582, 'src': 'embed', 'start': 3279.938, 'weight': 9, 'content': [{'end': 3286.42, 'text': 'But a NAT device will prevent the Internet from initiating connections with instances inside your private subnet.', 'start': 3279.938, 'duration': 6.482}, {'end': 3293.663, 'text': 'A security group acts as a virtual firewall that controls the traffic for one or more instances.', 'start': 3288.721, 'duration': 4.942}, {'end': 3299.905, 'text': 'You add rules to each security group that allow traffic to or from its associated instances.', 'start': 3294.403, 'duration': 5.502}, {'end': 3304.582, 'text': 'A network access control list, or network ACL,', 'start': 3301.041, 'duration': 3.541}], 'summary': 'Nat device blocks incoming connections. security group controls traffic for instances.', 'duration': 24.644, 'max_score': 3279.938, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA3279938.jpg'}], 'start': 2784.542, 'title': 'Amazon vpc and custom vpc design', 'summary': 'Covers amazon vpc best practices, including public and private subnets, choosing cidr blocks, understanding vpc limits, using security groups and network acls, and standardizing security group naming conventions. additionally, it discusses designing custom vpcs, emphasizing vpc concepts, subnet types, gateway types, and security groups for launching aws resources into a virtual network.', 'chapters': [{'end': 3102.908, 'start': 2784.542, 'title': 'Amazon vpc best practices', 'summary': 'Covers the best practices for amazon vpc, including using public and private subnets, choosing cidr blocks carefully, understanding vpc limits, using security groups and network acls for traffic security, and standardizing security group naming conventions.', 'duration': 318.366, 'highlights': ["Always use public and private subnets to secure resources that don't need to be available to the internet, such as database services. Using private subnets to secure resources that don't need internet access, such as database services, is a best practice for Amazon VPC.", 'Understanding the Amazon VPC limits, such as the allowed number of VPCs per region, subnets per VPC, route tables per VPC, security groups per VPC, and in/outbound rules per VPC is essential for effective VPC management. Understanding the limitations on VPC components, such as the allowed number of VPCs per region, subnets per VPC, route tables per VPC, security groups per VPC, and in/outbound rules per VPC, is crucial for effective VPC management.', 'Using security groups for white listing traffic and network ACLs for black listing traffic is a recommended approach for securing traffic in and out of the VPC. Amazon recommends using security groups for white listing traffic and network ACLs for black listing traffic as an approach to secure traffic in and out of the VPC.', 'Always span your Amazon VPC across multiple subnets in multiple availability zones inside a region to architect high availability within the VPC. Spanning the Amazon VPC across multiple subnets in multiple availability zones inside a region is important for architecting high availability within the VPC.', 'Charges for VPN connections and NAT gateways in the VPC are incurred based on hours provisioned and available, as well as data processing charges for data transferred through the VPN connection or NAT gateway. Charges for VPN connections and NAT gateways in the VPC are incurred based on hours provisioned and available, as well as data processing charges for data transferred through the VPN connection or NAT gateway.']}, {'end': 3351.617, 'start': 3104.884, 'title': 'Designing custom vpc practice', 'summary': 'Discusses creating a custom vpc, including key elements such as vpc concepts, subnet types, gateway types, and security groups, and emphasizes the importance of vpc in launching aws resources into a virtual network.', 'duration': 246.733, 'highlights': ["Amazon VPC enables you to launch AWS resources into a virtual network that you've defined, resembling a traditional network but with the benefits of using scalable infrastructure of AWS. Amazon VPC provides a virtual network resembling a traditional one, allowing the launch of AWS resources with scalable infrastructure.", 'VPC consists of three types of IP addresses: private, public, and elastic IP addresses. VPC encompasses private, public, and elastic IP addresses, each serving distinct communication purposes.', "The chapter emphasizes the importance of using public subnet for resources connected to the Internet and a private subnet for resources not connected to the Internet. It's essential to utilize public subnets for Internet-connected resources and private subnets for those not connected to the Internet.", 'The significance of attaching an Internet gateway to a VPC to enable connectivity to the Internet is highlighted, with the restriction of one Internet gateway per VPC. Attaching an Internet gateway to a VPC enables connectivity to the Internet, limited to one Internet gateway per VPC.', 'The role of a NAT device in enabling instances in a private subnet to connect to the Internet while preventing inbound connections is emphasized. A NAT device facilitates private subnet instances to connect to the Internet while blocking inbound connections.']}], 'duration': 567.075, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/fpxDGU2KdkA/pics/fpxDGU2KdkA2784542.jpg', 'highlights': ['Spanning the Amazon VPC across multiple subnets in multiple availability zones inside a region is important for architecting high availability within the VPC.', 'Understanding the limitations on VPC components, such as the allowed number of VPCs per region, subnets per VPC, route tables per VPC, security groups per VPC, and in/outbound rules per VPC, is crucial for effective VPC management.', 'Using security groups for white listing traffic and network ACLs for black listing traffic is a recommended approach for securing traffic in and out of the VPC.', "Always use public and private subnets to secure resources that don't need to be available to the internet, such as database services.", 'Charges for VPN connections and NAT gateways in the VPC are incurred based on hours provisioned and available, as well as data processing charges for data transferred through the VPN connection or NAT gateway.', 'Amazon VPC provides a virtual network resembling a traditional one, allowing the launch of AWS resources with scalable infrastructure.', "It's essential to utilize public subnets for Internet-connected resources and private subnets for those not connected to the Internet.", 'VPC encompasses private, public, and elastic IP addresses, each serving distinct communication purposes.', 'Attaching an Internet gateway to a VPC enables connectivity to the Internet, limited to one Internet gateway per VPC.', 'A NAT device facilitates private subnet instances to connect to the Internet while blocking inbound connections.']}], 'highlights': ['Creation of custom route table and association with VPC', 'Creating a public subnet with 251 addresses using CIDR block 10.0.1.0/24', 'Instances in private subnet gain Internet access via the NAT Gateway', 'Understanding the limitations on VPC components is crucial for effective VPC management', 'Security groups act as virtual firewalls controlling inbound and outbound traffic for EC2 instances', 'Network ACLs act as a firewall for controlling traffic in and out of subnets', 'Placing NAT gateway in the public subnet for Internet connectivity', 'Spanning the Amazon VPC across multiple subnets in multiple availability zones inside a region is important for architecting high availability within the VPC', 'The chapter discusses the segregation of assets by placing web servers in public subnets and databases in private subnets', 'Charges for VPN connections and NAT gateways in the VPC are incurred based on hours provisioned and available, as well as data processing charges for data transferred through the VPN connection or NAT gateway', 'The chapter introduces the use of a NAT device to enable instances in a private subnet to connect to the Internet or other AWS services while preventing the Internet from initiating connections with the instances in the private subnet', 'The distinction between private and public IP addresses is clarified, with an emphasis on their reachability over the Internet']}