Segmentation is the practice of dividing a Virtual Private Cloud (VPC) into smaller logical, isolated section to improve security, manageability, and performance.
It allows you to separate resources based on funtion, environment or security needs.
Just like traditional network, LAN is segmented into logical separate LAN called the VLANs. These VLAN segments are based on the environment, users, and resources that should be provisioned in that segment.
In AWS VPC, segmentation is done exactly like this but in the form of subnets. You dont create VLANs but you create subnets in the AWS VPC.
Remember, that VPC is an isolated virtual network within AWS, that you create and control, just like the traditional data center network.
When you create a VPC, you define your CIDR or Block e.g 10.10.0.0/16
But in this VPC, there's need for you to do segmentation. Then you begin to create different subnets.
These subnets created will be given a block of ip from the VPC CIDR.
Say, you want to create four subnets from a VPC whose CIDR is 10.10.0.0/16. This can be manually created like this:
Subnet A = 10.10.1.0/24
Subnet B = 10.10.2.0/24
Subnet C = 10.10.3.0/24
Subnet D = 10.10.4.0/24
The vpc is segmented into four subnets. Like I said , a subnet in AWS VPC is just like VLAN in traditional network.
In AWS VPC, Any resource provisioned in any subnet will dynamically pick an ip address from the ip block assigned to that subnet.
Example: If we provisioned a server in subnet A, the ip of that server will dynamically pick an ip address in the (10.10.1.0/24) pool.
EC2 instance ip : 10.10.1.10/24
Also note that, you can decide to make any of these subnets created public or private.
For ease of troubleshooting you could have a unique address range for public subnet and for private subnet.
In the next article, I will show typical example of how to create VPC, subnet and allocating IPs.
Top comments (0)