Virtual Private Cloud
Welcome to CloudAffaire and this is Debjeet.
In the last blog post, we have discussed the Access Control List for S3 bucket. And with that, we have concluded our introductory series on S3 service.
In this blog post, we are starting with a new AWS service VPC or Virtual Private Cloud.
Virtual Private Cloud
Virtual Private Cloud or VPC provides you the feature to logically isolate your AWS resources in AWS cloud infrastructure and enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS. VPC provides you complete control over your network requirement in AWS cloud including the selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.
During the initial day’s AWS provided EC2-Classic to its customer which served as a flat network with limitations. Later AWS introduced VPC to its cloud infrastructure that provides full customization options with additional features. The account created before 2013-12-04 can still use EC2-Classic for their networking need. When you create an account with AWS, a default VPC is created and mapped with your account. You can also create your own VPC.
Note: If your account is created post 2013-12-04, you will only have VPC option for networking.
VPC or Virtual Private Cloud is a virtual network that logically isolates your resources from other virtual networks in the AWS Cloud. VPC comes with full customizations options and fulfills almost all networking needs in AWS cloud. You can specify an IP address range for the VPC, add subnets, associate security groups, and configure route tables.
A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a specified subnet. Use a public subnet for resources that must be connected to the internet, and a private subnet for resources that won’t be connected to the internet.
A route table contains a set of rules, called routes, that lists the routes to particular network destinations. Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table.
An internet gateway allows communication between instances in your VPC and the internet. An internet gateway provides a target in your VPC route tables for internet-routable traffic and performs network address translation (NAT) for instances that have been assigned public IPv4 addresses. An internet gateway supports IPv4 and IPv6 traffic.
NAT or Network Address Translation is used for internet connection to instances that are in private subnet. A NAT device translates your instance IPv4 address and replaces with its own IP address. NAT device does not support IPv6 address. AWS provides two types of NAT device a NAT Gateway and a NAT instance.
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region.
A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups.
Hope you have enjoyed this article, in the next blog, we will discuss different components of VPC service.