Amazon Virtual Private Cloud (VPC) is a fundamental service within Amazon Web Services (AWS) that enables users to launch AWS resources in a logically isolated virtual network. VPC is a regional service.
A VPC helps to provide control over network settings, including IP addressing subnetting, routing, and security policies. This makes it a crucial component for cloud-based applications.
I am going to list below the components of AWS VPC, with a brief introduction on each of them. Going forward, I will be explaining each of them as a stand alone topic on how each of the component functions and deployed in AWS VPC.
Subnets
A VPC is divided into subnets, which are segments of the IP address range allocated to specific Availability Zones. Subnets can be public or private, where public subnets have direct internet access, while private subnets are isolated for internal use. Note that the subnets are created in specific Availability Zone or Zones preferably for disaster recovery.Internet Gateway (IGW)
An Internet Gateway allows resources within a VPC (specifically, public subnets) to communicate with the internet. It serves as a bridge between the VPC and external networks. Every resource deployed in the public subnet, has access to reach the internet through the internet Gateway.NAT Gateway or NAT Instances
Network Address Translation (NAT) is used for private subnets to access the internet without exposing their instances to inbound traffic. This service is deployed in the public subnet, but used for the private subnet for internet access.
Useful for private resources like databases or backend servers that need to download updates or access external services but should not be exposed to the internet. AWS offers NAT Gateways (managed service) and NAT Instances (self-managed EC2 instances) for this purpose.Security Group
Security Groups act as virtual firewalls for EC2 instances within the VPC. They control inbound and outbound traffic based on predefined rules, providing security at the instance level. Security groups are stateful.Network Access Control Lists (NACLs)
NACLs provide an additional layer of security at the subnet level. Unlike Security Groups, NACLs operate with stateless rules, meaning inbound and outbound rules must be explicitly defined.Elastic IPs (EIPs)
Elastic IPs are static public IP addresses that are associated with EC2 instances or NAT Gateways, ensuring persistent connectivity even if an EC2 instance is stopped and restarted.VPC Peering
VPC Peering allows secure and direct connectivity between two VPCs within the same AWS account or across different accounts. This enables seamless communication without the need for going through the internet. VPC peering is not transitive.AWS Transit Gateway
AWS Transit Gateway simplifies network management by allowing multiple VPCs and on-premises networks to be connected through a single, scalable hub.AWS Transit Gateway
AWS Transit Gateway simplifies network management by allowing multiple VPCs and on-premises networks to be connected through a single, scalable hub.VPC Endpoints
VPC Endpoints enable a VPC to connect with other AWS services without going through the internet. They are two types or categories:
(a) Interface Endpoints (b) Gateway Endpoints.
These will be discussed in further articles and practical examples.
Top comments (0)