Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • AWS Certified Advanced Networking – Specialty (ANS-C01) Certification Guide
  • Toc
  • feedback
AWS Certified Advanced Networking – Specialty (ANS-C01) Certification Guide

AWS Certified Advanced Networking – Specialty (ANS-C01) Certification Guide

By : Tim McConnaughy, Steve McNutt, Christopher Miles
close
AWS Certified Advanced Networking – Specialty (ANS-C01) Certification Guide

AWS Certified Advanced Networking – Specialty (ANS-C01) Certification Guide

By: Tim McConnaughy, Steve McNutt, Christopher Miles

Overview of this book

The AWS Certified Advanced Networking – Specialty certification exam focuses on leveraging AWS services alongside industry standards to create secure, resilient, and scalable cloud networks. Written by industry experts with decades of experience in the field, this comprehensive exam guide will enable you to transform into an AWS networking expert, going beyond the ANS-C01 exam blueprint to maximize your impact in the field. You’ll learn all about intricate AWS networking options and services with clear explanations, detailed diagrams, and practice questions in each chapter. The chapters help you gain hands-on experience with essential components, such as VPC networking, AWS Direct Connect, Route 53, security frameworks, and infrastructure as code. With access to mock exams, interactive flashcards, and invaluable exam tips, you have everything you need to excel in the AWS ANS-C01 exam. This book not only prepares you to confidently take the exam, but also deepens your understanding and provides practical insights that are vital for a successful career in AWS cloud networking. By the end of this exam guide, you’ll be thoroughly trained to take the AWS ANS-C01 exam and efficiently design and maintain network architectures across a wide range of AWS services.
Table of Contents (22 chapters)
close
close
Preface
Preface
Who This Book Is For
Networking and AWS Constructs You Should Already Know
AWS Certified Advanced Networking – Specialty Exam Outline
What This Book Covers
Authors’ Assumptions
Use of Example Organization: Trailcats
Online Practice Resources
Conventions Used
Accessing the Code Files and Colored Images
Get in Touch
Share Your Thoughts
Download a Free PDF Copy of This Book
Free Chapter
1
Chapter 1: Advanced VPC Networking
chevron up
Chapter 1: Advanced VPC Networking
Making the Most of This Book – Your Certification and Beyond
Elastic Network Interfaces (ENIs)
Elastic IP Addresses
Subnet Configuration and Optimization
Prefix Lists
Connectivity between AWS VPCs
IP Address Overlap Management
Service Quotas Quick Reference
Summary
Exam Readiness Drill – Chapter Review Questions
2
Chapter 2: VPC Traffic and Performance Monitoring
Chapter 2: VPC Traffic and Performance Monitoring
Potential Cloud Network Problems
Metrics and Logging
AWS Performance Monitoring Services
Monitoring and Troubleshooting
Troubleshooting Packet Size Issues
Summary
Exam Readiness Drill – Chapter Review Questions
3
Chapter 3: Networking Across Multiple AWS Accounts
Chapter 3: Networking Across Multiple AWS Accounts
AWS Organizations
AWS Resource Access Manager
AWS PrivateLink
Third-Party Network Appliance Connectivity
Summary
Exam Readiness Drill – Chapter Review Questions
4
Chapter 4: AWS Direct Connect
Chapter 4: AWS Direct Connect
Direct Connect Overview
Creating a DX Connection
Layer 2 and Direct Connect
Direct Connect Gateways
Border Gateway Protocol
Summary
Exam Readiness Drill – Chapter Review Questions
5
Chapter 5: Hybrid Networking with AWS Transit Gateway
