Ep#109 The Art of AWS Networking: Navigating the Cloud’s Networking Landscape

Host: Jon

Please join me in welcoming Du’An Lightfoot, senior Cloud networking developer advocate at AWS to the show. Du’An, thanks for joining me.

Guest: Du’An

Hey, what's up, Jon? Thanks for having me.

Host: Jon

So Du’An, we had a chance to meet in person at AWS Reinvent 2022 and I have to put 2022 in there just because you never know when people are going to be watching this. We actually met at one of the breakfasts and you and I hit it off right away and I was like, dude, I got to have this guy on my show. This is pretty cool.

Guest: Du’An

It, it's an honor. That was my first rear event. So the fact that we hit it off and we're able to connect now just shows how great it is to go to these events and meet people. Yeah, so thanks, Jon.

Host: Jon

You can't miss these in-person events. Now everybody, today we're talking about cloud networking and really how to make the transition from a traditional network engineer to a cloud engineer. And if we have some time, we're going to talk about advancing your cloud networking engineer expertise along with your cloud career and branding, but we've got a huge amount of topics to talk about networking, and Du’An, I have to tell you, networking, while it's not near and dear to my heart, I know it's a necessity for any type of technical expertise.

Guest: Du’An

Correct? It can be a challenge for some people to pick up, but I think once you get the basics of some of the fundamentals like IP addressing, DNS, how things connect at layer one, layer two,

Host: Jon

IP addressing.

Guest: Du’An

Yes, yes, <laugh>, we had to go there, but

Host: Jon

I know, listen, we could have a whole show on it. I probably still would not understand it. Thank God AW w s takes care of a lot of that automatically. Du’An, before we jump to our topic, how about you get everybody a little bit of backstory on who you are?

Guest: Du’An

Yes, hello. As Jon mentioned, my name is Du’An Lightfoot. I am a senior developer advocate at AWS, focused on cloud networking. My background is kind of widespread. I've been in system administrator, I've been a network engineer, and Moser. Recently I made the transition to developer advocate due to learning network automation and getting integrated with DevOps,

Host: Jon

Du’An networking. Why networking?

Guest: Du’An

I like connecting things. I like connecting computers and I like connecting people. So it just kind of all came together.

Host: Jon

I like connecting Legos, but I didn't become a professional. I'm just kidding. First of all, I got, I'm going to give you a little bit of a story and it's going to be a really quick one. Networking is very key. I started as a traditional server admin and networking by far. Every time I couldn't get something to work or communicate, I was always like, yo network folks, it's not working. They're like, did you try to ping in the internal gateway? Did you try the loopback? Did you plug in the cable? And I'm like, I don't know, maybe <laugh>

Guest: Du’An

That. That's a great point. Just knowing some of those fundamentals can make your job a lot easier, but I think the networking in the cloud is kind of simplifying some of those troubleshooting steps that we used to have to do on-premises. So I'm in interested to get into this discussion.

Host: Jon

Hey, this looks like a good place to jump in and talk about today's sponsor. Veeam, how would you like to own control and protect your data in the cloud? Are you using Salesforce? Veeam has you cover it with Veeam backup for sales Salesforce backing up your Salesforce data efforts, whether it's on-premise or in the cloud. Honestly, why wouldn't you back up your most critical CRM data from loss or corruption? Now imagine your sales team coming in and not being able to recover all their information, their notes, their pipeline because it's the one thing you didn't think you needed a backup. How about doing it effortlessly with Veeam Backup for Salesforce while there are nine reasons that you should back up your Salesforce data. How about just two data loss and data corruption? VE backup for Salesforce eliminates the risk of you losing your data and metadata due to human error integration or other Salesforce data law scenarios. Check out VE backup for Salesforce today. Now, how about we get you back to that podcast? So Du’An, I want to jump into things, but how about we give people an overview? What is a VPC from AWS?

Guest: Du’An

So when you think of a VPC, a VPC allows you to provision a logically isolated section of the AWS cloud where you can launch resources into a network that you do. You define, it's similar to your on-premise data center. In your data center, you have an IP address, you have route tables, you have subnets, you have your network's topology, and your route tables and security rules and firewalls. All of that is in your data center. You can configure this inside of a VPC.

Host: Jon

So is it safe to say that within AWS a  VPC is not only a network or a cloud engineer, I need to understand that a little bit more than my on-premise where I can just either rack a server and connect it or spin up a VM and I don't have to understand how everything communicates from a server admin perspective because my network team typically handles it?

Guest: Du’An

You have to understand the VPC and the network constructs of the VPC as well as the AWS global infrastructure when it comes to the regions and availability zones. Think of your region as the geographical location around the world where we cluster data centers and those clusters of data centers are availability zones. We have 31 regions and 99 availability zones. Why is this important? Because when your employer or your businesses build or design their applications, they're going to want to build their applications as close to their customers. So one region that we have is us-east-1 another region that we have is us-west-2, one is on the east coast one and is on the west coast. And so now how do you get connectivity between the two? If there's VPC in both of those regions, you'll need to understand the foundational principles of Edwards networking to make that happen.

Host: Jon

Okay, before we dive deep into this, do you want to break down the components of just a traditional VPC within AWS?

