Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • AWS Certified Advanced Networking – Specialty (ANS-C01) Certification Guide
  • Toc
  • feedback
AWS Certified Advanced Networking – Specialty (ANS-C01) Certification Guide

AWS Certified Advanced Networking – Specialty (ANS-C01) Certification Guide

By : Tim McConnaughy, Steve McNutt, Christopher Miles
close
AWS Certified Advanced Networking – Specialty (ANS-C01) Certification Guide

AWS Certified Advanced Networking – Specialty (ANS-C01) Certification Guide

By: Tim McConnaughy, Steve McNutt, Christopher Miles

Overview of this book

The AWS Certified Advanced Networking – Specialty certification exam focuses on leveraging AWS services alongside industry standards to create secure, resilient, and scalable cloud networks. Written by industry experts with decades of experience in the field, this comprehensive exam guide will enable you to transform into an AWS networking expert, going beyond the ANS-C01 exam blueprint to maximize your impact in the field. You’ll learn all about intricate AWS networking options and services with clear explanations, detailed diagrams, and practice questions in each chapter. The chapters help you gain hands-on experience with essential components, such as VPC networking, AWS Direct Connect, Route 53, security frameworks, and infrastructure as code. With access to mock exams, interactive flashcards, and invaluable exam tips, you have everything you need to excel in the AWS ANS-C01 exam. This book not only prepares you to confidently take the exam, but also deepens your understanding and provides practical insights that are vital for a successful career in AWS cloud networking. By the end of this exam guide, you’ll be thoroughly trained to take the AWS ANS-C01 exam and efficiently design and maintain network architectures across a wide range of AWS services.
Table of Contents (22 chapters)
close
close
Preface
Preface
Who This Book Is For
Networking and AWS Constructs You Should Already Know
AWS Certified Advanced Networking – Specialty Exam Outline
What This Book Covers
Authors’ Assumptions
Use of Example Organization: Trailcats
Online Practice Resources
Conventions Used
Accessing the Code Files and Colored Images
Get in Touch
Share Your Thoughts
Download a Free PDF Copy of This Book
Free Chapter
1
Chapter 1: Advanced VPC Networking
chevron up
Chapter 1: Advanced VPC Networking
Making the Most of This Book – Your Certification and Beyond
Elastic Network Interfaces (ENIs)
Elastic IP Addresses
Subnet Configuration and Optimization
Prefix Lists
Connectivity between AWS VPCs
IP Address Overlap Management
Service Quotas Quick Reference
Summary
Exam Readiness Drill – Chapter Review Questions
2
Chapter 2: VPC Traffic and Performance Monitoring
Chapter 2: VPC Traffic and Performance Monitoring
Potential Cloud Network Problems
Metrics and Logging
AWS Performance Monitoring Services
Monitoring and Troubleshooting
Troubleshooting Packet Size Issues
Summary
Exam Readiness Drill – Chapter Review Questions
3
Chapter 3: Networking Across Multiple AWS Accounts
Chapter 3: Networking Across Multiple AWS Accounts
AWS Organizations
AWS Resource Access Manager
AWS PrivateLink
Third-Party Network Appliance Connectivity
Summary
Exam Readiness Drill – Chapter Review Questions
4
Chapter 4: AWS Direct Connect
Chapter 4: AWS Direct Connect
Direct Connect Overview
Creating a DX Connection
Layer 2 and Direct Connect
Direct Connect Gateways
Border Gateway Protocol
Summary
Exam Readiness Drill – Chapter Review Questions
5
Chapter 5: Hybrid Networking with AWS Transit Gateway
Chapter 5: Hybrid Networking with AWS Transit Gateway
AWS TGW Basics
AWS TGW Components
TGW Attachment Types
TGW Route Table Overview
TGW and DX Gateway Design
TGW Inspection VPC Design
Summary
Exam Readiness Drill – Chapter Review Questions
6
Chapter 6: Connecting Third-Party Networks to AWS
Chapter 6: Connecting Third-Party Networks to AWS
Defining Third-Party Networks
Third-Party Connectivity Options
Redundant Connectivity to Third-Party Networks
Route Optimization for Redundant Connections
Summary
Exam Readiness Drill – Chapter Review Questions
7
Chapter 7: AWS Route 53: Basics
Chapter 7: AWS Route 53: Basics
History of DNS
DNS Fundamentals
Amazon Route 53
Domain Registration
Routing Traffic to Your Domain
Route 53 Resolver
Conditional Forwarding
Health Checks
Summary
Exam Readiness Drill – Chapter Review Questions
8
Chapter 8: AWS Route 53: Advanced
Chapter 8: AWS Route 53: Advanced
Conditional Forwarding
Route 53 Routing Policies
Sharing DNS Services between Accounts
DNSSEC
Summary
Exam Readiness Drill – Chapter Review Questions
9
Chapter 9: AWS Elastic Load Balancing
Chapter 9: AWS Elastic Load Balancing
Load Balancing Fundamentals
Load Balancing in AWS
AWS Load Balancer Types
Summary
Exam Readiness Drill – Chapter Review Questions
10
Chapter 10: AWS CDN and Global Traffic Management
Chapter 10: AWS CDN and Global Traffic Management
Amazon CloudFront
AWS Global Accelerator
Service Quotas
Summary
Exam Readiness Drill – Chapter Review Questions
11
Chapter 11: Security Framework
Chapter 11: Security Framework
The Cloud Shared Responsibility Model
Network Segmentation
Threat Modeling
Common Attacks
Encryption Methods for Data in Transit
Security Methods for DNS Communications
Summary
Exam Readiness Drill – Chapter Review Questions
12
Chapter 12: AWS Security Services
Chapter 12: AWS Security Services
Controlling Traffic
Observability and Monitoring
Securing Traffic
Managing and Auditing Security Configurations
Summary
Exam Readiness Drill – Chapter Review Questions
13
Chapter 13: Infrastructure as Code
Chapter 13: Infrastructure as Code
DevOps
Infrastructure as Code
AWS CloudFormation
AWS Cloud Development Kit
Summary
Exam Readiness Drill – Chapter Review Questions
14
Chapter 14: Data Analytics and Optimization
Chapter 14: Data Analytics and Optimization
Optimizing AWS Networks via Traffic Reduction
Choosing Network Services by Requirements
Network Topology Mapping
CloudWatch Configuration
Log Ingestion and Delivery
Correlating and Analyzing Multiple Data Sources in Network Troubleshooting
Summary
Exam Readiness Drill – Chapter Review Questions
15
Chapter 15: Conclusion
Chapter 15: Conclusion
Registering for the Exam
Reviewing for the Exam
Revising the Review Plan
Passing the Exam
Summary
16
Chapter 16: Accessing the Online Practice Resources
Chapter 16: Accessing the Online Practice Resources
How to Access These Materials
Troubleshooting Tips
Back to the Book
17
Other Books You May Enjoy
Other Books You May Enjoy
Share Your Thoughts
Download a Free PDF Copy of This Book
Appendix 1: Network Fundamentals
Appendix 1: Network Fundamentals
The OSI Model
IP Addressing
Classless Inter-Domain Routing
Basic Subnetting
IPv6
Summary
Appendix 2: IP Routing Fundamentals
Appendix 2: IP Routing Fundamentals
Routing Concepts
Basic BGP
Summary
Appendix 3: VPC Networking Basics
Appendix 3: VPC Networking Basics
VPC Basics
IP Addressing in VPCs
Subnets in VPCs
Route Tables
Summary
Appendix 4: VPC Security and External Connectivity
Appendix 4: VPC Security and External Connectivity
Network Security in Amazon VPC
Internet, NAT, and Egress-Only Gateways
Summary
Why Subscribe?

