AWS

AWS Global Infrastructure

• AWS Global Cloud - A single global cloud, is made up of devices and Services in many regions.

• AWS Region - A physical location around the world where Amazon have equipment(devices and services) in data centers.

  • 一个 Region 在一个地址位置区域

  • 一个 Region 包括多个、相互隔离、地址位置分开的 Availability Zone。

• Availability Zone(AZ) - A group of data centers in a region, each AZ has independent power, cooling, and physical security and is connected via multiple physical networks.

  • 设计并部署应用到多个 AZ，可以实现应用的容错及高可以用

• Virtual Private Cloud(VPC) - A logically isolated virtual private network that exists within AWS cloud.

  • VPC 上可以定义 IP 地址的区间（space）。

  • A VPC spans all the AZ in the region.

  • 只有创建了 VPC，才可以在一个 AZ 中添加一个或多个Subnet。

  • There is a quota on the number of IPv4 CIDR blocks you can associate with a VPC(current 5),it can request an increase up to a maximum of 50.

• Subnet - A subnet is a section of VPC’s IP range where you can place a group of resource.

  • A subnet must be reside within a single AZ。

  • 和数据中心或家庭内子网类似

  • The maximum subnet size is /16 CIDR block(65536 IPs)

• Elastic Network Interfaces(ENI) - A logical networking component in a VPC that represents a virtual network card.

  • 类似数据中心服务器上的网卡

  • It includes a primary private IP Address, and one or more secondary ip address

  • It has a MAC address

  • It placed in a security group in a VPC, 这个 security group 用来限制 workload 是否可以流出或者流入。

  • ENI is bandwidth constrained

• Security Group, Network ACL, Access Control Lists

  • 在 Subnet 级别可用通过Security Group, Network ACL, Access Control Lists一起限制出入Subnet的流量

  • Network ACL can used to to set Allow or Deny rules, Network ACL 不会过滤Subnet内部实例之间的网路流量

  • Network ACL perform stateless filtering, Security Group perform stateful filtering