Guest: Du’An

Yes. The components of a basic traditional VPC, let's think of the default VPC. Whenever you create an account in AWS, you are introduced to or given a default VPC. That VPC is going to have a cider block, which is going to be the IP address range for the entire VPC and that's usually going to be 172.1.0.0/16. And so that'll give you about 65,000 IP addresses within that VPC side of the block. Now then you have subnets. Those subnets are going to be attached to an availability zone depending on how many availability zones you have in the region. That subnet will be per availability zone. So one thing I didn't mention is that when it comes to a VPC, A VPC is a regional construct, so that means your VPC is going to span all availability zones within the city region, but it's only going to be in that one region.

Guest: Du’An

The next thing we need to understand when we talk about something that's going to be your route tables. Your route tables can have multiple subnets associated with them, but a sub can only be associated with a single route table. Now your route table is going to be those rules to say how does, does your EC2 instance talk to the internet? Or how does your EC2 instance talk to VPC B rather than VPC a? Gotcha. The next thing we could talk about is going to your internet gateways or your I was. This is what's going to pro provide that internet connectivity for you to talk to your server that is either on-prem or on the internet.

Host: Jon

Du’An, let's talk networking from an on-premise perspective and then really how that translates to the cloud because I think having hands-on a physical server or understanding that networking components on how things go in within the OS helps you not only on-premise but also in the cloud.

Guest: Du’An

Yes. So my traditional start was like you connecting servers, building servers, and deploying them in on-premise infrastructures. One of the things that I learned during that time is how things connect at layer one you often hear is it plugged in? So that means is it powered on it? Is the cable plugged into the computer? So when we're talking about whether is it plugged in, that's understanding the OSI model. And so when we're at layer one, that's the physical layer and then from there, we go up to that data link layer, which is going to be a network intercar. So when you talk about pinging the loopback, do you have communication at layer two which is also leads into layer three, which is going to be that IP address and or that network layer? And then from there, we start troubleshooting ports with firewalls and we're just kind of going up to the stack till we get to that server and that application. So when we're talking about on-premise networking, this is understanding how we go from our computer to that web server that may be on the internet.

Host: Jon

Understanding layers from one to seven I think is very critical. CompTIA has a really cool, and I took the network plus way back then and that will date me on when they came out, but I find that very important to understand the whole communication path because then you can troubleshoot every step. Let's talk about just the basics of networking from on-premise. I mean physically plugging in that cable and seeing those link lights work, whether it's on the network card or the switch, is actually for me like step one, is my cable working? Was it crimped correctly or was it faulty? Because that's a lot of the issues that we run into.

Guest: Du’An

Correct? Correct. When we're on, let's say a corporate network, one of the IP addresses that everyone should know is 8.8.8.8, which is a Google d n s server.

Host: Jon

Do you use that too?

Guest: Du’An

Yes, everyone uses that

Host: Jon

Because that's one of the 13 root DNS servers. That's very critical for, I do 4.4 4 2, 4, 4, 4 4 or an eight, all that. But very critical.

Guest: Du’An

Yes. And so when we're talking about connectivity one of the challenges of being a network engineer is understanding how to troubleshoot from the laptop to the customer's destination. So do you have the source IP address, which is going to be the laptop, and the destination IP address, which could be that physical server? Now, this is traditional networking from point A to point B communication. That often changed when we started talking about ephemeral connections with application networking and containers. But just from a basic on-premise standpoint, when we're talking about that connectivity and that troubleshooting, there are a couple of things you need to understand. One is IP addressing. The second thing you need to understand is D N s because sometimes the problem isn't always the network. Sometimes the D N s is the domain registered, is the hostname configured in D n s is the right D D N S con can con the right d n s con configuration on the local desktop or laptop. How is this all configured? Is the IP address configured correctly in the host record? That's DNS So being able to understand how this connectivity works at a basic level, then we can start talking about the routing with BGP, with E I G R P, which is going to be your interior exterior gateway protocols when you ride across the internet and on-premises.

Host: Jon

So one, you jumped on it and talked about a lot of those protocols that are working, but those are traditionally on-premise. You don't have to deal with that when you go to the cloud. Now we're going to talk cloud in a general jumping to it, but if you think about it in a traditional sense, an enterprise that's been established a while, you are a server admin and they still have that silo effect as much as they want to do and put everybody into the groups, which is great because when you come to cloud, you are the network admin, you are the server admin. You have to understand all those components. On an on-premise you have that siloed where the server admin goes, oh, it's not working. Now I got to go put in a ticket for the network engineer. And when he gets to that could be a day or two before he takes a look at it and troubleshoots it and you need to get your work done so now you're delayed,

Guest: Du’An

Right?

Host: Jon

But isn't that critical to understand that maybe you as a server admin can troubleshoot a lot of those steps and present those results to the server admin and then we'll talk about what it looks like in the cloud,

Guest: Du’An

Right? As a server admin, you should understand and know what your DNS IP addresses are on-premise systems, right? You should know how to configure that on your either Linux box or Windows system. You should know that you should be able to troubleshoot the default gateway. Do you have a D H C P IP address or do you have a static IP address? Is that configured correctly? Is it in the right range? A subnet of the default gateway? These are all basic troubleshooting steps that you should be able to do on your local system.

