- AWS Services
- AWS White Papers
- Courses
- Blog Posts
- Exam Guide
- Sample Exams
- Things to remember
| Domain | % of Exam |
|---|---|
| Domain 1: Design and implement hybrid IT network architectures at scale | 24% |
| Domain 2: Design and implement AWS networks | 28% |
| Domain 3: Automate AWS tasks | 8% |
| Domain 4: Configure network integration with application services | 14% |
| Domain 5: Design and implement for security and compliance | 12% |
| Domain 6: Manage, optimize, and troubleshoot the network | 14% |
- VPC
- NACL
- Security Groups
- VPC endpoints
- Subnets
- Route Tables
- EC2
- Placement groups
- Enhanced networking
- Secondary ENI
- ENA
- EFA
- EBS Optimized
- MTU
- Throughput to the internet
- VPC Traffic Mirroring
- Direct Connect link
- AWS and IPsec VPN
- Load Balancing
- AWS Global Accelerator
- Gateways
- Internet gateway
- Egress internet
- NAT gateway
- Virtual GW
- Customer gateway
- AWS Transit Gateway
- AWS Config
- Amazon SNS
- AWS Lambda
- CloudFormation
- Amazon CloudWatch
- Amazon CloudWatch Logs
- Network Manager
- Route 53
- Network Security
- VPC flow log
- AWS CloudTrail
- IAM policies
- AWS KMS
- AWS WAF
- GuardDuty
- AWS Shield
- High availability/load balancing
- VLANs
- 801.q
- 802.1Q is an Ethernet standard as defined by the IEEE that enables Virtual Local Area Networks (VLANs) on an Ethernet network.
- BFD
- Bidirectional Forwarding Detection (BFD) is a mechanism used to support fast failover of connections in the event of a failure in the forwarding path between two routers.
- LAG
- A Link Aggregation Group (LAG) is a logical interface that uses the Link Aggregation Control Protocol (LACP) to aggregate multiple 1 Gbps or 10 Gbps connections
- Routing
- Subnetting
- DNS
- DHCP
- Sticky Sessions
- DMZ
- Data at rest and in transit
- BGP
- Border Gateway Protocol (BGP) is a routing protocol used to exchange network routing and reachability information, either within the same or a different autonomous system.
- AS_PATH prepending
- is a mechanism where you artificially make the AS_PATH longer on one connection compared to the other by adding your own ASN multiple times to the path.
- Best Practices for VPCs and Networking in Amazon WorkSpaces Deployments
- Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
- Amazon Virtual Private Cloud Connectivity Options
- AWS Best Practices for DDoS Resiliency
- High Performance Computing on AWS Redefines What is Possible
- Integrating AWS with Multiprotocol Label Switching
- AWS Certified Advanced Networking Official Study Guide: Specialty Exam
- AWS re:Invent 2017: Deep Dive: AWS Direct Connect and VPNs (NET403)
- AWS re:Invent 2017: Extending Data Centers to the Cloud: Connectivity Options and Co (NET301)
https://crishantha.medium.com/aws-site-to-site-vpn-c4baf45703fd
Route Table Priority
| Priority | Description |
|---|---|
| 1 | Local route, even if a more specific route exists for the CIDR |
| 2 | Most specific route (longest-prefix match) |
| 3 | Static routes are preferred over dynamic routes for equivalent prefixes |
| 4 | Dynamic routes propagated from AWS Direct Connect |
| 5 | Static routes configured on a VGW VPN connection |
| 6 | Dynamic routes propagated from a VPN |
BGP path selection order is as follows:
- Local routes to the VPC (no override with more specific routing)
- Longest prefix match first
- Static route table entries preferred over dynamic
- Dynamic routes:
- Prefer AWS Direct Connect BGP routes
- Shorter AS_PATH
- Considered equivalent and will balance traffic per flow
- VPN static routes (defined on VPN connection)
- BGP routes from VPN
- Shorter AS_PATH
- Prefer AWS Direct Connect BGP routes
VPC Endpoints
Gateway endpoints ( Route Table entry )
- Amazon Simple Storage Service (Amazon S3)
- Amazon DynamoDB.
Interface endpoints ( ENI in your VPC )
- Amazon Kinesis Streams
- Elastic Load Balancing API
- Amazon EC2 API
- Amazon EC2 Systems Manager (SSM)
- AWS Service Catalog
- Endpoint services hosted by other account
- Partner Solutions