#15 Advanced AWS Networking

Download it: MP3 | AAC | OGG | OPUS


Every week, we write about all things AWS. For example, we unbox or review new AWS services. We also share pitfalls that we learned about the hard way ourselves. On top of that, we provide code examples for Infrastructure as Code and Serverless applications.

Subscribe to our newsletter for free!


Don't miss our blog post Advanced AWS Networking: Pitfalls That You Should Avoid, the written version of this podcast episode.

AWS offers shiny and powerful networking services. However, you should know about the pitfalls when designing advanced networking architectures for AWS. I will share some pitfalls that came to my attention when consulting clients to get the most out of AWS.

You will learn how to answer the following questions:

VPC Peering or Transit Gateway?

A Transit Gateway simplifies peering VPCs. However, there is a baseline costs of $36.00 per month for each VPC attached to the Transit Gateway.

NAT Gateway or Public Subnet?

Adding NAT Gateways to your architecture costs $96.00 per month for 3 availability zones. Also, the costs for outbound network traffic will increase by 50%. From a economical point of view it makes sense to place workloads with high outgoing network throughput into public subnets.

VPC Endpoints or NAT Gateway?

Always add VPC Endpoints for S3 and DynamoDB. But do the math, when adding VPC Endpoints for other AWS services to your network. Using a NAT Gateway might be cheaper.

CloudFront or Akamai, Cloudflare, Fastly …?

When choosing a CDN provider besides CloudFront, make sure you have taken into account the additional costs for outbound traffic.

Route 53 Resolver or Public Hosted Zone?

Share Route 53 Outbound Resolvers between VPCs and AWS accounts to reduce costs. Think about using Public Hosted Zones instead of paying $180.00 per month for an Route 53 Inbound Resolver.

Amazon Web Services in Action a comprehensive introduction to computing, storing, and networking in the AWS cloud. You'll find clear, relevant coverage of all the essential AWS services you to know, emphasizing best practices for security, high availability and scalability. Buy now!!

Support us

We launched in 2015. Since then, we have published hundreds of articles, podcast episodes, and videos. It's all free and means a lot of work in our spare time. We enjoy sharing our AWS knowledge with you.

Have you learned something new by reading, listening, or watching our content? If so, we kindly ask you to support us in producing high-quality & independent AWS content. We look forward to sharing our AWS knowledge with you.

Support us!


We ask for feedback! Please rate or review our podcast on Apple Podcasts or wherever you listen to your favorite shows. Or send us a message via Twitter (Andreas and Michael) or LinkedIn (Andreas and Michael) or send us an email.


New comment

By submitting your comment you agree that the content of the field "Name or nickname" will be stored and shown publicly next to your comment. Using your real name is optional.

cloudonaut podcast

We are two brothers focusing 100% on Amazon Web Services (AWS). Every other week, one of us prepares the topic of the podcast. The topic is not known to the other one, which results in surprising conversations about all things AWS.

Typically, we are covering the following topics: DevOps, Serverless, Container, Security, Infrastructure as Code, Container, Continuous Deployment, S3, EC2, RDS, VPC, IAM, VPC, and many more.

by Andreas Wittig and Michael Wittig focusing on AWS Cloud


Follow us

Imprint - Privacy Policy