View
3.960
Download
5
Category
Preview:
Citation preview
WebinarAWS
2015/01/08
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
Introduction
AWS
AWS
AWS
LB
Web Web VPN
VPN
VPN
AWS
Public Subnet
Private Subnet
LB
Web Web VPN
VPN
VPN
AWS
AWS
WebinarAWSVPN
AWS
AWS
AWS http://aws.amazon.com/jp/architecture/icons/
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
AWSUS West(Northern California)
US East(Northern Virginia)
EU(Ireland)
Asia Pacific
(Singapore)
Asia Pacific(Tokyo)
GovCloud(US ITAR Region)
US West(Oregon)
South America(Sao Paulo)
AWS RegionsAWS Edge Locations
EU(Frankfurt)
2015/01/08http://aws.amazon.com/jp/about-aws/global-infrastructure/
Asia Pacific(Sydney)
China(Beijing)
(AZ)EU (Ireland)
AvailabilityZone A
AvailabilityZone C
AvailabilityZone B
Asia Pacific (Tokyo)
AvailabilityZone A
AvailabilityZone B
US West (Oregon)
AvailabilityZone A
AvailabilityZone B
US West(Northern California)
AvailabilityZone A
AvailabilityZone B
Asia Pacific (Singapore)
AvailabilityZone A
AvailabilityZone B
AWS GovCloud (US)
AvailabilityZone A
AvailabilityZone B
South America (Sao Paulo)
AvailabilityZone A
AvailabilityZone B
US East (Northern Virginia)
AvailabilityZone D
AvailabilityZone C
AvailabilityZone B
AvailabilityZone A
EU (Frankfurt)
AvailabilityZone A
AvailabilityZone B
Amazon VPC(Virtual Private Cloud) Private /1AWS AZ
VPC
Private
SubnetPublic
Subnet
NW
VPN
VPC CIDRSubnet
Subnet: 10.0.1.0/24VPC 10.0.0.0/16
WebServer
WebServer
Subnet: 10.0.2.0/24
CIDR IP Addressxxx.xxx.xxx.xxx/16 65,534xxx.xxx.xxx.xxx/20 4,094xxx.xxx.xxx.xxx/24 254xxx.xxx.xxx.xxx/28 14
VPC
Elastic Network Interfaces
EC2 VPC
ENI Private IP Elastic IP MAC
http://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/using-eni.html
Route Table
SubnetRoute Table
Public SubnetRoute Table
Private SubnetRoute Table
IGW(Internet Gateway)
VPC Peering
VPCPeering VPCPrivate IP
AWSVPCAWSVPCPeering
VPC-A -> VPC-B -> VPC-C 2Routing
ACRoutingACPeering
Amazon EC2(Elastic Compute Cloud)
1
AEC2
B
EC2
EC2
1 //
Windows, Linuxx86OS Windows
OS EC2EC2
VPC Security Group
Security Group
EC2Instance Port 22
(SSH)
Port 80(HTTP)
VPC(Inbound)EC2(Outbound) IP
AWS SDK/CLI
EC2
ManagementConsole (Web)
AWS
SDK
AWS CLI
>
REST APIVPC
AWS
WebAWS
AWShttp://aws.amazon.com/jp/register-flow/
AWShttp://aws.amazon.com/jp/getting-started/
AWSTips
AWS
AWSTophttp://aws.amazon.com/jp/
VPC
VPCDefault VPC)
Default VPC
2013124AWSVPC
VPCEC2Default VPC
AZDefaultSubnet SubnetIP
172.31.0.0/20, 172.31.16.0/20Subnet4096IP Default VPCCIDR
172.31.0.0/1665,556IP
EC2Default VPC
Default VPCSubnetDefault Subnet
Subnet
Default VPC
Public IP
Step 1: AMI(Amazon Machine Image)
Step 2:
Step 3:
Step 4:
Step 5:
Step 6:
Step 7:
Step 8:
EC2
Default VPC
Default VPCVPC
Default VPCAWS
CIDR172.31.0.0/16CIDRDefault VPC
