AWS: Services & Architecture
by Sergey Okinchuk
TimestreamVPC

Chapter Four

Networking & Content Delivery

VPC is the network every other AWS service runs inside, and the rest of this chapter builds outward from it — to the edge, across Regions, and back to your data center. Networking mistakes are the ones you cannot fix without renumbering.

8 services

Core Terminology

A few terms recur across this chapter. Defining them here keeps the service sections focused.

CIDR Block
The IP address range of a VPC or subnet, written like 10.0.0.0/16. Overlapping ranges block peering later and cannot be changed in place.
Subnet
A slice of a VPC's address range, tied to one Availability Zone. Public subnets route to an internet gateway; private ones do not.
Internet / NAT Gateway
An internet gateway gives a subnet inbound and outbound public access; a NAT gateway lets private instances reach out without being reachable.
Security Group vs NACL
Security groups are stateful, per-instance allow rules; network ACLs are stateless, per-subnet allow/deny rules. Both apply.
Edge Location
A CloudFront / Route 53 point of presence close to users, separate from Regions, where content is cached and DNS is answered.

Services in This Chapter

Service 24
Amazon VPC
Your private virtual network in AWS — subnets, route tables, gateways, and security groups. The foundation every other service runs inside.
NetworkingCore
Service 25
Amazon Route 53
Managed DNS and domain registration with health checks and latency-, geo-, and weighted routing. The traffic director at the edge of your system.
NetworkingDNS
Service 26
Amazon CloudFront
Global CDN. Caches and serves content from hundreds of edge locations, cutting latency and origin load — and the front door for AWS WAF and TLS.
NetworkingCDN
Service 27
Amazon API Gateway
Managed front door for APIs — throttling, auth, request validation, and Lambda or HTTP integration. The serverless API tier.
NetworkingAPI
Service 28
Elastic Load Balancing
Application, Network, and Gateway load balancers. Distributes traffic across targets and is the integration point for autoscaling and health checks.
NetworkingLoad Balancer
Service 29
AWS Direct Connect
A dedicated physical network link between your data center and AWS — consistent bandwidth and lower latency than VPN over the public internet.
NetworkingHybrid
Service 30
AWS Transit Gateway
A cloud router that connects many VPCs and on-prem networks through one hub, replacing a tangle of point-to-point peering connections.
NetworkingHybrid
Service 31
AWS PrivateLink
Private connectivity to services across VPC boundaries without exposing traffic to the internet — the way to consume SaaS and AWS services privately.
NetworkingPrivate