AWS-Networking
AWS Networking
Please be sure to review, bookmark and follow all the AWS related standards in the Labs Engineering Standards.
Only APLs will have permissions to modify AWS network settings for a product account.
Overview
General network setup for an AWS Product Account requires:
A product domain
An AWS Hosted Zone to handle DNS requests for the domain
An SSL Certificate to enable SSL protection
The Product Domain
Each Product will have one and only one domain that will be used for all network traffic to all endpoints in all projects. Please refer to the Labs Engineering Standards for naming details.
The product Hosted Zone must be created before you can register the product domain name. This is because the name servers in the hosted zone must be listed in the domain registration.
If these don't match, DNS doesn't work.
However, domain registrations can always be updated by an engineering manager should they change for some reason.
Product Hosted Zone
An AWS Hosted Zone is a DNS resource for controlling name resolution for a domain. Each AWS Product Account will have a hosted zone setup to handle name requests for the product domain.
Setup Hosted Zone
Navigate to the Route 53 service in the product account
Click 'Hosted Zones' on the menu to see the list of hosted zones
You should see one hosted zone with a domain name matching your product domain name
If not, you can click 'Create Hosted Zone'
The domain name is your product domain name
Public Hosted Zone
No tags required
Click create
When you create a new Hosted Zone in Route 53, AWS will assign a set of 4 name servers. You'll need to provide these name servers to your Engineering Manager so they can configure them in the domain registration record via our domain registrar.
You'll need to occasionally make modifications to your hosted zone records, you'll find those instructions embedded in these guides under specific services, such as Elastic Beanstalk.
Product SSL Certificate
Every internet-facing product should be protected using an SSL certificate. You'll use the AWS Certificate Manager to create this certificate, which can then be used with various services.
Navigate to the Certificate Manager service
'Request a Certificate'
'Request a public certificate'
Ensure these 4 names are listed on the certificate:
The root domain (e.g.
ecosoap.dev
)All first-level subdomains (e.g.
*.ecosoap.dev
)All subdomains under
api
(e.g.*.api.ecosoap.dev
)All subdomains under
ds
(e.g.*.ds.ecosoap.dev
)
Click Next
Choose 'DNS Validation'
No tags are required
Click 'Review' then 'Confirm and Request'
For each of the names on the certificate, click the triangle and then click the button to add the entry to the hosted zone.
After some time, around 10 minutes, the certificate should be fully validated and ready to use.
You'll use this certificate as part of other services. You'll find those instructions embedded in these guides under specific services, such as Elastic Beanstalk.
Last updated