Current CTO exploring entrepreneurship on the side; coach; mentor; instructor.
Dedicated to promoting digital literacy and ideological diversity in tech.
When you create an account on AWS, or a project in GCP, you are automatically given a default vpc within their network.
The vpc is the network backbone that connects all of your cloud resources to each other, and eventually, to the outside Internet.
The easiest way to think about it is to treat it like a local network, or YOUR cloud, inside the aws or Google cloud.
In lots of cases, you will never need more than the default vpc. But sometimes you might.
Let's assume you have a couple compute resources (virtual machines, cloud functions, etc), and a couple databases to back them.
If you created these normally, they'll be on the default vpc and be more or less open to the outside internet (individual resources will apply some control to this as well, but for now we'll pretend they don't).
Now, you've decided that one of your servers and its database don't need to be available to the Internet. For security, you want to isolate them, and they only need to operate inside your cloud.
You have two options: you can manage networking settings for your VM and database separately using the specific tools for that resource, OR you can create a new VPC, make it not accessible to outside world, and attach your database and VM to that instead.
Now, your database and virtual machine can talk to each other, because from a network perspective, that's all either of them see. They are on a completely isolated network.
Essentially, you've created another cloud, inside your cloud, which is inside the aws or Google cloud.
Wow ! 🙌🏼 Thanks a ton Brandin !! It is clear to me now. The way you explained how we have a default vpc and then moved to creating your own helped a lot in visualizing this together !
Current CTO exploring entrepreneurship on the side; coach; mentor; instructor.
Dedicated to promoting digital literacy and ideological diversity in tech.
When you create an account on AWS, or a project in GCP, you are automatically given a default vpc within their network.
The vpc is the network backbone that connects all of your cloud resources to each other, and eventually, to the outside Internet.
The easiest way to think about it is to treat it like a local network, or YOUR cloud, inside the aws or Google cloud.
In lots of cases, you will never need more than the default vpc. But sometimes you might.
Let's assume you have a couple compute resources (virtual machines, cloud functions, etc), and a couple databases to back them.
If you created these normally, they'll be on the default vpc and be more or less open to the outside internet (individual resources will apply some control to this as well, but for now we'll pretend they don't).
Now, you've decided that one of your servers and its database don't need to be available to the Internet. For security, you want to isolate them, and they only need to operate inside your cloud.
You have two options: you can manage networking settings for your VM and database separately using the specific tools for that resource, OR you can create a new VPC, make it not accessible to outside world, and attach your database and VM to that instead.
Now, your database and virtual machine can talk to each other, because from a network perspective, that's all either of them see. They are on a completely isolated network.
Essentially, you've created another cloud, inside your cloud, which is inside the aws or Google cloud.
Wow ! 🙌🏼 Thanks a ton Brandin !! It is clear to me now. The way you explained how we have a default vpc and then moved to creating your own helped a lot in visualizing this together !
My pleasure!
docs.aws.amazon.com/vpc/latest/use...