Host: Jon

Now we haven't even gotten into an IPAM, which is your IP address management system that a lot of enterprises have on-premises AWS does integrate with them, so you can manage those as you get further along the system. We haven't even touched on DNS fully DNS is very critical. So as you were indicating not only having a D H E P address the domain, is it configurable? Does your unit or your server understand that IP address but routing now I need to figure out do I have the right route to communicate. Every subnet needs a route to communicate with another subnet that's in there. If it's not available, it needs to go there. There's automation involved. I mean there are just so many components to a network to understand how does somebody from on-premise take those to the cloud to even understand those? Do those transfer or do those translate to the cloud?

Guest: Du’An

Yeah, you made a great point when we started talking about those server admins and the developers I've worked with some really smart developers that can troubleshoot from point A to point B. They'll, they'll say, Hey, I tried to ping this, and then work. So I run the traceroute and they stop in here and then they'll also do T P TCP dumps on the local line box and sent me to caps to let me know actually what's going on. In the local system, what they're seeing are ports open. One of the commands that I used to always run is netcat, which is NC hyphen dv and then the I p address and port number of the remote system that you're trying to connect to verify if that port is open. And so you can also do that traceroute to say, okay, I'm getting to the device, I competing for the device and now I'm verifying that the port is not either open on the system or that port is being blocked in the firewall. So understanding that communication from that layer one up to layer four to your application, which is usually managed by the developers can help you when you're making that transition to the cloud.

Host: Jon

How difficult is it for a server admin? I'm talking about traditional on-premise server admin who has maybe some limited cloud experience to take that to the cloud and now they need to understand not only their job as a server admin, so managing anything but also understand the network components.

Guest: Du’An

I think it's, I don't want to say it's easier, it's different, right? Because when you think about layer one and layer two in the cloud, those are something you don't have to deal with. You don't have to physically connect servers in the cloud, you don't have to worry about broadcast domains in the cloud. That's not something we have to know about. So at that level, I would say we can remove that portion and just focus on that networking stack up. When it comes to building networks and learning cloud networking on AW S or whatever cloud provider you're working with,

Host: Jon

I find it critical to understand VPC and all the components, all the subnets, and all the routes within AWS. And once you understand that and how they communicate, and I think so aw W S provides several ways to create vpc. You can use the wizard, you just want to get up and get started and get running, but I think everybody should manually configure their VPC and I mean to create the subnets IP addresses that go with it, the routes if you want to gateway or not. I think if you understand all those then use the wizard. And the reason I say that is because when something is removed from a VPC that you automatically created versus manually created, you have to go and troubleshoot and understand how they communicate. Just my opinion on that.

Guest: Du’An

Yeah, I don't know if you've been into creating a VPC in the console lately, but there's a flow chart to let you know okay, I want to create a VPC. You can either create only a VPC or you can create a VPC with all the resources and the resources being the subnets that you desire, the VPC endpoints, the routing for private or public subnets along with the net gateway, and things like that.

Host: Jon

Okay, so let's talk about IP addresses and how critical is it for you to understand and IP address the subnets and everything since AWS does a lot of that automatically for you versus on-premise

Guest: Du’An

It does a lot for you. But when we're talking about IP knowing the size of your VPC, the largest you can have is let's say a slash 16. The smallest that you can have is a slash 28, which only gives you about 16 IP addresses within a VPC knowing, okay, if I have a 28 here and then I have let's say a slash 27 here and the IP addresses, will they overlap if I try to do VPC pairing? So you have to understand when you're configuring your devices to know when I'm trying to communicate to the destination from destination A to destination B, and maybe I'm using VPC parent or a transit gateway, which is your hub and spoke for your VPCs, is those, will the communication happen? Will there be an issue because of IP address overlap? And the same goes whenever you're connecting services. So that's something always just keep in mind the basics with the IP address overlap and knowing where your default gateway is, which kind of is inherent because there's a lot of DHCP that happens in the VPC, so a lot of that is already done for you. So the more main thing is going to be your communication to know VPC parents and connecting your VPCs

Host: Jon

Especially when you select an IP address range and carve it out. And that's usually <laugh> networking terms. I'm not a networking engineer, but I talk to so many of 'em when they say I'm going to carve you out a subnet for it or a, and when they configure it, knowing how big or how your subnets are going to be is critical in a couple of use cases. One of those is the overlap appearing for it expanding, right? You need to expand it, you're going to add more servers. What about auto-scaling?

Guest: Du’An

IP addressing is always going to be something you have to think about with autoscaling. You're going to have to have IP addresses available for that as well in that range. When you expand and contract your autoscaling groups, you're going to need IP addresses for that as well.

