Chapter 12: Security and AWS (Part 3 AWS Gateway services - 9 and counting)

Gateways come in all shapes and sizes!


Image result for The Porta Nigra

The Porta Nigra (Roman city gate) in France, it's even more impressive inside.

AWS Gateways?

Virtual Private Gateway (not 1st order service)

This is one of many "gateways" in AWS (you could make a computer game up around finding your way into AWS via the correct gateway?)  This one is for private connection between VPC and another network. I thought this was just called a VPN :-) It appears to be a hardware device.

Internet Gateway (not 1st order service)

Another gateway. To allow internet connection to AWS services.



How many other AWS gateways are there?

The only 2 gateways that are 1st order AWS services listed in the services/regions page are:

Amazon API Gateway (1st order service)


Amazon API Gateway

APIGateway_Diagram

Amazon Storage Gateway (1st order service)


Amazon Storage Gateway

Image result for amazon storage gateway


AWS Direct Connect (1st order service)


For hybrid storage solutions (on-premises and cloud storage). this seems to also use AWS Direct Connect. Isn't this just a VPN? No, looks like a faster/more secure connection for a VPN.
Does this count as a gateway service? Yes I think so as it uses gateways protocols.


There are also (that I could find):

NAT Gateway (not 1st order service)


NAT Gateways

Is a Managed NAT Gateway just the same?

Device Gateway (not 1st order service)

This is for IoT

Device Gateway

The AWS IoT Device Gateway enables devices to securely and efficiently communicate with AWS IoT. The Device Gateway can exchange messages using a publication/subscription model, which enables one-to-one and one-to-many communications. With this one-to-many communication pattern AWS IoT makes it possible for a connected device to broadcast data to multiple subscribers for a given topic. The Device Gateway supports MQTT, WebSockets, and HTTP 1.1 protocols and you can easily implement support for proprietary or legacy protocols. The Device Gateway scales automatically to support over a billion devices without provisioning infrastructure.
To learn more read Protocols in the AWS IoT user guide.
Looks like it's just an entry point into the message brokers as it uses MQTT

MQTT is a lightweight internet pub-sub protocol (like XMPP which I have used before).

And Remote Desktop Gateway RD Gateway

For connecting to windows AMIs with RDP. Don't need a VPN.

Quick Start architecture for Remote Desktop Gateway on the AWS Cloud



So here's my "final" list of AWS gateway services, 9 so far:

1st order gateway services

  • Amazon API Gateway
  • Amazon Storage Gateway (how many variants?)
  • Amazon Direct Connect (VPN)

Not 1st order gateway services (related to other services)

  • Virtual Private Gateway (VPC)
  • Internet Gateway (VPC)
  • NAT Gateway (VPC)
  • Device Gateway (IoT)
  • Remote Desktop Gateway (RD Gateway, Windows RDP)
  • AD Connector (see below, Active Directory Gateway)


And as usual there are more questions like: Which gateways can interoperate? (if any)? What things can connect to/from each gateway? And what would a reference architecture including all the gateways look like (And if there one? TODO May need to search by each gateway name)

API Gateway and Lambda whitepaper

Storage Gateway architectures

VPG/VPC connectivity options whitepaper

VPC architecture

Device Gateway? Not sure where the best AWS IoT material is yet, here's a picture:

How AWS IoT Works


PS
Possibly some other services are "gateway" services. E.g. Kinesis Firehose? This is listed as an import/export option in the April 2017 AWS service update slides.

Also VM Import/Export? Snowball? Import/Export Disk, Snowball and Snowmobile?!

What's Snowmobile? This sounds like they put your data centre on a truck and tow it to an AWS data centre!

AWS Snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS. You can transfer up to 100PB per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. Snowmobile makes it easy to move massive volumes of data to the cloud, including video libraries, image repositories, or even a complete data center migration. Transferring data with Snowmobile is secure, fast and cost effective.

 Doesn't look anything like a snowmobile :-(

 Image result for aws snowmobile


snowmobiles are a lot more FUN!

Image result for snowmobile



So basically anything that allows you to get data in or out of AWS could count as a gateway...

Oh, so also Active Directory Connector to.

Yes, definitely a gateway service.

AD Connector is a directory gateway with which you can redirect directory requests to your on-premises Microsoft Active Directory without caching any information in the cloud. AD Connector comes in two sizes, small and large. A small AD Connector is designed for smaller organizations of up to 500 users. A large AD Connector can support larger organizations of up to 5,000 users.


Comments

  1. Unknown25 July 2018 at 02:26

    This is a very nice article. thank you for publishing this. i can understand this easily.AWS Online Training

    ReplyDelete
  2. Thanos1 February 2019 at 08:33

    This is a great information on Secure Internet Gateway

    ReplyDelete
  3. Rekha Roy22 November 2021 at 07:08

    Want to change your career in Selenium? Red Prism Group is one of the best training coaching for Selenium in Noida. Now start your career for Selenium Automation with Red Prism Group. Join training institute for selenium in noida.

    ReplyDelete

Post a Comment

Popular posts from this blog

Which Amazon Web Services are Interoperable?

Image
Which Amazon Web Services are Interoperable? This is a question I asked when I started studying for AWS certification, asked a few AWS certified architects at Sydney Summit 201 (the answer typically was "all of them as they all use REST APIs", really?), and have attempted to answer from the documentation. They only way I could think to answer this so far is go through the documentation for the 3500 services (according to April AWS service update) and create a dependencies graph (which services interoperate with which other services).  I've also noticed that some of the certification questions ask which for AWS X, which other AWS services interoperate with it? So obviously it's important. Obviously AWS could answer this by monitoring (E.g. with X-Ray) which services call or are called with services and create a interoperability graph and frequency of calls. I've since come up with another approach to answer this.  I've used the 16 aws reference architecture
Read more

AWS Certification glossary quiz: IAM

Image
I also keep getting stuck on IAM and key related questions so here's a quiz on IAM. Qn1  One of two possible outcomes (the other is  deny ) when an  IAM  access  policy  is evaluated. When a user makes a request to AWS, AWS evaluates the request based on all permissions that apply to the user and then returns either deny or this one. alarm permit true allo w Qn2  A web service that enables  Amazon Web Services  (AWS)  customers to manage users and user permissions within AWS. AWS user service (AUS) AWS customer service (ACS) AWS access management (AAM) AWS Identity and Access Management  (IAM) Qn3:  An  IAM   managed policy  that is created and managed by AWS. AWS management AWS policy AWS IAM policy AWS managed policy Qn4:  A web service for requesting temporary, limited-privilege credentials for  AWS Identity and Access Management  (IAM)  users or for users that you authenticate ( federated users ). AWS credential service (AWS ACS) AWS token service
Read more

AWS SWF vs Lambda + step functions? Simple answer is use Lambda for all new applications.

Image
I do like my Lamb (daaaa)! What's the difference between SWF and Lambda + step functions? Well, for a start they can be used together. Benefits and Limitations of using Lambda Tasks There are a number of benefits of using Lambda tasks in place of a traditional Amazon SWF activity: Lambda tasks don’t need to be registered or versioned like Amazon SWF activity types. You can use any existing Lambda functions that you've already defined in your workflows. Lambda functions are called directly by Amazon SWF; there is no need for you to implement a worker program to execute them as you must do with traditional activities. Lambda provides you with metrics and logs for tracking and analyzing your function executions. There are also a number of limitations regarding Lambda tasks that you should be aware of: Lambda tasks can only be run in AWS regions that provide support for Lambda. See  Lambda Regions and Endpoints  in the  Amazon Web Services General
Read more