O'Reilly logo
live online training icon Live Online training

Networking in AWS

Understanding and Using Amazon VPC

Richard A. Jones

For applications deployed on Amazon EC2, the architecture begins with the network. The network is also one of the primary layers of security and Amazon VPC has several key components that provide the necessary tools for creating a secure environment, but it is the customer’s responsibility to leverage those tools appropriately. Furthermore, when it comes to balancing performance with high-availability and fault-tolerance, there are a number of principals to be aware of and techniques to follow.

In this course we will thoroughly cover the details of, and how to use Amazon VPC including “CIDR” notation, subnets, network access control lists, security groups, routing, VPN connections, VPC Peering, and much more.

By learning how to leverage the tools within Amazon VPC you will have a better architectural toolbox with which to design secure networks, and resilient systems within Amazon Web Services.

What you'll learn-and how you can apply it

Participants will understand…

  • Classless Inter-Domain Routing (CIDR) notation and how it is used within Amazon VPC
  • How routing works and when to use various gateways
  • Patterns for creating subnets for various purposes
  • The performance implications of leveraging multiple availability zones
  • How the different security mechanisms like security groups and network access control lists work together

Participants will be able to…

  • Design secure network architectures within Amazon VPC
  • Peer multiple VPCs
  • Create VPN connections

This training course is for you because...

  1. You are a solutions architect designing systems deployed to Amazon EC2
  2. You are a systems or network administrator responsible for network security
  3. You are a DevOps engineer responsible for deploying applications to Amazon EC2


  • Basic cloud computing concepts
  • Familiarity with multi-tier architectures
  • Basic networking knowledge
  • Basic Amazon Web Services knowledge including an understanding of Regions and Availability Zones

Recommend Preparation:

Amazon Web Services AWS LiveLessons (video)

About your instructor

  • Richard A. Jones is a certified AWS Solution Architect Professional and an experienced instructor having taught the IT teams of numerous Fortune 500s, and postgraduate students at the University of Colorado. Programming since age 10, Richard has spent nearly thirty years furthering his knowledge and skills of information technologies. He studied network switching systems in the U.S. Army, attained a degree in Digital Media, and has a long history of web and mobile application development. Beginning with a funded startup in 2009, Richard has dedicated nearly a decade to building secure, highly-available, cost-effective systems in Amazon Web Services, and has taught hundreds of IT professionals how to do the same. Richard holds seven AWS certifications including the Solution Architect Professional, DevOps Engineer Professional, and Advanced Networking Specialty certifications. Richard is also the Principal Solutions Architect for Cerulean Systems, a consulting firm specializing in cloud architecture, continuous delivery, and DevOps culture.


The timeframes are only estimates and may vary according to how the class is progressing

Day 1

Introductions (10min):

  • Name, role, what you hope to get out of this class
  • Lecture: Review IPv4, IPv6, and CIDR Notation (20min)
  • Primer
  • CIDR notation
  • Calculating IP ranges

Lecture: Introducing Amazon Virtual Private Cloud (VPC) (20min)

  • “Public” vs “Private”
  • Understanding Amazon VPC
  • Network as a whole
  • Leveraging multiple networks

Demo: Creating a VPC (10min)

Lecture: Subnets and Availability Zones (15min)

  • Subnets
  • Overview of subnets
  • Reserved IPs
  • Designing for Fault-Tolerance
  • Leveraging multiple availability zones

Break (10min)

Lecture: Routing (15min)

  • Routing
  • Default Routing
  • Routing to the internet

Demo: Creating Subnets and Routes for Internet Access (20min)

Lecture: Network Security (20min)

  • Network Access Control Lists (NACL)
  • NACLs apply to the subnet
  • NACLs are Stateless
  • Security Groups (SG)
  • Apply to EC2 instances
  • SGs are stateful
  • SGs can reference other SGs

Demo: Creating Network Access Control Lists and Security Groups (20min)

Quiz (20min)

Day 2

Day 1 Review (10min)

Lecture: VPC Peering (20min)

  • VPC Peering
  • Peering connections
  • IP ranges
  • Routing VPC to VPC
  • Routing single subnets to VPC peering

Demo: Peering two VPCs (20min)

Lecture: VPN (30min)

  • VPN Connections
  • Virtual gateway
  • Customer gateway
  • Downloading configurations
  • Routing to VPN
  • Beware IP range overlap

Break (10min)

Demo: Creating an AWS Hardware VPN (20min)

Lecture: Direct Connect (30min)

  • Private fiber connections

Lecture: Performance, DHCP Options, and Other Notes (20min)

  • Designing for Performance
  • Single vs Multiple AZs
  • Jumbo frames
  • Placement groups
  • DNS and DHCP Options
  • VPC internal DNS
  • Using Route53 private zones
  • DHCP options

Quiz (20min)