Tips and tricks AWS Solutions Architect Associate #14

ByChristophe

VPC & Networking

  • VPC Sharing: Plusieurs comptes partagent le même VPC pour réduire duplication et coûts.

  • Private IP ranges (RFC1918):

    • 10.0.0.0/8

    • 172.16.0.0 – 172.31.255.255 (/12)

    • 192.168.0.0/16

  • Elastic IP: IP publique fixe attachée à une ressource (ex: EC2).

  • Instance Connect: Se connecter à une instance EC2 depuis la console (SSH intégré).

VPC Endpoints

  • Interface Endpoint:

    • Uses ENI (Elastic Network Interface) in your subnet.

    • For services like EC2, SSM, etc.

    • Paid.

  • Gateway Endpoint:

    • For S3 & DynamoDB.

    • Free.

    • Requires route table update in the same VPC.

Transfer Family

  • Managed FTP / SFTP / FTPS to move files in/out of AWS securely (typically to S3).

DNS & Routing

  • A Record: IPv4.

  • AAAA Record: IPv6.

  • CNAME: Alias to another domain.

  • Alias (Route 53): AWS-specific record pointing directly to AWS resources (e.g., ALB, S3, CloudFront).

Other Services

  • Redshift Enhanced VPC Routing: Forces all COPY/UNLOAD traffic through VPC endpoints (instead of public internet).

  • EFA (Elastic Fabric Adapter): High-performance network interface for HPC (High Performance Computing) & tightly coupled workloads (e.g., MPI).

In short:

  • VPC sharing optimizes multi-account setups.

  • VPC endpoints (interface vs gateway) give private access to AWS services without going through Internet.

  • Transfer Family offers managed file transfer (FTP/SFTP).

  • DNS in Route 53 supports standard + AWS-specific alias records.

  • Elastic IPs & EFA extend networking from basic static IPs to HPC-grade performance.

Similar Posts

Tips and tricks AWS Solutions Architect Associate #9

ByChristophe

User Pool: Provides built-in user management and authentication extensions. Identity Pool: Issues credentials and ephemeral identities for accessing AWS services. User Groups: Belonging to a group is optional. IAM Policy: Defined by version, ID, statement (with ID, effect, principal, action, resource). Certificate: Managed via AWS Certificate Manager. Cognito: Supports federated users (e.g., social or enterprise…

Tips and tricks AWS Solutions Architect Associate #3

ByChristophe

Cloud Front   CloudFront Functions These two types of functions can be executed during the processing of incoming or outgoing requests in AWS, and are integrated within CloudFront. cloud functions javascript < 1 ms cache key header rewrite no access to resource like subnet, database lambda edge functions change request and response 5-10s access to…

Tips and tricks AWS Solutions Architect Associate #10

ByChristophe

inesis (KDS, Firehose, Analytics) Kinesis Data Streams (KDS): Real-time data streaming; replayable up to 7 days. Kinesis Firehose: Delivers streaming data to S3, Redshift, or HTTP endpoints (fully managed, no storage). Kinesis Data Analytics: Real-time (RT) analytics on streaming data. EventBridge: Event bus that integrates AWS services with third-party apps. Autoscaling: Adjusts shard capacity automatically….

|

Solution Architect handbook

ByChristophe

One of a the best book about Solution Architecture AWS oriented. AWS Solution Architect Handbook  1. Core Concepts Global Infrastructure: Regions, Availability Zones (AZs), Edge Locations. Shared Responsibility Model: AWS → Security of the cloud (infra, services). Customer → Security in the cloud (data, IAM, configs). Well-Architected Framework → 6 Pillars: Operational Excellence Security Reliability…

Leave a Reply

Your email address will not be published. Required fields are marked *