🌱 JYunth's Garden

Recent Posts

AWS VPC

Nov 28, 20244 min read

AWS VPC Summary

Amazon Virtual Private Cloud (Amazon VPC) is a service that lets you create a logically isolated network within the AWS cloud, where you can launch AWS resources such as EC2 instances, RDS databases, and more. It closely resembles a traditional network that you might operate in your own data center, with the benefits of using AWS’s scalable infrastructure. It gives you complete control over your virtual networking environment, including selecting your IP address range, creating subnets, and configuring route tables and network gateways.

Why is VPC Preferred?

  • It provides much better security control over your AWS resources.
  • It gives all the benefits of the traditional network that you have for your own data center.
  • It gives the benefit of scalable infrastructure in the AWS environment.

Key Concepts

  • CIDR Block: When you create a VPC, you specify a range of IPv4 addresses in the form of a Classless Inter-Domain Routing (CIDR) block (e.g. 10.0.0.0/16). Classless Inter-Domain Routing (CIDR) is a collection of IP standards designed to optimise allocating IP addresses by forming unique identifiers.
  • Subnets: Subnets are segments of the VPC’s IP address range where you can place AWS resources. A subnet must reside entirely within one Availability Zone.
  • Internet Gateway: An Internet Gateway (IGW) allows communication between instances in your VPC and the internet.
  • Route Tables: A route table contains a set of rules called routes that determine where network traffic is directed. Each subnet in a VPC must be associated with a route table.
  • Security Groups and Network Access Control Lists (ACLs): Security groups control inbound and outbound traffic for your instances. Network ACLs act as a firewall for controlling traffic in and out of subnets.
  • Peering: VPC peering connects one VPC with another.
  • VPN Connections: You can establish encrypted connections between your on-premises network and your VPCs.
  • VPC Endpoints: These enable you to privately connect your VPC to supported AWS services.

Public and Private Subnets

  • Public Subnet: If a subnet has internet access, it is called a public subnet.
  • Private Subnet: If a subnet does not have internet access, it is called a private subnet. If a server/instance in a private subnet wants to reach the internet, it must have Network Address Translation (NAT) in a public subnet.

How it Works

A VPC lets you control your virtual networking environment, including resource placement, connectivity, and security. You start by setting up your VPC and adding resources such as EC2 and RDS instances. Then, you define how your VPCs communicate. For example, network traffic can be shared between two VPCs within each Region.

Architecture

The sources provide an example of a VPC architecture:

  • The outer line represents a region (e.g. US-East-1).
  • Inside the region is the VPC.
  • Outside the VPC, you have an internet gateway and a virtual private gateway, which connect to the VPC.
  • Both connections go to a router in a VPC.
  • The router directs traffic to a route table, which directs traffic to Network ACLs.
  • Network ACLs are similar to security groups but are stateless.
  • Security groups access another line against the EC2 instance.
  • There are two subnets, public and private.
  • EC2 instances in the public subnet can access the internet.
  • EC2 instances in the private subnet cannot access the internet.

Benefits

  • Isolation: VPC provides logical isolation of your AWS resources.
  • Control: You have full control over your VPC.
  • Security: VPC allows you to define security groups and network ACLs.
  • Scalability: VPC scales horizontally to accommodate your growing infrastructure needs.
  • Integration: VPC integrates with other AWS services.

Use Cases

  • Hosting web applications.
  • Migrating workloads to the AWS cloud.
  • Extending a data center to the cloud (hybrid cloud). VPC enables you to launch AWS resources, such as Amazon EC2 instances, within a virtual network. You can launch instances in a subnet of your choosing and assign custom IP address ranges in each subnet. You can also configure route tables between subnets and create an internet gateway and attach it to your VPC.

Graph View

Backlinks