Day 22: 𝐕𝐏𝐂 𝐏𝐞𝐞𝐫𝐢𝐧𝐠 / 𝐕𝐏𝐂 𝐄𝐧𝐝𝐩𝐨𝐢𝐧𝐭𝐬/ 𝐕𝐏𝐂 𝐅𝐥𝐨𝐰 𝐋𝐨𝐠𝐬:

👉 VPC Peering connect two VPCs using AWS network

👉 Endpoints to connect to AWS services using a private network instead of using the public Internet

👉 Flow Logs Capture information about IP traffic going into our interfaces

VPC Peering:

• Overview: Virtual Private Cloud (VPC) peering is a mechanism in Amazon Web Services (AWS) that allows the connection of two Virtual Private Clouds as if they are on the same network. This enables resources in different VPCs to communicate with each other as if they are within the same network.

Key Points:

• Private Connectivity: VPC peering provides private connectivity between instances in the peered VPCs. The communication does not traverse the public Internet.
• Transitive Peering: If VPC A is peered with VPC B, and VPC B is peered with VPC C, then VPC A can communicate with VPC C through the transitive peering relationship.
• Non-overlapping CIDR Blocks: The CIDR blocks of the VPCs must not overlap, ensuring unique IP address spaces.

Use Cases:

• Multi-Tier Applications: You can deploy multi-tier applications across different VPCs, with each tier in a separate VPC.
• Resource Isolation: VPC peering allows you to isolate resources or environments for security or organizational purposes.

Configuration:

• VPC peering is configured through the AWS Management Console, AWS CLI, or SDKs.
• The owner of each VPC must accept the peering connection request for the peering to be established.

Endpoints:

Overview: AWS offers VPC endpoints to allow secure and private communication between resources in your VPC and AWS services without requiring internet access. This enhances security by eliminating exposure to the public internet and reduces data transfer costs.

Types of Endpoints:

• Gateway Endpoints: Used for connecting to AWS services like Amazon S3 and DynamoDB.
• Interface Endpoints: Used for connecting to AWS services using private IP addresses. Examples include connecting to AWS Systems Manager, AWS CloudWatch, and others.

Benefits:

• Security: Communication occurs within the AWS network, eliminating exposure to the public internet and enhancing security.
• Reduced Data Transfer Costs: Since the traffic stays within the AWS network, data transfer costs are often lower compared to using the public internet.

Configuration:

• Endpoints are created and configured through the AWS Management Console, AWS CLI, or SDKs.
• You associate an endpoint with your VPC, and it allows your instances to communicate with the specified AWS service.

Flow Logs:

Overview: VPC Flow Logs capture information about the IP traffic going into and out of network interfaces in your VPC. This data can be used for various purposes, including security analysis, monitoring, and troubleshooting.

• Key Information Captured:
• Source and destination IP addresses
• Source and destination ports
• Protocol
• Packet and byte counts
• Action (ACCEPT or REJECT)

Use Cases:

• Security Analysis: Detect and investigate unusual traffic patterns.
• Compliance: Fulfill regulatory requirements by logging and analyzing network traffic.
• Troubleshooting: Diagnose connectivity issues by analyzing flow log data.

Configuration:

• Flow Logs are configured at the subnet or VPC level.
• Logs can be stored in Amazon CloudWatch Logs or Amazon S3 for further analysis.