Host: Jon

Now, does a WS allow you to expand your subnet, right? So you created a VPC, can you expand or increase the size of your network

Guest: Du’An

With the VPC? You can. So you can add a VPC cider block to your VPC and then from there you have to create an

Host: Jon

Nice, I'd like that. So that came out, I'm going to have to say five years ago, maybe a little less than that. I ran into an issue where I did need to increase it because I made it too small. We were carboning it a little too small IP addressing what we were joked about originally. So real quick, everybody, I'm talking with one Lightfoot and we're talking about cloud networking and how to make that transition from a traditional networking engineer to a cloud engineer. Now a network engineer that goes to the cloud, if you think about that, you're, that's not going to be your only role. You're going to have to understand a lot of the things that come into the environment. Not only the VPC, but the routes also subnet peering gateways what's it? Transitional gateways. There are so many that are involved in so many things for come and additional counts. Actually what Du’An, I'm going to jump to that subject. And what about connecting accounts for communication like your dev and your prod, which you should never do but to maybe a shared account?

Guest: Du’An

So there are a couple of things. We do have VPC sharing which allows you to share those subnets between VPCs. You can also use VPC peering. Another one is going to be transit gateways.

Host: Jon

Yeah, so Du’An, what about DNS? I'll tell you what and I'll give you another fun little story. I do all the DNS for myself for my website. Yes, it's hosted on Route 53 because it's very easy, and simple and allows me to do it. It tells me when I make a mistake, except for when I took my website down, I took away the CNAME and I shouldn't have for my CDN  and I didn't realize I could have added another one to the line. New mistake. I hate DNS by the way because I understand it enough to get it done, but I always break something. So I broke my website for about 24 hours. So glad it wasn't highly active at the time. How critical is d n s to understand from on-premise to the cloud? Is that a clear transition and understanding or is there a lot to learn?

Guest: Du’An

Just understanding the basics of d n s on AWS. We have Route 53, which is the service that we use to manage d n s on AW w s and with Route 53 you had a concept of public hosted zones and private hosted zones. Think of your public-hosted zones as those zones that will be internet-facing. Your private hosted zones will be exclusive to your VPCs. So if you think about it from on-prem, you can create a D N S zone that's going to be internal to your on-premise environment. So a lot of times you may have a D N S zone that you don't want public-facing, but you want to be able to use d n s on-premise to communicate to all the computers that are within that environment rather than using IP addresses because IP addresses are kind of hard to remember, but you can remember host one.amazon.com. That's something we all can remember, right? And so when it comes to doing this in the cloud through that, we use Route 53 to manage D N s.

Host: Jon

I like the internal DNS management that comes in handy if you're using an active directory and you want the servers to be able to communicate or you want to set different DNS servers to the active directory or use not Microsoft AWS'S directory services. So you can use those instead of our regular traditional ad environment and which will create those d n s servers automatically for you that you can point towards. Now Dawan, I'm going to pivot just a little bit and talk about security groups, right? We're talking about networking and the routes that are in place. How critical is it for a traditional network and engineer to understand the security groups for VPCs versus instances

Guest: Du’An

When it comes to security groups? Security groups are going to be the firewall photos ENI to say what can talk to an elastic network interface, whether it's assigned attached to an EC2 or Load balancer.

Host: Jon

Yep. Okay. What about dealing with not only some of the access and communications like firewall rules for your subnet or your route like block cider, block a deny allow access

Guest: Du’An

That's going to be your network access control list. Those are going to be your sudden net boundary or your VPC boundary for your VPC.

Host: Jon

Okay, so you're talking about tackles versus security groups. And just to give everybody kind of a clear thing, Naples protects your VPC security groups, protects your ENI, or your instance that you can talk to correct Juan?

Guest: Du’An

Correct? Correct. And the security groups are stateful and the NAS is going to be stateless, meaning that if you put a rule in one direction allowed to allow the return traffic, you got to put a rule in that direction as well.

Host: Jon

Yes. Thank you so much for that clarification. So Du’An, let's also talk about what makes a subnet public versus private.

Guest: Du’An

I talk to people about this when they first get started with AWS, and this can come off as confusing, but this it is, it's really simple. The difference between a public subnet and a private subnet is that a public subnet has a tech associated with a routing table that has a route to the ending internet gateway. So it has a route to the internet and you can also communicate through the internet gateway to talk to those instances that are in that subnet rather than a private subnet. It will not have a route to an internet gateway, but it may have a route to a net gateway, but you won't be able to talk from the internet through the network gateway. So it's kind of private. So I use this not to communicate out to the internet. So if you need to update your instances or update your databases, you can do that in a private setting and they'll be behind that gateway.

Host: Jon

AWS offers two types of NAT gateway or NAT gateway instances, which you manage and spins up. I like to manage because they handle the scaling of it automatically. Correct. If your traffic increases, it increases versus down. You don't have to do anything. And I always suggest going with the managed services because why would you want to manage more devices? Right?

Guest: Du’An

Safer for internet gateway, they're both horizontally scaled. Yep. So depending on your traffic domains, they're scaled to meet those demands.

Host: Jon

So I need an internet gateway, or a net gateway to communicate to the internet or one versus the other.

Guest: Du’An

The internet, the net, if you have a net gateway, you'll need an internet gateway because it uses, the traffic still flows through the internet gateway.

Host: Jon

So with the net gateway, you're utilizing it for private subnets, right? They'll communicate to the net. That will be the blocker for it. And then the net will communicate to the internet gateway if you want something to communicate like a web server directly to the internet and internet gateway.

