Also see
Basic Web Application architecture
- VPC -> Region
- Subnets -> AZ
- More AWS architecure diagrams
Security groups vs NACL
- “NACLs keep unwanted traffic out of the subnet, and security groups keep unwanted traffic out of an EC2 instance or AWS service.”
- NACLs are stateless, meaning you have to configure outbound & inbound rules
- In contrary to stateful security groups. These monitor outbound traffic, and what goes out, is allowed to come back in.
- lovely stackoverflow explaining what stateful means in this context.
- NACLs have an implicit deny
Helpful podcasts
First podcast
This one goes over the services and explains their use cases
Second podcast
This one discusses real life problems that are trying to be solved.
cross region routing, transit gateways, VPNs, storage gateway, and direct connect, to name a few :)