AWS Networking Fundamentals πŸ“™


Hi Reader πŸ‘‹πŸ½

Welcome to our latest newsletter, where we explore the fundamentals of AWS networking.

Before we jump into the content, a question to get you started: What's Amazon's biggest customer on AWS? πŸ₯ Maybe you already know, but if not, the answer is on the end of the issue.

Whether you're new to AWS or a seasoned pro, understanding the ins and outs of networking is crucial for building reliable and scalable applications. In this edition, we'll cover the basics of VPC, Route 53, API Gateway, and CloudFront, and how they work together to create a robust network infrastructure.

AWS has come a long way since its inception, and we'll show you how to leverage its powerful networking tools to build modern applications that can handle even the heaviest traffic.

So, grab a cup of coffee and let's dive into the world of AWS networking! β˜•οΈ

Why Networking Fundamentals are Essential

It’s important to understand the fundamental principles of modern networking infrastructure. They provide the foundation for communication and data transfer between different components and services of our applications. A well-designed network infrastructure is essential for ensuring that an application is highly available, secure, and scalable.

​

AWS API Gateway

AWS API Gateway is a fully managed service for creating, deploying, and managing APIs. It allows you to create RESTful and WebSocket APIs. It also comes with advanced features such as authentication, caching, and monitoring which don’t require you to write much or any code.

REST, HTTP, and WebSockets

AWS API Gateway offers three different options, each with unique features and pricing. Here’s a quick overview:

  • REST - a flexible gateway type that utilizes HTTP resources and methods to map to other AWS services, such as Lambda. This option is ideal for those looking to simplify tasks like request validation and data transformations without writing code.
  • HTTP - similar to REST, but with a reduced set of features. This option is more cost-effective and easier to set up, making it a popular choice for Serverless applications.
  • WebSockets - designed for real-time applications using the publish/subscribe pattern. This option allows for message pushing through open communication channels in both directions, with AWS API Gateway handling the connection management.

Choosing the right gateway ultimately depends on your specific requirements.

API Gateway is more than just an HTTP mediator. It’s a valuable and feature-packed front door to your application ecosystem, with minimal errors.

When it comes to REST or HTTP gateways, an API consists of programmable resources that can map to one or multiple HTTP methods and a specific or wildcard path that covers a set of paths.

Each resource must be connected to an integration endpoint, which can be a Lambda function or any HTTP-speaking endpoint. You can choose to forward the request as-is or apply transformations that modify the request to match the backend’s expectations, including validations. After receiving the response from the integration, you can apply response transformations before returning it to the client.

Here’s a summary of the core capabilities that will be explored in detail in the following paragraphs:

  • Endpoint creation - setting up an API and configuring HTTP routes and methods
  • Access Control - authenticating and authorizing requests to protect your APIs and allow secure multi-tenant usage of your application.
  • Integrations - integrating your API method with a backend.
  • Request Validation - validating your request before sending it to your destination and saving boilerplate code at your backends.
  • Data Transformations - applying data mapping templates to automatically convert request data to expected inputs.
  • Gateway Responses - applying mappings to convert outputs to expected responses.
  • CORS - setting up cross-domain rules to allow integration of your API endpoints in different web touchpoints.
  • Deploying APIs - deploying your APIs to the internet.
  • Caching - caching requests to lower latencies.
  • Monitoring - tracking requests to your API endpoints.

AWS API Gateway is considered a core service of AWS because it provides a crucial layer for managing and securing APIs that are used to access AWS services and resources. It acts as a front door for applications to access AWS resources and services, allowing developers to create, publish, and manage APIs with ease.

Amazon Route 53

Amazon Route 53 is a highly available and scalable Domain Name System web service. It allows you to register domain names and route internet traffic to your application. Its advanced features enable you to build applications that are available around the globe with low latency and can automatically deal with outages via failovers.

Route 53 is not just a simple Domain Name Service because it comes with advanced features that allow for traffic management and routing policies.

The different routing policies in Route 53 are:

  1. Simple Routing Policy - maps a domain name to a single resource, such as an IP address or an instance ID.
  2. Weighted Routing Policy - routes traffic to different resources based on assigned weights.
  3. Latency-Based Routing Policy - routes traffic to the resource with the lowest latency based on the user’s geographic location.
  4. Failover Routing Policy - routes traffic to a secondary resource when the primary resource is unavailable.
  5. Geolocation Routing Policy - routes traffic based on user’s geographic location.

Each routing policy allows for more advanced traffic management and can be used to optimize application performance, improve availability, and provide a better user experience.

Amazon Route 53 enables the creation of a highly resilient multi-region setup that offers fast responses through latency-based routing and automated failovers in case one region experiences issues.