Guest: Du’An

Correct.

Host: Jon

All right. So Du’An, let's talk about reinventing a little bit. There were a couple of things released during reinvent. One of 'em I need help understanding <laugh>, Amazon VPC Lattice. Can you educate me on what it is, and what it does?

Guest: Du’An

Yeah. So VPC Lattice gives you the ability to simplify that service to service security, connectivity, and monitoring. When applications communicate with each other, oftentimes you'll have to do VPC parenting, a transit gateway, or something to make those applications talk. And then you have to worry about things like IP address, overlapping security monitoring of that for latency across that connectivity from service to service. What VPC light does is it allows you to create your service and then create a service network. Assign policies for that service network to say what can talk to what, and then have your service directory for the services that will be a part of that service. The service communication.

Host: Jon

So is it like a single place to configure and monitor communications versus me having to manage each and individual route overlap? D n s

Guest: Du’An

Correct it. It's a managed service, so therefore you don't have to do the VPC parent, and you don't have to do the transit gateway monitoring, everything is done through the VPC service.

Host: Jon

Okay. We just talked about utilizing managed services. I think this is another additional ad because when it came out, I think it wasn't clear as to the value of it on how you would utilize it, but now that it's been AL and it's able to be utilized. So Du’An, is it in preview, or is it out publicly?

Guest: Du’An

It's currently in preview. Okay. I believe it goes, later on, this year.

Host: Jon

Yeah, that's typically how things fall. I'm thinking probably around the March timeframe as people get used to it and they update a little more. Have you had a chance to play with it or build a couple of things? Any of the customers that you can share, some insights that you feel the value of it without me disclosing anything?

Guest: Du’An

I just got access. As soon as I <laugh> dive into it, I will come back and we can talk

Host: Jon

About That's all right about it. <laugh>. So dwi, we'll put you on the spot for a future follow-up podcast soon. Talk about VPC Lattice and the value of it behind the customers. Okay, let's jump over to Verified Access. This was also talked about what is Verified access.

Guest: Du’An

Verified access enables customers to provide that secure access to those corporate applications that they would otherwise have to use VPN or be on the corporate network to connect to. So normally when you want to connect to your corporate network, you will use VPN Connection to your VPN, then you're on the corporate network or you will be in the office to be able to connect to those that are built by your internal teams. What Verified Access does is it allows you to connect to those services without the need for VPN. Simply use a browser and then you can connect to those services.

Host: Jon

So it's like a single sign-on verified access, auto authentication, or

Guest: Du’An

It utilizes the single SIGNON zero trust principles and it kind of simplifies that process with single sign-on. When you use that, you log into single sign-on, then you pick the application that you want to select. This puts you directly on that application.

Host: Jon

Okay, so it's straight, it's one less stop basically and makes it simplified,

Guest: Du’An

Simplifies it. Correct.

Host: Jon

Yeah. Yes. Simplified, verified access. That's too many. Hide for. Yeah. Okay, we won. Well, good. <laugh> more information. I'll share a couple of links on verified access and I want to switch our gears and talk about not only a network admin, somebody that's on-premise that wants to gain experience in the cloud and make that transition in the cloud. Or if you're in the cloud and looking to enhance your knowledge, do what's out there for me to get started.

Guest: Du’An

There are a ton of things. Can we kind of break this down and let's say five steps?

Host: Jon

I'm going to count on you on those five steps. Are you ready?

Guest: Du’An

Count me on those five steps.

Host: Jon

Okay. Okay. You got to call out step one.

Guest: Du’An

Yes. Step one. What is the cloud? Learn about what the cloud is. There's an AWS white paper that breaks down what the cloud is, what's the benefits of the cloud and the different types of cloud platforms that are out there. And then it talks about the AWS services. So you can break down what type of services are good for computing, like EC2 instances or what are your networking services like the Amazon VPC how do you utilize d n s on AWS? Well Route 53, so this white paper kind of goes over all those services. Although we have 200 plus services, there are some core principles to learning AWS and that white paper will help get you started.

Host: Jon

I think understanding the basic services when I say the basic services, I'm talking about storage and all the types of storage available to you. Not only S3, EBS understands EC2 instances and the different variations of types that are available. Just go through the white papers or even browse over to the product page and understand it. Networking is another key thing. I think if you understand the basics, and I think there are less than five basics that I would kind of recommend and you can't count me out on those because there are only named three just to start. But oh and r d s, you know, definitely have to understand and I am right. So once you have all those in place, I just did five, right? That's pretty good. If I think you understand all of those, everything else is kind of built on top of it.

Guest: Du’An

Yep. Correct. So once you understand the basics, understand how they work together and how they solve customer problems.

Host: Jon

All right, so everybody, real quick, I just want to tell you that we're speaking with Du’An Lightfoot a Sr. cloud networking developer advocate at AWS, and we're talking about not only cloud networking and how to make that transition, but advancing your career in networking and cloud. So Du’An, we are on step number two.

