VPC in AWS

Amazon Web Services (AWS) offers a robust cloud computing platform. One of its core services is the Virtual Private Cloud (VPC). This service enables users to launch AWS resources in a virtual network they define. A VPC closely resembles a traditional network you would operate in your own data center.

Understanding VPC Basics

A VPC provides you with complete control over your virtual networking environment. This includes selecting your own IP address range, creating subnets, and configuring route tables and network gateways. When you create a VPC, you must specify an IP address range. This is done using CIDR (Classless Inter-Domain Routing).

Creating Subnets

Subnets are segments of a VPC’s IP address range that Amazon VPC can use to group resources. Subnets can be organized into public and private groups. Public subnets are used for resources that must connect to the internet, while private ones are used for resources without direct internet access.

Route Tables

Route tables control the traffic routing within your VPC. By default, every VPC comes with a main route table. You can also create custom route tables. Each subnet must be associated with a route table. The route tables, in turn, include rules called routes that determine where network traffic is directed.

Internet Gateways and NAT Instances

Internet Gateways (IGWs) allow instances in the VPC to connect to the internet. To make a subnet public, you need to attach an Internet Gateway to your VPC, and update the routing table linking the subnet to the IGW. For private subnets to connect to the internet, Network Address Translation (NAT) instances or NAT gateways are used. NAT instances function at an instance level, while NAT gateways are managed services.

Security Groups and Network ACLs

Security groups act as virtual firewalls for your instance to control inbound and outbound traffic. Every Amazon EC2 instance in your VPC can be assigned up to five security groups. Network Access Control Lists (ACLs) provide an additional layer of security for your VPC. They act as a firewall for controlling traffic in and out of one or more subnets.

Endpoints

VPC Endpoints allow you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an Internet Gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service.

Peering Connections

VPC Peering connections allow you to route traffic between VPCs. This can be within the same AWS account or across different accounts. Peering connections can span regions as well, which increases the flexibility of a VPC setup.

VPC Flow Logs

VPC Flow Logs capture information about the IP traffic going to and from network interfaces in your VPC. Flow Logs can help you with monitoring, troubleshooting, and auditing network traffic.

DHCP Options Sets

DHCP options sets allow you to provide information used by DHCP (Dynamic Host Configuration Protocol) clients to configure VPC attributes. For instance, you can specify domain name servers, domain name, NTP servers, and NetBIOS name servers via DHCP options sets.

Bastion Hosts

Bastion Hosts are special-purpose instances in a public subnet. They are used to securely access instances in private subnets. These bastion hosts provide a way to administer your VPC instances without exposing them directly to the internet.

Elastic IP Addresses

An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. You can associate an Elastic IP address with any instance or network interface for any VPC in your account. This makes it easier to manage instances as they can keep the same IP address even when stopped and started again.