Cyber Intelligence
Cloud Technology and Services · 34% of exam

L13. Networking: VPC, Route 53, CloudFront, and Direct Connect

Video generating

Check back soon for the video lesson on Networking: VPC, Route 53, CloudFront, and Direct Connect

AWS networking is foundational to every architecture. The Cloud Practitioner exam tests VPC, subnets, Route 53 routing policies, CloudFront CDN, and AWS Direct Connect vs. VPN.

Amazon VPC (Virtual Private Cloud)

A VPC is a logically isolated network within AWS where you launch resources. Each AWS account gets a default VPC in each Region. Key VPC components:

  • Subnets: subdivide the VPC CIDR range; public subnets have internet access, private subnets do not
  • Internet Gateway: connects the VPC to the internet; required for public subnets
  • NAT Gateway: allows private subnet instances to initiate outbound internet connections without being directly accessible from the internet
  • Route Tables: define how traffic is routed within and out of subnets

Amazon Route 53

Route 53 is AWS's highly available DNS service (named for port 53, the DNS port). Key routing policies:

PolicyUse Case
SimpleSingle resource; no health checks
WeightedDistribute traffic by percentage (A/B testing, blue-green)
Latency-basedRoute to lowest-latency Region
FailoverPrimary/secondary; health-check based failover
GeolocationRoute based on user's geographic location
GeoproximityRoute based on geographic distance with bias
MultivalueReturn multiple IPs with health checks

Amazon CloudFront

CloudFront is AWS's content delivery network (CDN) that caches content at 400+ edge locations worldwide. Improves: latency for static and dynamic content, reduces origin server load. Works with: S3 (static content), ALB, EC2, API Gateway (dynamic content), Lambda@Edge (custom logic at the edge). Origin Access Control (OAC): restricts S3 bucket access so content can only be served through CloudFront.

AWS Direct Connect

Direct Connect is a dedicated private network connection from your on-premises datacenter to AWS that bypasses the public internet. Benefits: consistent throughput, lower latency than VPN, predictable network performance, supports high-bandwidth workloads. vs. AWS VPN: VPN is encrypted but travels over the public internet. Direct Connect is private but is NOT encrypted by default (must add VPN over Direct Connect for encryption).

Elastic Load Balancing (ELB)

Application Load Balancer (ALB): Layer 7 (HTTP/HTTPS); path-based and host-based routing; ideal for microservices. Network Load Balancer (NLB): Layer 4 (TCP/UDP); ultra-low latency; millions of requests per second. Gateway Load Balancer (GWLB): deploys inline network appliances (firewalls) at scale. Exam tip: Direct Connect = private, not over internet, no built-in encryption. VPN = encrypted, over internet. Route 53 Failover = health-check based DR. Latency routing = lowest-latency Region.

Exam Focus Points
  • VPC is a logically isolated network; Internet Gateway enables internet access for public subnets; NAT Gateway for private subnets
  • Route 53 routing policies: Simple, Weighted, Latency, Failover, Geolocation, Geoproximity, Multivalue
  • CloudFront CDN caches content at 400+ edge locations; reduces latency for global users
  • Direct Connect is a private dedicated connection to AWS, not over the internet; does not include built-in encryption
  • VPN Gateway creates encrypted tunnels over the public internet; Direct Connect is private but unencrypted by default
Knowledge Check

1. A company wants to route 10% of production traffic to a new version of their application for A/B testing. Which Route 53 routing policy should they use?

2. Which AWS network service provides a dedicated private connection from an on-premises data center to AWS that does NOT traverse the public internet?

Recommended: Pluralsight

Complement these lessons with Pluralsight: structured CLF-C02 learning paths, AWS hands-on labs, and realistic practice questions for exam day.

Start CLF-C02 prep free10-day free trial available