Guest: Du’An

Step number two, you need some good resources. The first resource I recommend is going to be AWS, well Architected Labs. They're free. There are a ton of labs on this website. You go through those labs kind of get started, get introduced to AW w s, learn about the six pillars of the good architect framework on AWS, and kind of walk you through that. So I will start there. And then as well as the AWS free tier. Understand the services that are free to you and free to use for one year and free to use forever. I will go through that

Host: Jon

And wait, is that step, are we still on step two or

Guest: Du’An

Over two resources? Okay.

Host: Jon

Okay.

Guest: Du’An

Yes. Two resources and the two resources are going to be the well-arched detected labs and the AWS free tier. So going through that,

Host: Jon

I agree with you. The labs, I think that is something that is not well known. I've shared it a couple of times. If you go through the labs and utilize the free tier to do the labs, you will gain so much. There's also some hands-on in a lot of cases like the upskills, the skills environments, there's so much learning and training that's available to you provided by AWS. I will, I think I have a fifth one, a sixth one for you, and I'm not going to spoil it. Now, I'm going to add a six-step into this because it goes on to all this. Let's move on to step three.

Guest: Du’An

Okay. Step three is going to be to create your AWS account. Now that you have your resources, you know what the cloud is, and you got to understand AWS. With the overview of the AWS white paper, you moved on to finding some lab resources. You understand the free tour. Now you're going to create your account and start utilizing those labs.

Host: Jon

I'm going to tack on and add a subsection to step three. When you create your account, the very first few things you need to do is watch some cost optimization videos. Yes, <laugh>. Create your budgets, add your curve, and turn on all this stuff. <laugh>. The reason that you do this is that you're going to work on a lab and then you're going to watch something build and you're going to go do something else and forget it. Yes. I just had one of my budget alerts go off yesterday and I was like, oh crap, this could have been bad, and thank goodness that I configured it. Do me a favor, step three A or B, configure all your resources, and budget alerts, look into the description below, or follow along with us. We'll give you some great tips. All right. Let's move on to step four.

Guest: Du’An

Yes, and in step three B, turn off your resources. When you're done,

Host: Jon

That goes into step, that's like a 0.1 or something. It's called an instant scheduler. By the way, AWS hasn't supported it, not using it. Turn it off, and decommission it. If not, the alerts are going to go off.

Guest: Du’An

Awesome. All right. Step four is going to be certifications. If you're getting started with the cloud, you're learning all these new skills, why not get a certification to help add to your resume, improve your skills, validate, and help you get interviews?

Host: Jon

So I recommend the first one to do. There's a cloud practitioner, so that's the basic understanding of the cloud. After you do some of this training, you should go through this one. You should go through it. It's a nice one to kind of get started and get your feet wet afterward. If you're in the server admin type role and you're sticking there, CIS ops and then obviously the solution architect pad. If you're a developer, CIS ops, and the reason I mentioned that is that you are a developer and you will be handling some of this. Go to the developer engineering for that. There are also specialty ones. Yeah. What special specialty is one? Yeah, so I was leading you to that.

Guest: Du’An

Yes. The networking specialty. The exam just changed back in October. I passed it pretty well. Exactly.

Host: Jon

Hey, congratulations. Yes, yes. Thanks. It's difficult, I failed it twice.

Guest: Du’An

It is a difficult exam.

Host: Jon

It's a challenge. I, I'm, I'm not ashamed to say I failed it twice. I learned so much. I went through the book. The failure brought me to the next step.

Guest: Du’An

Yeah, the biggest challenge for me in that exam is how long it is, and how much you have to read in the amount of time that you have it. You have to focus to take that exam. It's not one of those exams. You can just look, okay? The answer is this. No. You have to read, understand what they're asking and what they're requesting, and then also read the answers to see if it aligns with the question being asked. So, yep. Yeah, it's a tough exam.

Host: Jon

I agree with you. Okay, certification. Step four, step five.

Guest: Du’An

Step five, we're on AW w s. Build something, whether it's a website, whether it's launching an EC2 instance into a VPC, whether it's credited a VPC in one region, or crediting another VPC in another region. Make your services talk or in the same region, peering those VPCs together or using a transit gateway. Build something on AWS so you can learn and apply. Take the things that you learn and apply your skills in real-time with gaining some lab experience.

Host: Jon

I think that's very critical. Think about it. You put your B E P C together. Put an instance, put another one. Have 'em talk to each other. Yes, they can't talk. Troubleshoot it. Yes. Also, yes, maybe spin up another VPC or another account that you can utilize. Remember, you have a free tier. Each account holds a free tier. Make sure to turn on those budgets and alerts, by the way, and turn stuff off. But ha, put a period in place, do a build a transit gateway. There are so many articles and stuff out there. I agree with you. Nothing beats hands-on.

Guest: Du’An

Nothing beat nothing because….

Host: Jon

Build on right.