VPC
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
VPC
Availability Zone
Availability Zone
PublicSubnet
PrivateSubnet
Internet gateway
PublicSubnet
PrivateSubnet
AZ
PublicPrivateSubnet
VPCSubnet
Step 1:VPC
Step 2: Subnet
Step 3:Internet GatewayVPC
Step 4: Route TableInternet GatewayRoute
Step 5: SubnetRoute Table
VPC
VPC
Subnet
PrivateSubnetAZPublicPrivateSubnet
Internet Gateway
Internet GatewayVPC
Route Table
Route TableInternet GatewayRoute
Route TableInternet GatewayRoute
SubnetRoute Table
SubnetRoute Table
SubnetRoute Table
VPC subnet1
VPC subnet2
VPC subnet3
Destination Target
10.0.0.0/16 local0.0.0.0 Internet
Gateway
Destination Target
10.0.0.0/16 local
Route Table A
Route Table B
VPCPublic SubnetEC2
Public Subnet
VPC
Public IP
Step 1: AMI(Amazon Machine Image)
Step 2:
Step 3:
Step 4:
Step 5:
Step 6:
Step 7:
Step 8:
VPCPublic SubnetEC2
LinuxSSH(22)WindowsRDP(3389
Step 1: AMI(Amazon Machine Image)
Step 2:
Step 3:
Step 4:
Step 5:
Step 6:
Step 7:
Step 8:
Source0.0.0.0/0IPEC2
EC2SSH
Availability Zone
Availability Zone
Public subnet
Internet gateway
Private subnet
Public subnet Private subnet
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
EC2Public IP
Public IPEC2EC2Public IP
Public IPElastic IPEC2
InternetPublic IP Elastic IP
PrivateIP
Elastic IP Elastic IP
EC2Elastic IP EC2Elastic IP Elastic IP 1Elastic IPEC2100
Elastic IP EC2IP
ELBEC2Elastic IP
Elastic IPELBEC2ID
EC2Private IP
EC2Private IP
ENI
ENI
VPC subnet
ENI
VPC subnet
Private IP: 10.0.0.10 Public IP: x.x.x.x
(OSeth0
Private IP: 10.0.1.10 Public IP: x.x.x.x
(OSeth1
10.0.0.0/24 10.0.1.0/24
ENI 1EC2ENI EC2
ENI http://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/using-
eni.html#AvailableIpPerENI
HA SMTP
ENI
VPC subnet
VPC subnet
ENI
ENI
ENI
ENI
VPC subnet
ENI
ENI
ENI
IP
ENIAZ
Subnet
VPCSubnet
SubnetNetwork Access Control(NACL)
Availability Zone
Availability Zone
Public subnet
Internet gateway
Private subnet
router
Public subnet Private subnet
NACL
VPC Security GroupNACL(Network Access Control List)
InstanceIn/Out
SubnetIn/Out
Private Subnet
Virutal Private Cloud
Private Subnet
Public Subnet
Internet gateway
WindowsRemote Desktop GatewayEC2Private SubnetEC2 WindowsRemote Desktop
Private SubnetEC2 NAT
DB AWS API
Public subnetInternet gateway
Private subnet
Destination Target
10.0.0.0/16 local0.0.0.0 Internet
Gateway
Destination Target
10.0.0.0/16 local0.0.0.0 i-xxxxx
(NATID)
VPNInternet GatewayRouting
NAT
1. NATEC2Public Subnet
2. NATEC2SrcDestCheck
EC2
3. Private SubnetRoute Table
EC2amzn-ami-vpc-natAMI
Destination Target
0.0.0.0 i-xxxxx(NATID
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
VPC
VPC2 IPSec VPN AWS Direct Connect
EC2VPNVPN
VPCVPN
1Customer GatewayVPC
2VPN Customer GatewayBGP BGPVPN
