Wiki source code of AWS Direct Connect
Last modified by Martijn Woudstra on 2022/06/10 15:53
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | {{container}}{{container layoutStyle="columns"}}((( | ||
| 2 | In this microlearning, we will focus on how you can use AWS Direct Connect to connect to your eMagiz environment. | ||
| 3 | The Direct Connect solution acts like an extension of the customer network. | ||
| 4 | |||
| 5 | Should you have any questions, please contact [[academy@emagiz.com>>mailto:academy@emagiz.com]]. | ||
| 6 | |||
| 7 | * Last update: April 1th 2021 | ||
| 8 | * Required reading time: 5 minutes | ||
| 9 | |||
| 10 | == 1. Prerequisites == | ||
| 11 | |||
| 12 | * Advanced knowledge of the eMagiz platform | ||
| 13 | * Expert knowledge of AWS Infrastructure | ||
| 14 | |||
| 15 | == 2. Key concepts == | ||
| 16 | |||
| 17 | This microlearning centers around how you can use AWS Direct Connect to connect to your eMagiz environment. | ||
| 18 | With the AWS Direct Connect, we mean: An option that gives the client the option to directly connect their network to eMagiz without data travelling over the internet | ||
| 19 | |||
| 20 | This microlearning will explain how traffic needs to be routed over the dedicated connection by adding DNS records to the corporate resolving servers. | ||
| 21 | The network architecture Below is a technical representation of the connectivity between the customer network and the AWS deployment of a eMagiz Platform Instance of the customer. | ||
| 22 | |||
| 23 | [[image:Main.Images.Microlearning.WebHome@expert-solution-architecture-aws-direct-connect--connectivity-direct-connect-emagiz.png]] | ||
| 24 | |||
| 25 | == 3. AWS Direct Connect == | ||
| 26 | |||
| 27 | This microlearning will explain how traffic needs to be routed over the dedicated connection by adding DNS records to the corporate resolving servers. | ||
| 28 | The network architecture Below is a technical representation of the connectivity between the customer network and the AWS deployment of a eMagiz Platform Instance of the customer. | ||
| 29 | |||
| 30 | [[image:Main.Images.Microlearning.WebHome@expert-solution-architecture-aws-direct-connect--connectivity-direct-connect-emagiz.png]] | ||
| 31 | |||
| 32 | An eMagiz platfom instance is reachable via the internet via DNS records with below format: | ||
| 33 | amqp01.cloud<number>.emagizcloud.com (The primary node) | ||
| 34 | amqp01b1.cloud<number>.emagizcloud.com (The backup node) | ||
| 35 | |||
| 36 | === 3.1 Force eMagiz traffic over the Direct Connect === | ||
| 37 | |||
| 38 | To force traffic from the customers network to the bus over a Direct Connect connection a change to the corporate DNS service needs to be done by adding overrides to the bus DNS records. | ||
| 39 | In the infrastructure drawing the Direct Connect VPC is an extension of the customer network. It contains IP numbering matching the customers network IP plan. | ||
| 40 | |||
| 41 | From the received allocation two subnets are configured in separate AWS Availability Zones (datacenters). Within these subnets two endpoints are setup so the bus can be reached via the internal network. These “Service Endpoints” can be resolved via a DNS record with the following format: vpce-<unique_id>.vpce-svc-08a0a27ad9d7b60d8.eu-central-1.vpce.amazonaws.com | ||
| 42 | |||
| 43 | The private addresses which are resolved by above endpoint need to be added to the internal DNS servers as overrides so traffic to the public eMagiz Platform Instance DNS names are resolved to the internal IP addresses. | ||
| 44 | |||
| 45 | * An example of above change implemented in BIND can be followed in below blog posting: https://www.redpill-linpro.com/sysadvent/2015/12/08/dns-rpz.html | ||
| 46 | * Comparable solutions exist for Microsoft DNS servers: https://blog.simonw.se/override-a-single-external-hostname-with-internal-dns-entry/ | ||
| 47 | |||
| 48 | === 3.2 Example implementation with BIND === | ||
| 49 | |||
| 50 | An example customer has cloudslot123 and service endpoint vpce-01234567890123456-io3z36gk allocated to their private endpoint over Direct Connect. A DNS lookup before the change results connecting to the public internet endpoint of the eMagiz Platform Instance: | ||
| 51 | |||
| 52 | [[image:Main.Images.Microlearning.WebHome@expert-solution-architecture-aws-direct-connect--dns-public-internet.png]] | ||
| 53 | |||
| 54 | Creating a RPZ zone in the “company.com” dns servers: | ||
| 55 | |||
| 56 | [[image:Main.Images.Microlearning.WebHome@expert-solution-architecture-aws-direct-connect--creating-a-rpz-zone.png]] | ||
| 57 | |||
| 58 | After the change a DNS lookup to the bus results in answers over the Direct Connect (172.20.3.20 and 172.20.4.22): | ||
| 59 | |||
| 60 | [[image:Main.Images.Microlearning.WebHome@expert-solution-architecture-aws-direct-connect--change-dns-lookup.png]] | ||
| 61 | |||
| 62 | == 4. Assignment == | ||
| 63 | |||
| 64 | There is no assignment for this microlearning as the above implementation will only be done when a specific use case is identified. | ||
| 65 | |||
| 66 | == 5. Key takeaways == | ||
| 67 | |||
| 68 | * AWS Direct Connect acts as an extension of the customer network | ||
| 69 | * Ensure that the DNS lookup is changed to look for internal IP addresses in stead of public ones. | ||
| 70 | |||
| 71 | == 6. Suggested Additional Readings == | ||
| 72 | |||
| 73 | If you are interested in this topic and want more information on it please read the following: | ||
| 74 | |||
| 75 | * https://blog.simonw.se/override-a-single-external-hostname-with-internal-dns-entry/ | ||
| 76 | * https://www.redpill-linpro.com/sysadvent/2015/12/08/dns-rpz.html | ||
| 77 | |||
| 78 | == 7. Silent demonstration video == | ||
| 79 | |||
| 80 | There is no demonstration video for this microlearning. We believe that the implementation of this is too specific based on the used case that a video would not be beneficial. | ||
| 81 | |||
| 82 | )))((({{toc/}}))){{/container}}{{/container}} |