Guest: Du’An

Build on. AWA <laugh>. Great point. Now, one more thing I want to mention. I know I said five steps. I'm hosting a live stream on the AWS church channel every Friday at 11:00 AM Eastern Standard time where we talk about job roles in the cloud. So now that you're learning about the cloud, you may be interested in what a cloud support engineer at AWS or a technical account manager does. At AWS, every Friday, I interview a different pair of AWS professionals and we talk about what they do with day-to-day life, and you can tune in live and ask questions through Twitch chat. So

Host: Jon

Awesome. That's okay. That's not step six, because, that's a shout-out to some of the things that you're doing hosting on Twitch. Do you know, realize content creating around, not only advocating for networking, but also sharing out what other roles do, that's something that's not going strictly towards your networking career, but helps you understand some of the roles within AWS. I'm glad you do that. It's more needed. With what's happening now in the world with everything going on, understanding and knowing the roles that are available and if this is the right role for you is very critical.

Guest: Du’An

Thanks.

Host: Jon

All right. Du’An, I have a step six that I want to add on, and I think you're going to agree with me. It's called community. Mm-hmm. Right? Yes. Get involved in the community, start going to user groups, and meetups, connect with people on LinkedIn and ask a bunch of questions. Reddit and AWS repost information. There are several websites out there. There are so many people like Du’An that are advocating for the services and stuff that you utilize. If he doesn't feel that this is the right fit, he'll tell you it's not the right fit. He's there for you along with every Amazonian that's out there. But then there is the AWS community, there are builders, and there are heroes. All those enjoy what they do and share all this information with you. I got to ask you, what are your thoughts on the community?

Guest: Du’An

We were going to talk about another topic as well, so if we go into it, I'll talk about it there as well. But when it comes to community, you mentioned heroes, you mentioned community builders. Another thing I want to add to it is user groups.

Host: Jon

User groups

Guest: Du’An

Is a great opportunity to network with professionals to take what you learn, to be able to present what you learn, to get feedback from people that are doing it to find a mentor. I went to the user group last week and present it, and I met some amazing people from all over the D M V area. And I think for me, I'm at least trying to go to a meet-up once a month because it's a great opportunity just to network and meet people.

Host: Jon

I agree. I was actually at two meetups last month. We're still in January. By the time this comes out, it'll be February, but I went to two, I had a speaking engagement at one and I was so energized after speaking and going to them. I'm going to make an effort that once a month I am there. And speaking of our other topic that's going to tag onto it is branding. Correct? We want to talk about branding.

Guest: Du’An

Yes. What branding? I think we were going to talk about ways to advance your career branding.

Host: Jon

Yes. So I think they go together. So advancing your career branding and everything that we about kind of all rolls up into one because to advance your career, one of the steps that you indicated was certifications and hands-on training and advance your career within networking and getting out there socially. I think this whole topic and subject for the podcast come together and highlight some of the things that are out there. Let's talk about, Du’An, let's talk about how you advance your career in any of this.

Guest: Du’An

Yeah, I got five sets for that too. Wait,

Host: Jon

<laugh>, five steps. Are you, I know a couple of people that I interviewed that love things in threes. Huge shout out to Sandy Carter, but she's a threes person. Are you everything in five?

Guest: Du’An

I'm an everything-in-steps person. So if it's five steps or 10 steps, lemme know. Okay. How we get there. Now, of course, there's not always going to be a straight line. Sometimes you have to pivot. But if I just know the fundamental tools that I need to succeed in a chat, and accomplish a task, yep. That's what I looking for.

Host: Jon

All right. I'm counting you out on these. Let's go with step one.

Guest: Du’An

Okay. So when it comes to investing in your career, one important thing, whether you're in it, whether you're not in it, whether you're in the cloud or auto cloud, is going to project. If you're a developer, write code, and put it on GitHub. If you're a cloud engineer, what are you learning? Write a blog post, and put it on the internet. If you're in a job role, what projects can you own? I'm reading right now, Jacko Willick, extreme Ownership. Own a project, own that project. And as well, if you can't own a project, be a part of the project and that value to the project, and then know your role in that project so you can speak to it on your resume as well in an interview.

Host: Jon

So Deon's talking about the AW w s interview, the loop process. And one of the parts of the interview, a little tip and tricks are you have to be very precise about your role and your contribution to the role. Don't say it's okay. Not to say you can say I because they want to know your exact stuff. Okay, Du’An, step two.

Guest: Du’An

Step two, something. We already talked about certifications, but in this instance, when we talk about the S of your career, when we talk about branding, go for the higher certifications. Entry, entry-level certifications are great, but if you want to stand out, you want to advance your career, and set yourself apart, go for that high-level certification, but not just get the certification, take the knowledge, and be able to apply it. Be able to speak to an interview and apply it on the job.

Host: Jon

So basically, don't hunt for the certifications, but invest the time in learning and educating yourself on the certifications. He's talking about the training that is out there, everything that's available, learn it. And so Du’An indicated it, apply the knowledge, build on,

Guest: Du’An

Build on. Yes, <laugh>.

Host: Jon

All right. Next step.

Guest: Du’An

The next step. It may be the hardest of all these and let's find a mentor. I believe that you can do a lot of this on your own, but if someone is let's say a cloud network engineer and that's where you want to be, find that person, talk to them, take them up to lunch and just build a relationship with them to see, okay, how do they get to where they are? What is their current job role? What advice do they have for you? And that'll kind of help you follow the bread crimes to get in that role.

