In episode #89 of Mobycast, we introduced using private subnets for your cloud network. We learned about the differences between public and private subnets, as well as some of the key technologies they depend upon such as NAT, or network address translation.
We also learned that using private subnets comes with a new problem - how to access these private resources? We discussed three primary approaches, before settling on VPN as our choice.
In this episode of Mobycast, Jon and Chris continue their three-part series on using private subnets with your cloud network. We finish our network design by guiding you step-by-step in setting up a software-based VPN and building out private subnets. We also share some inside tips that will make you look like a cloud networking pro.
In this episode, we cover the following topics:
- Before we get started, a CAVEAT. There are other (potentially BETTER) ways of accessing resources on private subnets.
- We'll talk about these (such as AWS Client VPN or AWS Systems Manager Session Manager) in future episodes.
- But a great choice (with the most flexibility/power) remains our current choice: a third-party software-only VPN solution.
- There are many options for third-party software VPNs, both commercial and open source. Some of the options we considered include:
- OpenVPN (* our choice)
- Discussion of the different flavors and pricing models for OpenVPN Access Server.
- Step-by-step walkthrough of installing OpenVPN Access Server via the AWS Marketplace.
- Including how to setup TLS for your VPN server.
- We detail the process of how to create private subnets within a VPC.
- Create new subnets to be used as private subnets, keeping in mind a multi-AZ design.
- Routing table considerations.
- Setting up a NAT gateway to forward Internet traffic for private subnets.
- Some pro tips to keep in mind when building out your cloud network.
- CIDR block considerations (the "Goldilocks" approach to sizing).
- Did you know that NAT gateways are SPOFs? We discuss how to improve availability.
- VPC with Public and Private Subnets (NAT)
- Software VPN
- Amazon Web Services EC2 BYOL appliance quick start guide
- AWS Certificate Manager
Tachyon, by Roy England
For a full transcription of this episode, please visit the episode webpage.
- Web: https://mobycast.fm
- Voicemail: 844-818-0993
- Email: firstname.lastname@example.org
- Twitter: https://twitter.com/hashtag/mobycast
- Reddit: https://reddit.com/r/mobycast
What is Mobycast?
A Podcast About Cloud Native Software Development, AWS, and Distributed Systems