Cost Optimization - Network

Question 1

ELB - Auto scaling

Answer 1

• Must design for the normal usage
• Using it leads to better cost management
• Integrate EC2 Auto scaling with ELB to make an effective use of launched instances
• Use min and max values in auto scaling to do costs more predictable

Question 2

CloudFront - Implementing offloading

Answer 2

• S3 charges a retrieval fee per GB plus others fees based on the type of request such as GET, PUT, DELETE, etc
• CloudFront charges a retrieval fee plus a fee for HTTP / HTTPS requests
• CloudFront fees are cheaper than S3 fees
• CloudFront can cache objects stored in S3, so current and new clients can connect to CloudFront, and not S3, to reduce costs

Question 3

VPC Considerations

Answer 3

• Keep as much traffic as possible on the AWS backbone
• Use AWS services to reduce development and management costs
• Balance performance, functionality, and cost

Question 4

VPC Peering

Answer 4

• It establishes a connection between two VPCs
• Peering connections can also be established between VPCs in different region or accounts as well
• Transitive peering isn’t supported

Question 5

Transit Gateway

Answer 5

• Connects VPCs and on-premises networks
• Can terminate multiple VPN connections
• Supports Direct Connect and multiple VPCs together
• The only one that supports multicast
• When traffic is outbound from the transit gateway subnet, NACL rules aren’t evaluated

Question 6

Site-to-Site VPN characteristics

Answer 6

• It allows to communicate instances from a VPC to a remote network
• Provides encrypted IPsec connection over the internet
• Has unpredictable latency compared to AWS Direct Connect
• Costs less than Direct Connect but doesn’t have the same performance guarantees such as better bandwidth and always on

Question 7

Site-to-Site VPN components

Answer 7

• VPN tunnel: an encrypted link where data can pass from the customer network to or from AWS. Each VPN connection includes two VPN tunnels which can be used simultaneously
• Customer gateway: an AWS resource that provides information to AWS about an on-premise physical device or software application. It’s logically on the on-premise side
• Virtual private gateway: establishes a VPN tunnel with only one VPC. Doesn’t scale well
• Transit gateway

Question 8

Direct Connect - Virtual interfaces

Answer 8

• Private virtual interface: should be used to access a VPC using private IP addresses
• Public virtual interface: can access all AWS public services using public IP addresses
• Transit virtual interface: should be used to access one or more Transit Gateways associated with Direct Connect gateways

Question 9

Direct Connect - Direct Connect Gateway

Answer 9

• It’s a global service that connects VPCs across many regions or accounts
• Can be integrated with a Transit Gateway to connect multiple VPCs in the same region
• Can be integrated with a Virtual Private Gateway to connect VPCs in the same region

Question 10

Direct Connect - Connection types

Answer 10

• Dedicated Connection:
• A physical Ethernet connection associated with a single customer
• Cheaper and offers more range of circuits. From 50 Mbps until 10 Gbps
• Hosted Connection:
• A physical Ethernet connection that an AWS Direct Connect Partner provisions on behalf of a customer
• Offers circuits of 1 Gbps, 10Gbps, and 100 Gbps

Question 11

PrivateLink

Answer 11

• Provides connectivity between VPCs using interface endpoints. Traffic goes through AWS network
• Also allows to connect to some AWS services, and on-premises applications across different accounts and VPCs
• Endpoint services refer to services hosted by other AWS accounts
• ClassicLink allows to link EC2-Classic instance to a VPC in your account, within the same region. It’s an old platform