Host: Jon

No, I think so many people out there are willing to be a mentor to everyone else. You just have to take the moment to ask. If they don't have the time, it's all right for them to say no. Because it's one of the things I advise people on Say no when you can't it makes you a strong person, but they will direct you to another one. Go to a community group and you'll find mentors there. Start following, and start asking questions. You will never know who will become a mentor of yours, and you'll be like, wow, I can't believe they said yes, this guy. And we all want to give back. I'm mentoring people along the way as well.

Guest: Du’An

Same here. Same here. I think, and this can be controversial to some people, I believe a mentor isn't always someone that you meet personally, right? Yeah. I believe we have mentors through books, we have mentor mentors through videos, we have mentor mentors through podcasts. So find those people that are doing what you want to do, have the knowledge that you're looking for, and follow them and soak up that knowledge. And if you can send an email, send Now I am whatever you can to reach out to 'em and get your questions answered.

Host: Jon

All right. I agree. What step are we on? Are we on four,

Guest: Du’An

Step four, yes. All right. Step four, take on more challenging tasks. I believe that in job roles, sometimes we can be in a position where we get comfortable, with that hard ticket to come in on Friday at 4:00 PM we may not want to work that ticket. We may leave that for someone else and we go to the easier, we call it cherry picking tickets, rather than doing that take and those hard tickets and work through 'em. Everything that we're talking about with networking comes from having a foundational lot of knowledge. And it's kind of like software development, iteration, small steps, break it down. That complicated issue, whether it's Kubernetes, whether it's <laugh>, configuring VPCs across regions, whatever it is, can you break down those complicated ties and those small steps, those small iterations, build up your foundation and take the challenge of doing those hard things because those hard things are going to be where you get the most growth.

Host: Jon

Get comfortable getting uncomfortable basically. Yeah, right.

Guest: Du’An

Basically. Yes.

Host: Jon

All right, so moving on to step five.

Guest: Du’An

This is something you mentioned when you were talking about the user groups and the community builders and the heroes growing your network. We are in the best time to be in it right now. Yeah. I think when it comes to this last year, I met people like yourself, and Jon. I met people from Africa, I met people from Australia. I met people all over the world who are doing amazing things and passionate about helping others. And it's just for me being in it over 20 years, I'm more happier to be in it today than I was yesterday because every day it just seems to get better. So put yourself out there, do those projects, work on certifications, share it on social media, give back when you can give back, and grow your network to help others and connect with others.

Host: Jon

There's no reason that we can't be globally connected and still be able to share out content. That once was thing where it was very hard, but now the way social networks are, you can be connected with anybody around the world and communicate and collaborate with them.

Guest: Du’An

Yes, for sure.

Host: Jon

Where are you, Jon? Where are you at? I'm in Pennsylvania, man.

Guest: Du’An

Okay. And I'm in Virginia.

Host: Jon

<laugh>. See, well, we're kind of close, but we're still communicating. You know what? We should have driven down and done this in person

Guest: Du’An

<laugh>. That would've been nice. That would be nice.

Host: Jon

I have some plans for this year, so stay tuned. We're going to be doing a lot of in-person events and podcasts and recordings. The way things are happening, it's going to be progressing. I think you and I have set ourselves up for podcast number two later this year.

Guest: Du’An

Okay. Hey, I'm looking forward to it. Just let me know when, and where and I'll be there.

Host: Jon

Oh, awesome. So Du’An, before I wrap things up, how can people get ahold of you? How can they reach out to you?

Guest: Du’An

On social media? You can contact me at the lab every day on LinkedIn. It's just my name, Du’An Lightfoot and that's how you find me.

Host: Jon

All right. Awesome. Du’An, thank you so much for joining me. I appreciate it.

Guest: Du’An

Thank you, Jon. And thank you all for viewing this video. I want to say one thing that I may didn't mention about events of your career is that believe in yourself. When we talk about doing those hard things, when we talk about putting yourself out there, you may look at someone else and see their great accomplishments, but you can do the same thing. Just stay committed, believe in yourself, put in the work, and never give up.

Host: Jon

Wow. You just echoed the same result that I posted on Twitter I think yesterday or the other day where somebody said, you've got five words or something that you can use. And I was like, believe in yourself. I don't know if that's a vibe right up there, but something around that just believes in yourself, and your capabilities, and you can do it. And nobody sees the stuff underwater on what you're trying to do and they see everything on top and how you're progressing, but it's hard work. And those who put in the hard work know it's worth it.

Guest: Du’An

Agree on facts.

Host: Jon

Yep. <laugh>. Exactly. Oh, thank you once again. This has been awesome.

Guest: Du’An

Yes, this has been off. Awesome. Thanks for having me, Jon.

Host: Jon

All right, everybody. Du’An Lightfoot, Sr. Cloud networking developer advocate at AWS. We were talking about cloud networking and how to make the transition from not only networking engineer to cloud engineer, advancing your career and branding. And we had multiple five steps, well, six steps, however, you want to count them. But this has been a pleasure, everybody. My name has been Jon Myer. Thank you for joining the Jon Myer podcast. And guess what, folks, don't forget to hit that like subscribe and notify. You thought I was going to end it right there, but guess what? We're out of here.