3.4 AWS Networking and Content Delivery
Key Takeaways
- Amazon VPC lets you create an isolated virtual network in the cloud with complete control over IP addressing, subnets, routing, and security.
- Amazon CloudFront is a global CDN that caches content at edge locations worldwide for low-latency delivery to end users.
- Amazon Route 53 is a highly available DNS service that routes users to applications with domain registration, DNS routing, and health checking.
- Elastic Load Balancing distributes incoming traffic across multiple targets (EC2, containers, Lambda) in one or more AZs.
- AWS Direct Connect provides a dedicated private network connection from on-premises to AWS, bypassing the public internet.
AWS Networking and Content Delivery
Amazon VPC (Virtual Private Cloud)
Amazon VPC allows you to launch AWS resources in a logically isolated virtual network that you define. You have complete control over the networking environment.
VPC Components
| Component | Purpose |
|---|---|
| Subnets | Segment the VPC into public and private sections within AZs |
| Route Tables | Control where network traffic is directed |
| Internet Gateway (IGW) | Allow communication between VPC resources and the internet |
| NAT Gateway | Allow private subnet resources to access the internet (outbound only) |
| VPC Endpoints | Private connections from VPC to AWS services without using the internet |
| VPC Peering | Connect two VPCs privately |
| Transit Gateway | Central hub connecting multiple VPCs and on-premises networks |
| VPN Gateway | VPN connection endpoint in the VPC |
VPC Endpoint Types
| Type | Description | Example |
|---|---|---|
| Gateway Endpoint | Free; used for S3 and DynamoDB | EC2 in private subnet accesses S3 without internet |
| Interface Endpoint (PrivateLink) | Uses ENI with private IP; for most other services | Private access to CloudWatch, SNS, SQS |
Amazon CloudFront (CDN)
Amazon CloudFront is a content delivery network (CDN) that caches content at 600+ edge locations worldwide for fast delivery.
| Feature | Detail |
|---|---|
| Edge Locations | 600+ globally |
| Origins | S3 buckets, EC2, ALB, custom HTTP servers |
| Content Types | Static (images, CSS, JS), dynamic (APIs), video streaming |
| Security | Integration with AWS WAF, Shield, ACM for HTTPS |
| DDoS Protection | Shield Standard automatic protection |
When to use CloudFront:
- Accelerating static/dynamic website delivery
- Streaming video content globally
- Serving APIs with low latency
- Distributing software downloads
On the Exam: CloudFront = CDN = low-latency global content delivery using edge locations. If a question mentions reducing latency for global users or caching content, think CloudFront.
Amazon Route 53 (DNS)
Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.
Route 53 Capabilities
| Capability | Description |
|---|---|
| Domain Registration | Register and manage domain names |
| DNS Routing | Route users to the best endpoint |
| Health Checking | Monitor endpoint health and route away from unhealthy resources |
Routing Policies
| Policy | Description | Use Case |
|---|---|---|
| Simple | Route to a single resource | Single-server website |
| Weighted | Route based on assigned weights | A/B testing, gradual migration |
| Latency-based | Route to the Region with lowest latency | Global applications |
| Failover | Route to backup when primary is unhealthy | Disaster recovery |
| Geolocation | Route based on user's geographic location | Content localization, compliance |
| Geoproximity | Route based on resource location and optional bias | Fine-tuned geographic routing |
| Multi-value answer | Return multiple healthy records | Simple load balancing |
Elastic Load Balancing (ELB)
Elastic Load Balancing automatically distributes incoming traffic across multiple targets in one or more AZs.
ELB Types
| Type | Layer | Best For |
|---|---|---|
| Application Load Balancer (ALB) | Layer 7 (HTTP/HTTPS) | Web applications, microservices, path-based routing |
| Network Load Balancer (NLB) | Layer 4 (TCP/UDP) | Ultra-high performance, static IP, low latency |
| Gateway Load Balancer (GWLB) | Layer 3 (IP) | Third-party virtual appliances (firewalls, IDS) |
On the Exam: ALB = HTTP/HTTPS/web applications. NLB = TCP/UDP/extreme performance. GWLB = virtual appliances.
Connectivity Services
AWS Direct Connect
A dedicated private network connection from on-premises to AWS. Does NOT use the public internet.
| Feature | Detail |
|---|---|
| Bandwidth | 1 Gbps to 100 Gbps |
| Latency | Consistent, lower than internet-based connections |
| Security | Private connection (not encrypted by default — add VPN for encryption) |
| Use Case | Large data transfers, hybrid cloud, regulatory requirements |
AWS VPN
An encrypted connection over the public internet between on-premises and AWS.
| Feature | Detail |
|---|---|
| Site-to-Site VPN | Connect on-premises network to VPC over IPSec tunnel |
| Client VPN | Individual users connect to AWS resources |
| Quick Setup | Minutes vs. weeks for Direct Connect |
| Cost | Lower than Direct Connect |
AWS Transit Gateway
A central hub that connects multiple VPCs, on-premises networks, and VPN connections. Simplifies complex networking topologies.
AWS Global Accelerator
Routes traffic through the AWS global network (not the public internet) to the optimal endpoint for better performance. Provides static IP addresses that act as a fixed entry point.
| Service | Best For |
|---|---|
| Direct Connect | Dedicated private connection, large/consistent bandwidth |
| VPN | Quick, encrypted connection over internet |
| Transit Gateway | Connecting many VPCs and on-premises networks |
| Global Accelerator | Improving performance via AWS backbone network |
| CloudFront | Caching content at edge for low-latency delivery |
Which AWS service is a global content delivery network (CDN) that caches content at edge locations?
A company needs a dedicated, private network connection from their on-premises data center to AWS that does NOT use the public internet. Which service should they use?
Which type of Elastic Load Balancer operates at Layer 7 (HTTP/HTTPS) and supports path-based routing?
What is the purpose of a VPC Endpoint?