Introduction¶

A reference architecture for AWS networking best practices.

Enterprise AWS networks are built on five interconnected pillars:

Foundation - Core infrastructure build using AWS Organizations, Amazon VPCs, subnets, Amazon VPC IP Address Manager that everything else depends on
Connectivity - Communication through internet gateways, AWS Transit Gateway, AWS Direct Connect, and VPN services
Application Networking - Traffic distribution via Elastic Load Balancing, service-to-service communication through Amazon VPC Lattice, and container networking
Security - Protection & network isolation through AWS Network Firewall, AWS PrivateLink, Amazon Route 53 Resolver DNS Firewall
Observability - Monitoring and troubleshooting capabilities across all services

Getting started¶

If you know what you're trying to accomplish, start with the Decision Map — it maps common AWS networking questions directly to recommended services, patterns, and trade-offs.

Or, start with Foundation to understand the basics and then explore each pillar based on your specific networking requirements.

Foundation

Essential AWS networking concepts including VPCs, subnets, routing, and core infrastructure components.

Foundation
Connectivity

Internet access, connectivity within AWS, and hybrid & multi-cloud networking solutions.

Connectivity
Application Networking

Load balancing, service-to-service communication, and container mesh networking for modern applications.

Application Networking
Security

Secure your AWS network with defense-in-depth strategies, access controls, and threat protection.

Security
Observability

Monitor network performance, troubleshoot connectivity issues, and gain visibility into your AWS network.

Observability

Contribute¶

Help improve this guide by reporting issues, suggesting new best practices, or contributing content. Join our community-driven effort to create comprehensive AWS networking resources for everyone.