L13. Networking: VPC, Route 53, CloudFront, and Direct Connect
Video generating
Check back soon for the video lesson on Networking: VPC, Route 53, CloudFront, and Direct Connect
AWS networking is foundational to every architecture. The Cloud Practitioner exam tests VPC, subnets, Route 53 routing policies, CloudFront CDN, and AWS Direct Connect vs. VPN.
Amazon VPC (Virtual Private Cloud)
A VPC is a logically isolated network within AWS where you launch resources. Each AWS account gets a default VPC in each Region. Key VPC components:
- Subnets: subdivide the VPC CIDR range; public subnets have internet access, private subnets do not
- Internet Gateway: connects the VPC to the internet; required for public subnets
- NAT Gateway: allows private subnet instances to initiate outbound internet connections without being directly accessible from the internet
- Route Tables: define how traffic is routed within and out of subnets
Amazon Route 53
Route 53 is AWS's highly available DNS service (named for port 53, the DNS port). Key routing policies:
| Policy | Use Case |
|---|---|
| Simple | Single resource; no health checks |
| Weighted | Distribute traffic by percentage (A/B testing, blue-green) |
| Latency-based | Route to lowest-latency Region |
| Failover | Primary/secondary; health-check based failover |
| Geolocation | Route based on user's geographic location |
| Geoproximity | Route based on geographic distance with bias |
| Multivalue | Return multiple IPs with health checks |
Amazon CloudFront
CloudFront is AWS's content delivery network (CDN) that caches content at 400+ edge locations worldwide. Improves: latency for static and dynamic content, reduces origin server load. Works with: S3 (static content), ALB, EC2, API Gateway (dynamic content), Lambda@Edge (custom logic at the edge). Origin Access Control (OAC): restricts S3 bucket access so content can only be served through CloudFront.
AWS Direct Connect
Direct Connect is a dedicated private network connection from your on-premises datacenter to AWS that bypasses the public internet. Benefits: consistent throughput, lower latency than VPN, predictable network performance, supports high-bandwidth workloads. vs. AWS VPN: VPN is encrypted but travels over the public internet. Direct Connect is private but is NOT encrypted by default (must add VPN over Direct Connect for encryption).
Elastic Load Balancing (ELB)
Application Load Balancer (ALB): Layer 7 (HTTP/HTTPS); path-based and host-based routing; ideal for microservices. Network Load Balancer (NLB): Layer 4 (TCP/UDP); ultra-low latency; millions of requests per second. Gateway Load Balancer (GWLB): deploys inline network appliances (firewalls) at scale. Exam tip: Direct Connect = private, not over internet, no built-in encryption. VPN = encrypted, over internet. Route 53 Failover = health-check based DR. Latency routing = lowest-latency Region.- ✓VPC is a logically isolated network; Internet Gateway enables internet access for public subnets; NAT Gateway for private subnets
- ✓Route 53 routing policies: Simple, Weighted, Latency, Failover, Geolocation, Geoproximity, Multivalue
- ✓CloudFront CDN caches content at 400+ edge locations; reduces latency for global users
- ✓Direct Connect is a private dedicated connection to AWS, not over the internet; does not include built-in encryption
- ✓VPN Gateway creates encrypted tunnels over the public internet; Direct Connect is private but unencrypted by default
1. A company wants to route 10% of production traffic to a new version of their application for A/B testing. Which Route 53 routing policy should they use?
2. Which AWS network service provides a dedicated private connection from an on-premises data center to AWS that does NOT traverse the public internet?
Recommended: Pluralsight
Complement these lessons with Pluralsight: structured CLF-C02 learning paths, AWS hands-on labs, and realistic practice questions for exam day.