1,234
edits
Changes
→AWS Networking
== Security ==
'''You're working on the real inetnet now!''' In many previous courses you were working in VMs on your virtual machines, on private networks, where attackers couldn't get to your servers even if they were super-dedicated and qualified. That is not the case in this course. Now an attacker doesn't even need to know who you are and they can take over your server.
The VMs and networks you create in this course are likely to be accessible by anyone on the planet. That means you ''have to'' think of security.
This is not a security course, but you should be able to understand that different parts of your system are susceptible to different types of attacks. The more components you configure with security in mind: the less likely you are to become a victim of an attack.
= VPC =
The general idea of '''cloud''' is that your servers and services are not physically located on the premises of your business, but somewhere else. Typically wherever you can rent cheaper computers. Cloud providers have the advantage of economies of scale and the great flexibility of resource assignment. When you're not using some component: someone else will pay to use it. So hardware isn't sitting idle getting old and wasting electricity.
VPC stands for '''Virtual Private Cloud'''. That means the resources you're using are not dedicated to you, but they are separated from other users by software configuration. For all but the most high-value targets that's secure enough.
Inside your private cloud you can have networks, file storage, compute (processing VMs), databases, etc.
Access to your resources from the outside is available through an '''Internet Gateway''', which does port forwarding. It is used even if your VMs have public IP addresses. That is done in order to simplify securing your resources.
If your software uses any resources from outside your AWS VPC: those will also connect via the Internet Gateway.
= Subnets =
* VPCs, subnets