Before March 2023 I couldn’t for the life of me understand what was going on in the AWS VPC dashboard. I mean, look at the length of the scrolling bar on the left-hand panel!
So, with the goal of figuring out the various resources involved in networking, I read (most of) this book: AWS Networking Fundamentals, by Toni Pasanen.
My first thought after finishing it was this: there’s so many resources involved because there’s a lot of types of connections you can have. AWS account to on-premise, account to account, VPC to VPC, subnet to subnet, VPC to internet, VPC to specific AWS services…
So anyway, I made this mind map to link all pieces together (Lucidchart link):
Let me know if you find it useful and/or if you find any errors!
Just Another Software Developer 
[…] Fonte: https://miparnisariblog.wordpress.com/2023/03/29/aws-networking-concepts/ […]
LikeLike
Hi! Nice diagram, take a look at ENIs. They are the basis for at least a few things and maybe more. But security groups are technically assigned to an ENI, which becomes apparent when you put more than one ENI on a host (the first is sort of built-in). Cheers!
LikeLike
[…] この記事はHackerNewsに掲載された下記の記事およびそれに対するHackerNews上のコメントを元に作成されています。AWS networking concepts in a diagram […]
LikeLike
Great stuff!
Can you share it as text as well (dot, mermaid etc)? Or maybe a link to a repo?
LikeLike
Yes! I added the link to the Lucidchart, from that you should be able to export to various formats.
LikeLike
Just a small correction, that might be useful if someone is studying to get a certification.
An AZ is made up of one or more physical datacenters. It is NOT a standalone datacenter.
LikeLike
This is really good, and I love it.
It’s already tangled, but I think you could find room for some additional NACL/security group nuances:
– NACL {allows} IP:port / {blocks} IP:port
– NACL {allows} CIDR range / {blocks} CIDR range:port
– Security group {allows} IP:port
– Security group {allows} IP:port
– Security group {may be source/target} of security group
LikeLike
Good one, thanks. Looks like you made it to Hacker News top page.
It’s hard to visualize the image though, it’s small and even “zooming” on source page https://miparnisariblog.files.wordpress.com/2023/03/aws-networking-1.png does not work as it’s in fact loading an HTML page and not a PNG.
Maybe a link for direct download?
LikeLike
Hi, thanks for your comment! I added the link to the Lucidchart source and the image itself is now a link. Let me know if it helps!
LikeLike
Maybe add ALBs, and mention that ELBs still exist?
LikeLike
Hello,
It seems interesting, too bad there is no way to increase the schema size because on my computer it is unreadable ;).
But thx anyway
LikeLike
Hi, thanks for your comment! I posted a link to the source Lucidchart and the image is now a link. Let me know if now it’s better!
LikeLike
You should make the image a link that points to the file (https://miparnisariblog.files.wordpress.com/2023/03/aws-networking-1.png) so people can view the file at file size
LikeLike
Done, thanks! Let me know if you can see it properly now!
LikeLike
Public NAT gateways allow incoming internet connections?
LikeLike
[…] Read More […]
LikeLike
Where does Route 53 fit into this?
LikeLike
I actually have no idea! Never used route 53
LikeLike