Amazon VPC

Amazon VPC provides a logically isolated section of the AWS Cloud where you can launch resources in a virtual network. It provides you control over your virtual networking environment, including the selection of your own IP address range, the creation of subnets, and the configuration of route tables and network gateways. You’re able to create distinct network subnets for private components to isolate them from the internet or other resources and strictly define how they can communicate with each other.

Amazon VPC comes with a large set of features that are essential to understand and implement to build a secure ecosystem on AWS:

  1. Security Groups - act as virtual firewalls that control inbound and outbound traffic at the instance level. They allow users to specify which protocols, ports, and IP addresses are allowed to communicate with their instances.
  2. Network Access Control Lists (NACLs) - act as virtual firewalls that control traffic at the subnet level. They allow users to specify which protocols, ports, and IP addresses are allowed to communicate with their subnets.
  3. Public and Private Subnets - allow users to partition their VPC into smaller, more manageable networks. Public subnets are accessible from the internet, while private subnets are not.

Amazon VPC is considered one of AWS’ core services because it provides users with a secure and isolated environment in which to run their applications and services. It allows users to customize their network topology, configure IP addresses, and control inbound and outbound traffic using security groups and NACLs.

In the example provided, our application is running on Fargate tasks that are isolated from the database in their private subnets. Amazon VPC allows us to create customized network rules that specify which resources can communicate with each other and/or the internet.

Amazon CloudFront

Amazon CloudFront is a content delivery network (CDN) that securely delivers data, videos, applications, and APIs to customers globally with low latency, and high transfer speeds, all within a developer-friendly environment.

CloudFront's feature set is huge:

  1. A Global Edge Network - CloudFront has a global network of edge locations that cache and deliver content to users from the nearest location, reducing latency and improving performance.
  2. Customizable Origin Settings - CloudFront allows users to customize origin settings for their applications, including origin protocols, headers, and query strings.
  3. Security Features - CloudFront offers various security features, such as SSL/TLS encryption, AWS WAF integration, and field-level encryption, to protect content and applications from attacks.
  4. Real-Time Analytics - CloudFront provides real-time analytics on user requests, traffic, and content delivery, allowing users to monitor and optimize their applications for better performance.
  5. Edge-Computing - CloudFront comes with Lambda@Edge and CloudFront functions, which allows you to run code on the edge.

​

In the example provided, we are using a CloudFront function to redirect to different applications based on a cookie sent with the request. This is just one simple but powerful example of the many use cases for edge computing.

​

That's it for this issue! ⭐️

We hope you have a wonderful & successful week!

Sandro & Tobi πŸ‘‹

​

P.S: the biggest customer is Netflix! 🍿 There are no official numbers, but their monthly spendings are at least seven figures. πŸ’Έ


Interested in more? Have a read about how to build a multi-region Serverless application with latency-based routing & failover! ✍️

AWS for the Real World

Join our community of over 8,800 readers delving into AWS. We highlight real-world best practices through easy-to-understand visualizations and one-pagers. Expect a fresh newsletter edition every two weeks.

Read more from AWS for the Real World

Hey Reader First things first: we apologize for not providing updates on The CloudWatch Book for a while! 😒 Sometimes, things don't go as planned and unexpected obstacles arise. But now, we're back in action, creating videos and putting the final touches on the book's content! πŸŽ₯ Don't just take our word for it! As an early subscriber, here's a free video from one of our favorite chapters: Anomaly Detection πŸ› In this deep-dive, you'll learn how to detect unusual patterns in metrics without...

βŒ› Reading time: 11.5 minutes πŸŽ“ Main Learning: Host Web Applications on AWS with the CloudFront Hosting Toolkit πŸ‘¨πŸ½πŸ’» GitHub Code πŸ“ Blog Post Hey Reader πŸ‘‹πŸ½ Happy New Week! I (Sandro) will attend the Serverless Days in Milano next week where Jeremy Daley will hold the keynote. I look forward to meeting many of you and the overall AWS community. This week's newsletter is all about hosting your frontend on AWS. AWS launched a new way of deploying your frontend to it: The CloudFront Hosting Toolkit....

βŒ› Reading time: 7 minutes πŸŽ“ Main Learning: Visual Regression Testing with AWS CloudWatch Synthetics πŸ‘¨πŸ½πŸ’» GitHub Code πŸ“ Blog Post Hey Reader Keeping your website running smoothly is important.It's also important to keep an eye on its visual appearance and that it doesn't change due to an unwanted change. AWS CloudWatch Synthetic Canaries is a tool that helps you check on your websites (and APIs!) to make sure it’s working well and look as expected. In this newsletter, we’re going to show you...