VPNRouting
VPCVPN
Step 1: Customer Gateway
Step 2: VPCVirtual Private Gateway (VGW)VPC
Step 3: VPCCustomer Gateway
Step 4: VPC Connection
Step 7: SubnetRoute TableVGWRouting
VPC
Step 5: Customer GatewayConfig
Step 6: VPN ConnectionUP
Step 1: VPCVPNCustomer Gateway VPCVPNCustomer Gateway
Astaro Security Gateway 8.3 Astaro Security Gateway Essential Firewall Edition 8.3 Cisco ISRIOS 12.4 Dell Sonicwall Fortinet Fortigate 40+ FortiOS 4.0 Juniper J JunOS 9.5 Juniper SRX JunOS 9.5 ScreenOS 6.1 6.2 Juniper SSG ScreenOS 6.1 6.2 Juniper ISG Palo Alto Networks PA PANOS 4.1.2 Vyatta Network OS 6.5 RTX1200
http://aws.amazon.com/jp/vpc/faqs/
Step 2: Virtual Private Gateway(VGW)VPC
Step 3: Customer Gateway
Step 4: VPN Connection
Step 5: Customer GatewayConfigCustomer Gateway
Step 6:VPN ConnectionUP
Step 7: VPCSubnetRoute TableVGWRouting
VPN http://adsj-contents.s3.amazonaws.com/misc/VPNConnectionInstruction-
20141225.pdf
VPN
AWS
virtual private cloud
VPC private subnet
App
LAN
virtual private gateway
customer gateway
VPN connection
users
Internet GatewayRouting
VPN
Customer GatewayVPNVPN Customer Gateway
1VPC10VPN 102
AWSVPN EC2VPN
AWSVPN10
virtual private cloud corporate data center
virtual private gateway
customer gateway
VPN connection
N
customer gateway
EC2VPNVPN
virtual private cloud
VPC public subnet
VPN
VPN
VPN
VPNN
VPN
NVyatta
VPC
AWS Direct Connect
AWS Direct Connect http://adsj-contents.s3.amazonaws.com/meister-
re%3AGenerate/20130904_AWS-Meister-reGenerate-VPC-DXVPN.pdf
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
PublicPrivateSubnetEC2 Public SubnetPrivate Subnet
Public SubnetEC2
Public SubnetEC2NACL
(NAT
NACL
AWSAPI
S3 DynamoDB
AWS AWSAPINAT
NAT EC2ELBRDSVPC
virtual private cloud
VPC subnet
RDS DB instance
RDS DB instance standby
(Multi-AZ)
EC2instances
Elastic LoadBalancing
ElastiCachenode
Amazon S3
AmazonDynamoDB
AmazonSimple Queue
Service
Internet gateway
Private SubnetEC2
NAT
VPN/Internet Gateway
Web
LBPublic Subnet DB
2
VPC
VPCVPC Peering VPC-A -> VPC-B -> VPC-C2
AWS
AWSAWSAWS
VPC SubnetNACL AWS
AWS
Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC
VPCAWS
AZ
IPRouting
VPNRoutingIP
Q&A
AWS
http://aws.amazon.com/jp/register-flow/
AWS Blackbelt Amazon VPC http://www.slideshare.net/AmazonWebServicesJapan/aws-black-belt-tech-amazon-vpc
Amazon VPC VPN http://adsj-contents.s3.amazonaws.com/misc/VPNConnectionInstruction-20141225.pdf
Amazon Virtual Private Cloud http://docs.aws.amazon.com/ja_jp/AmazonVPC/latest/UserGuide/VPC_Introduction.html
AWS http://aws.amazon.com/jp/aws-jp-introduction/
AWS http://aws.amazon.com/jp/solutions/case-studies-jp/
AWS
aws.amazon.com/training
Twitter/FacebookAWS
@awscloud_jp
http://on.fb.me/1vR8yWm
AWS AWShttps://aws.amazon.com/jp/contact-us/aws-sales/
Recommended