AWS Certified Solutions Architect - Professional
  • AWS Certified Solutions Architect - Professional
  • Analytics
    • Athena
    • Data Exchange
    • Kinesis Data Firehose
    • EMR
    • Glue
    • Kinesis Data Streams
    • Kinesis Data Analytics
    • Lake Formation
    • Managed Service for Apache Flink
    • Managed Streaming for Apache Kafka (Amazon MSK)
    • OpenSearch Service
    • QuickSight
  • Application Integration
    • AppFlow
  • AppSync
  • EventBridge
  • MQ
  • Simple Notification Service
  • Simple Queue Service
  • Step Functions
  • Blockchain
    • Managed Blockchain
  • Business Applications
    • Simple Email Service
  • Cloud Financial Management
    • Budgets
    • Cost and Usage Report
  • Cost Explorer
  • Savings Plans
  • COMPUTE
    • App Runner
  • Auto Scaling
  • Batch
  • Elastic Beanstalk
  • OpsWorks
  • Elastic Compute Cloud
  • EC2 Auto Scaling
  • Fargate
  • Lambda
  • Lightsail
  • Outposts
  • Wavelength
  • CONTAINERS
    • Elastic Container Registry
    • Elastic Container Service
    • ECS Anywhere
    • Elastic Kubernetes Service
    • EKS Anywhere
    • EKS Distro
  • DATABASES
    • Aurora
  • Aurora Serverless
  • DocumentDB
  • DynamoDB
  • ElastiCache
  • Keyspaces
  • Neptune
  • Relational Database Service
  • Redshift
  • Timestream
  • Developer Tools
    • CI/CD using AWS Code
    • CodeArtifact
    • CodeBuild
    • CodeDeploy
    • CodeGuru
    • CodePipeline
    • X-Ray
  • End User Computing
    • AppStream 2.0
  • Workspaces
  • Frontend Web and Mobile
    • Amplify
    • API Gateway
    • Device Farm
    • Pinpoint
  • Internet of Things
    • IoT Core
    • IoT Device Defender
    • IoT Device Management
    • IoT Events
    • IoT Greengrass
    • IoT SiteWise
    • IoT Things Graph
  • IoT 1-Click
  • Machine Learning
    • Comprehend
    • Fraud Detector
    • Kendra
    • Lex
    • Personalize
    • Polly
    • Rekognition
  • SageMaker AI
  • Textract
  • Transcribe
  • Translate
  • Forecast 101
  • Management and Governance
    • CloudFormation
    • CloudTrail
    • CloudWatch
    • CloudWatch Logs
    • Cost Allocation Tags
    • Command Line Interface
    • Compute Optimizer
    • Config
    • Control Tower
    • Health Dashboard
    • License Manager
    • Managed Grafana
    • Managed Service for Prometheus
    • Management Console
    • Organizations
    • Proton
    • Service Catalog
    • Service Quotas
    • Systems Manager
    • Trusted Advisor
    • Well-Architected Tool
    • SAML2.0 Identity Federation
    • IAM Identity Center
    • Directory Service
  • Service Control Policies
  • Permissions Boundaries
  • Permissions Evaluation
  • Media Services
    • Elastic Transcoder
    • Kinesis Video Streams
  • Migration and Transfer
    • 6R's of Cloud Migration
    • Application Discovery Service
    • Application Migration Service
    • Database Migration Service
    • DataSync
    • Migration Hub
    • Schema Conversion Tool
    • Snow Family
    • Transfer Family
  • Networking and Content Delivery
    • Private and Public Services
    • DHCP In a VPC
    • VPC Router
    • Stateful vs Stateless Firewalls
    • Network Access Control Lists
    • Security Groups
    • Local Zones
    • Border Gateway Protocol
    • Global Accelerator
    • IPSec VPN
    • Site2Site VPN
    • Transit Gateway
    • VPC Routing
    • Accelerated Site-to-Site VPN
    • Client VPN
    • Direct Connect (DX)
    • Route53
    • Private Link
    • VPC
    • VPC Flow Logs
    • CloudFront
    • Elastic Load Balancing
  • Security, Identity, and Compliance
    • Artifact
    • Audit Manager
    • Certificate Manager
    • Parameter Store
    • CloudHSM
    • Cognito
    • Detective
    • Directory Service
    • Firewall Manager
    • GuardDuty
    • Identity and Access Management
    • Inspector
    • Key Management Service
    • Macie
    • Network Firewall
    • Resource Access Manager
    • Secrets Manager
    • Security Hub
    • Security Token Service
    • Shield
    • WAF
  • Storage
    • Backup
    • Elastic Block Store
    • Instance Store Volumes
    • Elastic Disaster Recovery
    • Elastic File System
    • FSx
    • Simple Storage Service
    • S3 Glacier
    • Storage Gateway
  • DISASTER RECOVERY
    • Types of DR - Cold, Warm, PilotLight
    • DR Architecture - Storage
    • DR Architecture - Compute
    • DR Architecture - Database
    • DR Architecture - Networking
Powered by GitBook
On this page
  1. Networking and Content Delivery

VPC Routing

  • Route Tables:

    • Control how network traffic is directed within and outside the VPC.

    • Each subnet must be associated with a route table.

  • Associations:

    • Explicit Association: You manually associate a subnet with a specific route table.

    • Implicit Association: If no manual association, the subnet uses the main route table by default.

  • Route Priority:

    • AWS VPC route tables match the most specific route first (longest prefix match wins).

    • If multiple routes could apply, the more specific one is chosen.


🚀 Advanced Routing Concepts

  • Advanced Problem 1:

    • Overlapping CIDRs can create complexity. You must plan CIDRs carefully to avoid routing conflicts.

  • Advanced Problem 2:

    • Propagation from VPN or Direct Connect: Learned routes are automatically added but need to be managed carefully in complex environments.


🏠 Ingress Routing via Gateway Route Tables

  • Ingress Routing: Directs incoming traffic through specific appliances (like firewalls) before reaching your VPC resources.

  • Achieved using Gateway Route Tables:

    • Applied at VPC attachments (like Transit Gateway).

    • Helps enforce centralized security inspection or traffic filtering.


🧠 Quick Summary

Concept
Description

Route Tables

Direct network traffic inside and outside VPC

Explicit vs Implicit Association

Explicit (manual), Implicit (default main route table)

Route Priority

Most specific route wins (longest prefix match)

Advanced Routing Issues

Overlapping CIDRs, route propagation challenges

Ingress Routing

Use Gateway Route Tables to control incoming traffic flow through appliances

Last updated 27 days ago