Chapter 5: Hybrid Networking with AWS Transit Gateway
AWS TGW Basics
AWS TGW Components
TGW Attachment Types
TGW Route Table Overview
TGW and DX Gateway Design
TGW Inspection VPC Design
Summary
Exam Readiness Drill – Chapter Review Questions
6
Chapter 6: Connecting Third-Party Networks to AWS
Chapter 6: Connecting Third-Party Networks to AWS
Defining Third-Party Networks
Third-Party Connectivity Options
Redundant Connectivity to Third-Party Networks
Route Optimization for Redundant Connections
Summary
Exam Readiness Drill – Chapter Review Questions
7
Chapter 7: AWS Route 53: Basics
Chapter 7: AWS Route 53: Basics
History of DNS
DNS Fundamentals
Amazon Route 53
Domain Registration
Routing Traffic to Your Domain
Route 53 Resolver
Conditional Forwarding
Health Checks
Summary
Exam Readiness Drill – Chapter Review Questions
8
Chapter 8: AWS Route 53: Advanced
Chapter 8: AWS Route 53: Advanced
Conditional Forwarding
Route 53 Routing Policies
Sharing DNS Services between Accounts
DNSSEC
Summary
Exam Readiness Drill – Chapter Review Questions
9
Chapter 9: AWS Elastic Load Balancing
Chapter 9: AWS Elastic Load Balancing
Load Balancing Fundamentals
Load Balancing in AWS
AWS Load Balancer Types
Summary
Exam Readiness Drill – Chapter Review Questions
10
Chapter 10: AWS CDN and Global Traffic Management
Chapter 10: AWS CDN and Global Traffic Management
Amazon CloudFront
AWS Global Accelerator
Service Quotas
Summary
Exam Readiness Drill – Chapter Review Questions
11
Chapter 11: Security Framework
Chapter 11: Security Framework
The Cloud Shared Responsibility Model
Network Segmentation
Threat Modeling
Common Attacks
Encryption Methods for Data in Transit
Security Methods for DNS Communications
Summary
Exam Readiness Drill – Chapter Review Questions
12
Chapter 12: AWS Security Services
Chapter 12: AWS Security Services
Controlling Traffic
Observability and Monitoring
Securing Traffic
Managing and Auditing Security Configurations
Summary
Exam Readiness Drill – Chapter Review Questions
13
Chapter 13: Infrastructure as Code
Chapter 13: Infrastructure as Code
DevOps
Infrastructure as Code
AWS CloudFormation
AWS Cloud Development Kit
Summary
Exam Readiness Drill – Chapter Review Questions
14
Chapter 14: Data Analytics and Optimization
Chapter 14: Data Analytics and Optimization
Optimizing AWS Networks via Traffic Reduction
Choosing Network Services by Requirements
Network Topology Mapping
CloudWatch Configuration
Log Ingestion and Delivery
Correlating and Analyzing Multiple Data Sources in Network Troubleshooting
Summary
Exam Readiness Drill – Chapter Review Questions
15
Chapter 15: Conclusion
Chapter 15: Conclusion
Registering for the Exam
Reviewing for the Exam
Revising the Review Plan
Passing the Exam
Summary
16
Chapter 16: Accessing the Online Practice Resources
Chapter 16: Accessing the Online Practice Resources
How to Access These Materials
Troubleshooting Tips
Back to the Book
17
Other Books You May Enjoy
Other Books You May Enjoy
Share Your Thoughts
Download a Free PDF Copy of This Book
Appendix 1: Network Fundamentals
Appendix 1: Network Fundamentals
The OSI Model
IP Addressing
Classless Inter-Domain Routing
Basic Subnetting
IPv6
Summary
Appendix 2: IP Routing Fundamentals
Appendix 2: IP Routing Fundamentals
Routing Concepts
Basic BGP
Summary
Appendix 3: VPC Networking Basics
Appendix 3: VPC Networking Basics
VPC Basics
IP Addressing in VPCs
Subnets in VPCs
Route Tables
Summary
Appendix 4: VPC Security and External Connectivity
Appendix 4: VPC Security and External Connectivity
Network Security in Amazon VPC
Internet, NAT, and Egress-Only Gateways
Summary
Why Subscribe?

