AWS VPC
Amazon Virtual Private Cloud (Amazon VPC) is a service that lets you launch AWS resources in a logically isolated virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 for most resources in your virtual private cloud, helping to ensure secure and easy access to resources and applications.
Understanding AWS VPC
What is AWS VPC?
Amazon Virtual Private Cloud (Amazon VPC) is a service that lets you launch AWS resources in a logically isolated virtual network that you define.
You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
You can use both IPv4 and IPv6 for most resources in your virtual private cloud, helping to ensure secure and easy access to resources and applications.
Amazon VPC is a virtual network dedicated to your AWS account.
It is logically isolated from other virtual networks in the AWS Cloud.
You can launch your AWS resources, such as Amazon EC2 instances, into your VPC.
You can configure your VPC; you can select its IP address range, create subnets, and configure route tables, network gateways, and security settings.
You can connect your VPC to the corporate data center, use multiple layers of security, and run your own IPv6 address space.
You can easily customize the network configuration for your Amazon VPC.
For example, you can create a public-facing subnet for your web servers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access.
You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.
Additionally, you can create a Hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage the AWS Cloud as an extension of your corporate datacenter.
You can even use both IPv4 and IPv6 for secure and easy access to resources and applications.
Amazon VPC provides advanced security features, such as security groups and network access control lists, to enable inbound and outbound filtering at the instance and subnet level.
In addition, you can store data in Amazon S3 and restrict access so that it’s only accessible from instances in your VPC.
Optionally, you can also choose to launch Dedicated Instances which run on hardware dedicated to a single customer for additional isolation.
Key Features of AWS VPC
Subnets
A subnet is a range of IP addresses in your VPC.
You can launch AWS resources into a specified subnet.
Use a public subnet for resources that must be connected to the internet, and a private subnet for resources that won’t be connected to the internet.
Route Tables
A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.
Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet.
A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table.
Internet Gateway
An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.
It therefore imposes no availability risks or bandwidth constraints on your network traffic.
Network Address Translation (NAT) Gateway
A NAT gateway is a highly available AWS managed service that makes it easy to connect to the internet from instances within a private subnet in an Amazon VPC.
NAT gateway is created in a specific Availability Zone and implemented with redundancy in that zone.
Security Groups
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic.
When you launch an instance in a VPC, you can assign up to five security groups to the instance.
Security groups act at the instance level, not the subnet level.
Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups.
If you don’t specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC.
Network Access Control Lists
A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.
You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.
VPC Peering
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately.
Instances in either VPC can communicate with each other as if they are within the same network.
You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account.
The VPCs can be in different regions (also known as an inter-region VPC peering connection).
VPC Flow Logs
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.
Flow log data can be published to Amazon CloudWatch Logs or Amazon S3.
After you’ve created a flow log, you can retrieve and view its data in the chosen destination.
Use Cases of AWS VPC
Hybrid Cloud
Organizations can use AWS VPC to build a hybrid cloud environment that combines the scalability and flexibility of AWS with the control and security of on-premises infrastructure.
This allows organizations to leverage the benefits of the cloud while still meeting strict data residency requirements.
Multi-Tier Applications
AWS VPC allows organizations to build multi-tier applications in the cloud.
For example, you can create a public-facing subnet for your web servers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access.
Secure Applications
- AWS VPC provides advanced security features, such as security groups and network access control lists, to enable inbound and outbound filtering at the instance and subnet level.
Conclusion
Amazon Virtual Private Cloud (Amazon VPC) is a service that lets you launch AWS resources in a logically isolated virtual network that you define.
You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
You can use both IPv4 and IPv6 for most resources in your virtual private cloud, helping to ensure secure and easy access to resources and applications.