Subnet Configuration and Optimization

When deploying elastic and scalable solutions in the AWS cloud, you need to ensure that your VPC networks are properly configured to allow for that behavior. AWS services such as EC2 and Elastic Load Balancing (ELB) enable solutions to automatically horizontally scale dynamically based on capacity needs. This short section will detail some considerations that should be made when deploying subnets to support ELB and EC2 Auto Scaling.

Note

There will be a later chapter that dives deeper into Elastic Load Balancing and the details that come with ELB configuration.

Subnet Considerations for ELB

When deploying various types of elastic load balancers in AWS, the ELB will need to be mapped to specific subnets within the VPC that it belongs to. When this mapping is done, the ELB will have an ENI deployed into each of those subnets. These ENIs are fully managed by the ELB and cannot be moved to other resources such as an EC2 instance. However, it is important to consider that these ENIs will need to consume IP addresses out of each of the subnets as well.

This sort of mapping is common when using an ELB as the frontend connection of a website. The ELB becomes the internet-facing website DNS entry that customers connect to, and when the connections come into the ELB, the routing rules of the load balancer determine into which subnet the traffic is delivered. Delivering traffic to these subnets requires the ENI deployment.

This may seem like a small thing to consider when you need to only account for one IP address in each subnet for the ELB. While only a single IP address, it is important to consider this when deploying your subnets within a VPC, especially if multiple ELBs may reside there. If you are using something small such as /28 for your subnets, there are only 11 usable addresses (14 minus the 3 AWS addresses) to assign to resources. The addresses must be used sparingly.

Refer to Figure 1.11 for a simplistic view of multiple application load balancers mapped to the same subnets and consuming multiple addresses:

Figure 1.11: ALB with ENIs

Figure 1.11: ALB with ENIs

ALBs are usually deployed in such a fashion for resiliency and redundancy in case an AZ is impacted by a failure.

Subnet Considerations for Auto-Scaling

When configuring EC2 Auto Scaling, you need to make similar considerations for the number of IP addresses that will be consumed out of your VPC subnets. Since EC2 Auto Scaling allows you to set minimum and maximum desired capacity units for EC2 instances, you will need to ensure your subnets have adequate IP addresses, not just for normal operation, but also to account for failure.

Take the following example. Trailcats has an Auto Scaling group (ASG) spread across three AZs within a VPC. During peak times, the maximum capacity on the ASG is configured for nine instances, so they are spread evenly across the AZs. If there is an AZ failure, then those instances will need to be redeployed in other subnets. In this scenario, all VPC subnets need to have enough IP addresses to account for all the EC2 instances that the ASG could deploy into the subnet during an AZ failure. Refer to Figure 1.12 to see an example of how the ASG could react to an AZ failure:

Figure 1.12: Subnets with auto-scaling configuration

Figure 1.12: Subnets with auto-scaling configuration

Auto-scaling is both based on demand and resiliency; in the preceding figure, auto-scaling is being used for resiliency to ensure adequate resources are available.

End of Section 5
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete