{"id":17299042,"url":"https://github.com/strongjz/aws-advanced-networking-guide","last_synced_at":"2025-07-07T01:03:48.762Z","repository":{"id":72996759,"uuid":"401073410","full_name":"strongjz/AWS-Advanced-Networking-Guide","owner":"strongjz","description":"This repository curates content that is useful to study and pass the AWS Advance Networking Speciality Certification. ","archived":false,"fork":false,"pushed_at":"2021-08-31T12:25:16.000Z","size":11,"stargazers_count":17,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-09T17:06:36.702Z","etag":null,"topics":["aws","certification","certification-prep","networking"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/strongjz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-08-29T15:15:14.000Z","updated_at":"2024-10-10T02:34:35.000Z","dependencies_parsed_at":null,"dependency_job_id":"92bf630c-1f14-4456-a30a-850476879aa1","html_url":"https://github.com/strongjz/AWS-Advanced-Networking-Guide","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strongjz%2FAWS-Advanced-Networking-Guide","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strongjz%2FAWS-Advanced-Networking-Guide/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strongjz%2FAWS-Advanced-Networking-Guide/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strongjz%2FAWS-Advanced-Networking-Guide/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/strongjz","download_url":"https://codeload.github.com/strongjz/AWS-Advanced-Networking-Guide/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248878966,"owners_count":21176413,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","certification","certification-prep","networking"],"created_at":"2024-10-15T11:20:51.285Z","updated_at":"2025-04-14T12:24:22.542Z","avatar_url":"https://github.com/strongjz.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS-Advanced-Networking-Guide\n\n* AWS Services\n* AWS White Papers\n* Courses \n* Blog Posts \n* Exam Guide \n* Sample Exams \n* Things to remember\n\n\n| Domain | % of Exam |\n|--------|-------------|\n| Domain 1: Design and implement hybrid IT network architectures at scale | 24% |\n| Domain 2: Design and implement AWS networks | 28% |\n| Domain 3: Automate AWS tasks | 8% |\n| Domain 4: Configure network integration with application services | 14% |\n| Domain 5: Design and implement for security and compliance | 12% |\n| Domain 6: Manage, optimize, and troubleshoot the network|  14% |\n\n\n## AWS Services\n* [VPC](https://aws.amazon.com/vpc/faqs/?ep=sec\u0026sec=spec_advn)\n  * NACL\n  * Security Groups\n  * [VPC endpoints](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html)\n  * Subnets\n  * Route Tables\n  * EC2\n  * Placement groups\n  * Enhanced networking\n    * Secondary ENI\n    * ENA\n    * EFA\n    * EBS Optimized\n    * MTU\n    * Throughput to the internet\n  * VPC Traffic Mirroring\n* Direct Connect link\n  * [FAQ](https://aws.amazon.com/directconnect/faqs/?ep=sec\u0026sec=spec_advn)\n  * [Docs](https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html)\n* AWS and IPsec VPN\n* Load Balancing\n* AWS Global Accelerator\n* Gateways \n  * Internet gateway \n  * Egress internet \n  * NAT gateway\n  * [Virtual GW](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-ug.pdf)\n  * Customer gateway\n  * AWS Transit Gateway\n* AWS Config\n* Amazon SNS\n* AWS Lambda\n* CloudFormation\n* Amazon CloudWatch\n* Amazon CloudWatch Logs\n* Network Manager\n* [Route 53](https://aws.amazon.com/route53/faqs/?ep=sec\u0026sec=spec_advn)\n* Network Security\n  * VPC flow log\n  * AWS CloudTrail\n  * IAM policies\n  * AWS KMS\n  * AWS WAF\n  * GuardDuty\n  * AWS Shield\n\n## Networking Topics\n* High availability/load balancing\n* VLANs\n* 801.q \n  * 802.1Q is an Ethernet standard as defined by the IEEE that enables Virtual Local Area Networks (VLANs) on an Ethernet network.\n* BFD\n  * Bidirectional Forwarding Detection (BFD) is a mechanism used to support fast failover of connections in the event of a failure in the forwarding path between two routers.\n* LAG\n  * A Link Aggregation Group (LAG) is a logical interface that uses the Link Aggregation Control Protocol (LACP) to aggregate multiple 1 Gbps or 10 Gbps connections\n* Routing\n* Subnetting\n* DNS\n* DHCP\n* Sticky Sessions\n* DMZ\n* Data at rest and in transit\n* BGP \n  * Border Gateway Protocol (BGP) is a routing protocol used to exchange network routing and reachability information, either within the same or a different autonomous system.\n* AS_PATH prepending \n  * is a mechanism where you artificially make the AS_PATH longer on one connection compared to the other by adding your own ASN multiple times to the path.\n\n\n\n\n\n## Whitepapers\n\n* [Best Practices for VPCs and Networking in Amazon WorkSpaces Deployments](https://d1.awsstatic.com/whitepapers/best-practices-vpcs-networking-amazon-workspaces-deployments.pdf)\n* [Building a Scalable and Secure Multi-VPC AWS Network Infrastructure](https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/welcome.html)\n* [Amazon Virtual Private Cloud Connectivity Options](https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/welcome.html)\n* [AWS Best Practices for DDoS Resiliency](https://d1.awsstatic.com/whitepapers/Security/DDoS_White_Paper.pdf)\n* [High Performance Computing on AWS Redefines What is Possible](https://d1.awsstatic.com/whitepapers/Intro_to_HPC_on_AWS.pdf)\n* [Integrating AWS with Multiprotocol Label Switching](https://d1.awsstatic.com/whitepapers/Networking/integrating-aws-with-multiprotocol-label-switching.pdf)\n* [AWS Certified Advanced Networking Official Study Guide: Specialty Exam](https://www.amazon.com/Certified-Advanced-Networking-Official-Study-ebook/dp/B079VKD1CN)\n\n## Courses/Videos\n\n- [AWS re:Invent 2017: Deep Dive: AWS Direct Connect and VPNs (NET403)](https://www.youtube.com/watch?v=eNxPhHTN8gY)\n- [AWS re:Invent 2017: Extending Data Centers to the Cloud: Connectivity Options and Co (NET301)](https://www.youtube.com/watch?v=lN2RybC9Vbk)\n\n## Blog Posts\n\nhttps://crishantha.medium.com/aws-site-to-site-vpn-c4baf45703fd\n\n## Exam Guide\n\nhttps://d1.awsstatic.com/training-and-certification/docs-advnetworking-spec/AWS-Certified-Advanced-Networking-Specialty_Exam-Guide.pdf\n\n## Sample Exams\n\n## Things to remember \n\nRoute Table Priority\n\n|Priority  |Description|\n|----------|-------------|\n|1\t|Local route, even if a more specific route exists for the CIDR|\n|2\t|Most specific route (longest-prefix match)|\n|3\t|Static routes are preferred over dynamic routes for equivalent prefixes|\n|4\t|Dynamic routes propagated from AWS Direct Connect |\n|5\t|Static routes configured on a VGW VPN connection |\n|6\t|Dynamic routes propagated from a VPN |\n\nBGP path selection order is as follows:\n\n1. Local routes to the VPC (no override with more specific routing)\n2. Longest prefix match first\n3. Static route table entries preferred over dynamic\n4. Dynamic routes:\n   1. Prefer AWS Direct Connect BGP routes \n      1. Shorter AS_PATH \n      2. Considered equivalent and will balance traffic per flow\n   2. VPN static routes (defined on VPN connection)\n   3. BGP routes from VPN \n      1. Shorter AS_PATH\n\nVPC Endpoints \n\nGateway endpoints ( Route Table entry )\n  - Amazon Simple Storage Service (Amazon S3) \n  - Amazon DynamoDB. \n\nInterface endpoints ( ENI in your VPC )\n  - Amazon Kinesis Streams\n  - Elastic Load Balancing API\n  - Amazon EC2 API \n  - Amazon EC2 Systems Manager (SSM)\n  - AWS Service Catalog \n  - Endpoint services hosted by other account\n  - Partner Solutions","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstrongjz%2Faws-advanced-networking-guide","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstrongjz%2Faws-advanced-networking-guide","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstrongjz%2Faws-advanced-networking-guide/lists"}