# **Networking Considerations** #

In your role as data engineer, you should confirm with your IT or Networking engineering department that certain networking capabilities are present and functioning. Although the setup of networks might not fall under the scope of your role, secure and reliable network connections are crucial to ensure data processing operates smoothly. It's therefore important to have an understanding of how your network is configured.

## **AWS Site-to-Site VPN** ##

The AWS Site-to-Site VPN feature establishes an encrypted VPN connection between your virtual private cloud (VPC) in AWS and your on-premises network. It is mandatory in on-premises or cloud hybrid environments. AWS Site-to-Site VPN is used when you need to access resources in your VPC from your on-premises network or the other way around. To learn more, choose each of the numbered markers.  

![image.png](attachment:image.png)

The key components of a site-to-site VPN include the following:

- VPN gateway or transit gateway on the AWS side
- Customer gateway resource in AWS that represents the customer gateway device
- Customer gateway device on the on-premises side
- Data transferred between the VPC and on-premises network is routed over the encrypted VPN connection to maintain the confidentiality and integrity of the data in transit

## **AWS Direct Connect** ##

![image.png](attachment:image.png)

Data intensive workloads require a reliable and secure network connection. AWS Direct Connect establishes a private network connection between on-premises infrastructure and AWS, bypassing the public internet. This provides more consistent network performance allowing you to access AWS services. Private network connectivity increases bandwidth and reduces costs compared to internet-based connections.

## **VPC endpoints** ##

Amazon VPC provides two types of endpoints: gateway endpoints and interface endpoints. With these endpoints, you can securely connect VPC resources to other AWS services without traversing the internet.


Architecture diagram of region, VPC and private subnet.

**Gateway endpoints**

- These endpoints are used to connect the VPC to specific AWS services like Amazon S3 and DynamoDB.
- They work by adding a prefix list to the VPC route table, which routes the traffic to the AWS service through the AWS private network.
- Gateway endpoints do not support AWS PrivateLink.
![image.png](attachment:image.png)


**Interface endpoints**

- These endpoints enable private connectivity to AWS services, your own services, and AWS Marketplace partner services using PrivateLink.
- They are implemented as elastic network interfaces with private IP addresses that serve as an entry point for traffic to the target service.
- Interface endpoints support a wider range of AWS and third-party services compared to gateway endpoints.

![image.png](attachment:image.png)

## **AWS PrivateLink** ## 

PrivateLink is a feature that provides private connectivity between VPCs, AWS services, other AWS accounts, and supported AWS Marketplace partner services. You can use PrivateLink to access these services by using private IP addresses without exposing your traffic to the public internet.

With minimal configuration, AWS services appear to reside right inside your VPC, making them accessible. PrivateLink routes the traffic between VPCs and services over the AWS network so you no longer need an internet gateway, a NAT device, or a public IP address for your VPC.

PrivateLink also works with Direct Connect to establish a dedicated and private connection from your on-premises network to your VPCs.

![image.png](attachment:image.png)

**Summary**

Networking capabilities impact security, performance, and scalability of your applications. It is important to set up the necessary networking components based on your organization's specific configuration. To communicate from an AWS instance to your network, you need an AWS Site-to-Site VPN. To securely connect to services, use gateway endpoints or interface endpoints. Gateway endpoints provide a secure and private connection between the VPC and the AWS services hosted outside the VPC. Interface endpoints and PrivateLink facilitate private connectivity between the VPC and the AWS services within the same Region.