Prefix Lists

Configuring rules for security groups or routes for route tables can sometimes be difficult to manage. When an organization has several CIDR blocks they need to allow access from or route to, maintaining all those entries can come with a management overhead to keep up with them. This can become quite cumbersome when you are responsible for maintaining these entries in multiple VPCs and potentially across multiple regions. Using managed prefix lists to maintain an up-to-date list of these CIDR blocks can make this process easier.

Prefix lists are lists that contain multiple IP CIDR blocks, which can be IPv4- or IPv6-based. These lists can then be referenced in rules belonging to security groups and route tables. In turn, if you have a prefix list containing 10 prefixes, a single security group rule or route table route entry will apply for all 10 of those prefixes. Prefix lists can be a good way to maintain consistency with security groups and/or route tables across all your resources and even between AWS accounts.

There are two types of prefix lists within AWS: customer-managed and AWS-managed.

Customer-Managed Prefix Lists

Customer-managed prefix lists are created and maintained by you within your AWS account(s). You are responsible for adding/removing IP prefixes from these lists as necessary. As prefixes are added/removed, any references to them in a security group rule or route table entry will automatically be updated in place.

A customer-managed prefix list is a regional construct, meaning it only exists within a single AWS Region. Here are a few other characteristics of customer-managed prefix lists to consider. A prefix list supports either IPv4 or IPv6 addressing, but not both. If you require the use of both, this task will require two separate prefix lists. A prefix list also requires a limit of the maximum number of prefix entries to be set. By default, the maximum number this value can be set to is 1,000. To help manage the life cycle of a prefix list, it also supports versioning. When entries are added/removed, a new version of the prefix list is automatically created and promoted. This allows for simple restoration to previous versions.

Be careful when referencing a prefix list in another resource. The number of prefix entries applies to the service quota for that resource. For example, if a prefix list with 25 entries is referenced in a VPC route table, then that is equivalent to 25 separate route entries. This can quickly consume entries and is inefficient.

Refer to Figure 1.13 for an example of a customer-managed prefix list within the AWS dashboard. Make note of the prefix list version, max entries, and address family.

Figure 1.13: Customer-managed prefix list

Figure 1.13: Customer-managed prefix list

Customer-managed prefix lists offer granular logical grouping based on specific needs, but as with all custom features in the cloud, this granularity comes with strict limitations such as low maximum entries.

Note

Customer-managed prefix lists are also supported within AWS Transit Gateway (TGW) route tables, which will be covered later in this chapter.

AWS-Managed Prefix Lists

In addition to customer-managed prefix lists, there are also AWS-managed prefix lists. These can be referenced in a very similar fashion to customer-managed ones, but all the entries are owned and maintained by AWS. These prefix lists are automatically created within each AWS region and can be referenced as needed.

These prefix lists are created for several AWS services and are populated with all the IP prefixes associated with those services. These lists can be referenced by security groups or route tables to ensure resources can interact with these services in a secure manner.

Refer to Table 1.1 for a list of AWS-managed prefix lists and their corresponding names:

AWS Service

Prefix List Name

Amazon CloudFront

com.amazonaws.global.cloudfront.origin-facing

Amazon DynamoDB

com.amazonaws.region.dynamodb

AWS Ground Station

com.amazonaws.global.groundstation

Amazon Route 53

com.amazonaws.region.ipv6.route53-healthchecks

com.amazonaws.region.route53-healthchecks

Amazon S3

com.amazonaws.region.s3

Amazon S3 Express One Zone

com.amazonaws.region.s3express

Amazon VPC Lattice

com.amazonaws.region.vpc-lattice

com.amazonaws.region.ipv6.vpc-lattice

Table 1.1: AWS-managed prefix lists

These AWS-managed prefix lists make it simpler for customers to reference them when creating a policy that needs to reference AWS services.

Note

You can find more details about AWS-managed prefix lists here: https://docs.aws.amazon.com/vpc/latest/userguide/working-with-aws-managed-prefix-lists.html

Configuring Customer-Managed Prefix Lists

This section details the creation of a customer-managed prefix list from either the AWS console or AWS CLI.

To create a customer-managed prefix list, navigate to the VPC console of the AWS dashboard and select Managed prefix lists. This section contains both customer-managed and AWS-managed prefix lists. Select the Create prefix list option to create a new customer-managed prefix list. Next, you will define the name of the prefix list, the maximum number of entries, and any specific prefix entries. This process is shown in Figure 1.14:

Figure 1.14: Create prefix list details

Figure 1.14: Create prefix list details

The prefix list is a custom way to maintain a list of interesting prefixes that should be referenced in the same way – for example, you may wish to create a prefix list with the prefixes of all development resources across your VPCs; a prefix list can do this.

A customer-managed prefix list can be created using the AWS CLI aws ec2 create-managed-prefix-list command.

For example, to create a custom prefix list using the AWS CLI, follow the given code:

aws ec2 create-managed-prefix-list --prefix-list-name MyPrefixList --max-entries 10 --address-family IPv4 --entries Cidr=10.0.0.0/16,Description="My CIDR block"

The next section will cover how to connect VPCs together.

End of Section 6
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete