初心者向けWebinar AWS上でのネットワーク構築

WebinarAWS

2015/01/08

Introduction AWS Amazon Virtual Private Cloud(VPC) Tips VPC

Introduction

AWS

AWS

LB

Web Web VPN

VPN

VPN

AWS

Public Subnet

Private Subnet

LB

Web Web VPN

VPN

VPN

AWS

AWS

WebinarAWSVPN

AWS

AWS

AWS http://aws.amazon.com/jp/architecture/icons/

AWSUS West(Northern California)

US East(Northern Virginia)

EU(Ireland)

Asia Pacific

(Singapore)

Asia Pacific(Tokyo)

GovCloud(US ITAR Region)

US West(Oregon)

South America(Sao Paulo)

AWS RegionsAWS Edge Locations

EU(Frankfurt)

2015/01/08http://aws.amazon.com/jp/about-aws/global-infrastructure/

Asia Pacific(Sydney)

China(Beijing)

(AZ)EU (Ireland)

AvailabilityZone A

AvailabilityZone C

AvailabilityZone B

Asia Pacific (Tokyo)

AvailabilityZone A

AvailabilityZone B

US West (Oregon)

AvailabilityZone A

AvailabilityZone B

US West(Northern California)

AvailabilityZone A

AvailabilityZone B

Asia Pacific (Singapore)

AvailabilityZone A

AvailabilityZone B

AWS GovCloud (US)

AvailabilityZone A

AvailabilityZone B

South America (Sao Paulo)

AvailabilityZone A

AvailabilityZone B

US East (Northern Virginia)

AvailabilityZone D

AvailabilityZone C

AvailabilityZone B

AvailabilityZone A

EU (Frankfurt)

AvailabilityZone A

AvailabilityZone B

Amazon VPC(Virtual Private Cloud) Private /1AWS AZ

VPC

Private

SubnetPublic

Subnet

NW

VPN

VPC CIDRSubnet

Subnet: 10.0.1.0/24VPC 10.0.0.0/16

WebServer

WebServer

Subnet: 10.0.2.0/24

CIDR IP Addressxxx.xxx.xxx.xxx/16 65,534xxx.xxx.xxx.xxx/20 4,094xxx.xxx.xxx.xxx/24 254xxx.xxx.xxx.xxx/28 14

VPC

Elastic Network Interfaces

EC2 VPC

ENI Private IP Elastic IP MAC

http://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/using-eni.html

Route Table

SubnetRoute Table

Public SubnetRoute Table

Private SubnetRoute Table

IGW(Internet Gateway)

VPC Peering

VPCPeering VPCPrivate IP

AWSVPCAWSVPCPeering

VPC-A -> VPC-B -> VPC-C 2Routing

ACRoutingACPeering

Amazon EC2(Elastic Compute Cloud)

1

AEC2

B

EC2

EC2

1 //

Windows, Linuxx86OS Windows

OS EC2EC2

VPC Security Group

Security Group

EC2Instance Port 22

(SSH)

Port 80(HTTP)

VPC(Inbound)EC2(Outbound) IP

AWS SDK/CLI

EC2

ManagementConsole (Web)

AWS

SDK

AWS CLI

>

REST APIVPC

AWS

WebAWS

AWShttp://aws.amazon.com/jp/register-flow/

AWShttp://aws.amazon.com/jp/getting-started/

AWSTips

AWS

AWSTophttp://aws.amazon.com/jp/

VPC

VPCDefault VPC)

Default VPC

2013124AWSVPC

VPCEC2Default VPC

AZDefaultSubnet SubnetIP

172.31.0.0/20, 172.31.16.0/20Subnet4096IP Default VPCCIDR

172.31.0.0/1665,556IP

EC2Default VPC

Default VPCSubnetDefault Subnet

Subnet

Default VPC

Public IP

Step 1: AMI(Amazon Machine Image)

Step 2:

Step 3:

Step 4:

Step 5:

Step 6:

Step 7:

Step 8:

EC2

Default VPC

Default VPCVPC

Default VPCAWS

CIDR172.31.0.0/16CIDRDefault VPC

VPC

VPC

Availability Zone

Availability Zone

PublicSubnet

PrivateSubnet

Internet gateway

PublicSubnet

PrivateSubnet

AZ

PublicPrivateSubnet

VPCSubnet

Step 1:VPC

Step 2: Subnet

Step 3:Internet GatewayVPC

Step 4: Route TableInternet GatewayRoute

Step 5: SubnetRoute Table

Subnet

PrivateSubnetAZPublicPrivateSubnet

Internet Gateway

Internet GatewayVPC

Route Table

Route TableInternet GatewayRoute

SubnetRoute Table

SubnetRoute Table

SubnetRoute Table

VPC subnet1

VPC subnet2

VPC subnet3

Destination Target

10.0.0.0/16 local0.0.0.0 Internet

Gateway

Destination Target

10.0.0.0/16 local

Route Table A

Route Table B

VPCPublic SubnetEC2

Public Subnet

VPC

Public IP


Step 2:

Step 3:

Step 4:

Step 5:

Step 6:

Step 7:

Step 8:

VPCPublic SubnetEC2

LinuxSSH(22)WindowsRDP(3389


Step 2:

Step 3:

Step 4:

Step 5:

Step 6:

Step 7:

Step 8:

Source0.0.0.0/0IPEC2

EC2SSH

Availability Zone

Availability Zone

Public subnet

Internet gateway

Private subnet

Public subnet Private subnet

EC2Public IP

Public IPEC2EC2Public IP

Public IPElastic IPEC2

InternetPublic IP Elastic IP

PrivateIP

Elastic IP Elastic IP

EC2Elastic IP EC2Elastic IP Elastic IP 1Elastic IPEC2100

Elastic IP EC2IP

ELBEC2Elastic IP

Elastic IPELBEC2ID

EC2Private IP

EC2Private IP

ENI

ENI

VPC subnet

ENI

VPC subnet

Private IP: 10.0.0.10 Public IP: x.x.x.x

(OSeth0

Private IP: 10.0.1.10 Public IP: x.x.x.x

(OSeth1

10.0.0.0/24 10.0.1.0/24

ENI 1EC2ENI EC2

ENI http://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/using-

eni.html#AvailableIpPerENI

HA SMTP

ENI

VPC subnet

VPC subnet

ENI

ENI

ENI

ENI

VPC subnet

ENI

ENI

ENI

IP

ENIAZ

Subnet

VPCSubnet

SubnetNetwork Access Control(NACL)

Availability Zone

Availability Zone

Public subnet

Internet gateway

Private subnet

router

Public subnet Private subnet

NACL

VPC Security GroupNACL(Network Access Control List)

InstanceIn/Out

SubnetIn/Out

Private Subnet

Virutal Private Cloud

Private Subnet

Public Subnet

Internet gateway

WindowsRemote Desktop GatewayEC2Private SubnetEC2 WindowsRemote Desktop

Private SubnetEC2 NAT

DB AWS API

Public subnetInternet gateway

Private subnet

Destination Target

10.0.0.0/16 local0.0.0.0 Internet

Gateway

Destination Target

10.0.0.0/16 local0.0.0.0 i-xxxxx

(NATID)

VPNInternet GatewayRouting

NAT

1. NATEC2Public Subnet

2. NATEC2SrcDestCheck

EC2

3. Private SubnetRoute Table

EC2amzn-ami-vpc-natAMI

Destination Target

0.0.0.0 i-xxxxx(NATID

VPC

VPC2 IPSec VPN AWS Direct Connect

EC2VPNVPN

VPCVPN

1Customer GatewayVPC

2VPN Customer GatewayBGP BGPVPN

VPNRouting

VPCVPN

Step 1: Customer Gateway

Step 2: VPCVirtual Private Gateway (VGW)VPC

Step 3: VPCCustomer Gateway

Step 4: VPC Connection

Step 7: SubnetRoute TableVGWRouting

VPC

Step 5: Customer GatewayConfig

Step 6: VPN ConnectionUP

Step 1: VPCVPNCustomer Gateway VPCVPNCustomer Gateway

Astaro Security Gateway 8.3 Astaro Security Gateway Essential Firewall Edition 8.3 Cisco ISRIOS 12.4 Dell Sonicwall Fortinet Fortigate 40+ FortiOS 4.0 Juniper J JunOS 9.5 Juniper SRX JunOS 9.5 ScreenOS 6.1 6.2 Juniper SSG ScreenOS 6.1 6.2 Juniper ISG Palo Alto Networks PA PANOS 4.1.2 Vyatta Network OS 6.5 RTX1200

http://aws.amazon.com/jp/vpc/faqs/

Step 2: Virtual Private Gateway(VGW)VPC

Step 3: Customer Gateway

Step 4: VPN Connection

Step 5: Customer GatewayConfigCustomer Gateway

Step 6:VPN ConnectionUP

Step 7: VPCSubnetRoute TableVGWRouting

VPN http://adsj-contents.s3.amazonaws.com/misc/VPNConnectionInstruction-

20141225.pdf

VPN

AWS

virtual private cloud

VPC private subnet

App

LAN

virtual private gateway

customer gateway

VPN connection

users

Internet GatewayRouting

VPN

Customer GatewayVPNVPN Customer Gateway

1VPC10VPN 102

AWSVPN EC2VPN

AWSVPN10

virtual private cloud corporate data center

virtual private gateway

customer gateway

VPN connection

N

customer gateway

EC2VPNVPN


VPC public subnet

VPN

VPN

VPN

VPNN

VPN

NVyatta

VPC

AWS Direct Connect

AWS Direct Connect http://adsj-contents.s3.amazonaws.com/meister-

re%3AGenerate/20130904_AWS-Meister-reGenerate-VPC-DXVPN.pdf

PublicPrivateSubnetEC2 Public SubnetPrivate Subnet

Public SubnetEC2

Public SubnetEC2NACL

(NAT

NACL

AWSAPI

S3 DynamoDB

AWS AWSAPINAT

NAT EC2ELBRDSVPC


VPC subnet

RDS DB instance

RDS DB instance standby

(Multi-AZ)

EC2instances

Elastic LoadBalancing

ElastiCachenode

Amazon S3

AmazonDynamoDB

AmazonSimple Queue

Service

Internet gateway

Private SubnetEC2

NAT

VPN/Internet Gateway

Web

LBPublic Subnet DB

2

VPC

VPCVPC Peering VPC-A -> VPC-B -> VPC-C2

AWS

AWSAWSAWS

VPC SubnetNACL AWS

AWS

VPCAWS

AZ

IPRouting

VPNRoutingIP

AWS

http://aws.amazon.com/jp/register-flow/

AWS Blackbelt Amazon VPC http://www.slideshare.net/AmazonWebServicesJapan/aws-black-belt-tech-amazon-vpc

Amazon VPC VPN http://adsj-contents.s3.amazonaws.com/misc/VPNConnectionInstruction-20141225.pdf

Amazon Virtual Private Cloud http://docs.aws.amazon.com/ja_jp/AmazonVPC/latest/UserGuide/VPC_Introduction.html

AWS http://aws.amazon.com/jp/aws-jp-introduction/

AWS http://aws.amazon.com/jp/solutions/case-studies-jp/

AWS

aws.amazon.com/training

Twitter/FacebookAWS

@awscloud_jp

http://on.fb.me/1vR8yWm

AWS AWShttps://aws.amazon.com/jp/contact-us/aws-sales/

Technology

初心者向けWebinar AWS上でのネットワーク構築