This is going to be the first in a series of many articles about what it means to set up and configure a virtual private cloud in AWS. When it comes to the topic of networking, there are simply far too many details that can run too deep for a beginner to understand. This article will start by defining the main building blocks of cloud networking (in this case it will be AWS) and their inter-dependencies
AWS VPC
Amazon Web Services (AWS) Virtual Private Cloud (VPC) is a powerful tool that lets you create a virtual network in the cloud. A VPC allows you to create a logically isolated group within your AWS account, that can consist of other sub-groups (or later called subnets), IP addresses, gateways, and of course resources you can place within these groups so that you can secure and protect them under unified conditions. You are not limited to creating only one or a few in a single account. By default, when you create and set up your account a VPC is created, but you can create or shut down VPCs on demand. The private clouds can be isolated from each other, in case you have more than one, or with the help of other services they can be connected, so they could communicate.
VPC Subnets
Subnets are logical divisions (or sub-groups if you want to call them that) within a VPC that allow you to break down your network into smaller, more manageable pieces. Each subnet is identified by a unique IP address range called a CIDR block. For me, CIDR and IPs are one of the most complicated topics about cloud networking, especially when I started meeting these terms more and more often. In a private group like a VPC, you must determine the range of private IPs (IPv4 and/or IPv6) you will allow within your group. The private IPs are not accessible from the internet, isolating the resources associated with them unless they also have a public IP.
There are two types of subnets available - public and private. As the name suggests the public subnet type allows internet access to all resources placed within its limits. All of these resources are associated with a public IPv4/6 address. Whereas the private subnets cut off direct access to the internet, and all resources or instances do not have an assigned public IP.
Getting back to CIDR, what it is, and why it matters, CIDR notation is used to define the IP address range for a subnet, with a number following a slash (/) that represents the number of bits in the network ID. It is just a tool to help you group and somewhat limit the number of IPs you can have in your group/sub-groups better and tighter under a specific IP range. Let's use the following example to illustrate how it would work out:
A CIDR range of 10.0.0.0/16 means that the VPC or Subnet can only allocate IPS from 10.0.0.0 to 10.0.255.255, effectively limiting the number of possible IPs in the subnet or VPC. Its a form of housekeeping for the network, to help prevent IP wastage (Something we will discuss another time)
A CIDR range of 10.0.0.0/24 means we can have IPs from 10.0.0.0 to 10.0.0.255 leaving the pool of IPs even smaller
When initially setting up your VPC you can simply set up an easy CIDR, but make sure if you have several VPCs their CIDR ranges do not overlap. With your subnets it's pretty similar, you need to define CIDR blocks for them as well, but they need to be included in the main VPC CIDR range, as it acts like one big group of IPs that can exist.
IP Addresses
Each device on your network requires a unique IP address. Within a VPC, you can assign IP addresses to individual instances using Elastic IP addresses or the VPC DHCP options set. You can also assign private IP addresses to virtual machines, database instances, or any resource really, which is not publicly routable over the internet.
I understand all of this information is overwhelming, but you need to remember this is not something you need to understand from the get-go. This is going to be a step-by-step process to understand how networking works, and also a chance for us to get into how would different networking architectures can work, how are they different and why would we need to concern ourselves with them. This is a complex topic, but remember this is only us defining the basic tools in our toolset, soon we will start using them and all of it will make sense.
Top comments (0)