Amazon VPC or Amazon Virtual Private Cloud is a service that allows its users to launch their virtual machines in a protected as well as isolated virtual environment defined by them. You have complete control over your VPC, from creation to customization and even deletion. It’s applicable to organizations where the data is scattered and needs to be managed well. In other words, VPC enables us to select the virtual address of our private cloud and we can also define all the sub-constituents of the VPC like subnet, subnet mask, availability zone, etc on our own.
- We can place the necessary resources and manage access to those resources in the VPC, a private area of Amazon that we control.
- A default “VPC” will be generated when we register an AWS account, allowing us to manage the virtual networking environment, the IP address, the construction of subnets, route tables, and gateways.
What is Amazon VPC(Virtual Private Cloud)?
Amazon VPC can be referred to as the private cloud inside the cloud. It is a logical grouping of servers in a specified network. The servers that you are going to deploy in the Virtual Private Cloud(VPC) will be completely isolated from the other servers that are deployed in the Amazon Web Services. You can have complete control of the IP address to the virtual machines and route tables and gateways to the VPC. With the help of security groups and network access control lists, you can protect your application more.
Amazon VPC (Virtual Private Cloud) Architecture
The basic architecture of a properly functioning VPC consists of many distinct services such as Gateway, Load Balancer, Subnets, etc. Altogether, these resources are clubbed under a VPC to create an isolated virtual environment. Along with these services, there are also security checks on multiple levels.
It is initially divided into subnets, connected with each other via route tables along with a load balancer.
Amazon VPC (Virtual Private Cloud) Components
You can launch AWS resources into a defined virtual network using Amazon Virtual Private Cloud (Amazon VPC). With the advantages of utilizing the scalable infrastructure of AWS, this virtual network closely mimics a conventional network that you would operate in your own data center. /16 user-defined address space maximum (65,536 addresses)
To reduce traffic, the subnet will divide the big network into smaller, connected networks. Up to /16, 200 user-defined subnets.
Route Tables are mainly used to Define the protocol for traffic routing between the subnets.
Network Access Control Lists
Network Access Control Lists (NACL) for VPC serve as a firewall by managing both inbound and outbound rules. There will be a default NACL for each VPC that cannot be deleted.
he Internet Gateway (IGW) will make it possible to link the resources in the VPC to the Internet.
Network Address Translation (NAT)
Network Address Translation (NAT) will enable the connection between the private subnet and the internet.
Amazon VPC (Virtual Private Cloud) Fundamentals
- If the subnet has internet access then it is called PublicSubnet.
- If the subnet doesn’t have internet access then it is called PrivateSubnet.
- A subnet must reside entirely within one Availability Zone.
- An entire subnet must be contained within a single Availability Zone.
- Access between instances is managed by VPC Security Groups for both inbound and outgoing traffic (EC2 Security Groups can only define inbound rules).
- We can specify Subnet IP Routing with the aid of the Route Table.
- If a server/instance which is in a private subnet wants to reach the internet then it must have NAT in a public subnet.
- A subnet is a smaller portion of the network that typically includes all the machines in a certain area.
- We can add as many as subnets we need in one availability zone. Each subnet must reside entirely within one availability zone.
- The public subnets will be attached to Internet Gateway which enables Internet access.
- The private subnets will not have internet access.
- Each and every subnet which is presented in VPC must be associated with the routing table.
- With the help of IGW (Internet Gateway), the resources present (e.g: EC2) in the VPC will enable to access the Internet.
- One VPC can’t have more than one IGW
- If resources are running in a certain VPC then IGW can not be detached from that particular VPC.
- Route Table contains a set of rules, called route which helps us to route the network traffic.
- A single VPC can have as many as route tables it requires.
- If the dependencies are attached to the route table then they can’t be deleted.
NACL Network Access Control Lists
- The NACL security layer for VPC serves as a firewall to manage traffic entering and leaving one or more subnets.
- The NACL for the default VPC is active and connected to the default subnets.
Classless Inter-Domain Routing (CIDR)
- A technique for allocating IP addresses and for IP routing is called classless Inter-Domain Routing (CIDR), and its range is 0-32.
- When setting up a VPC, we must specify a set of IPv4 addresses using classless Inter-Domain Routing (CIDR), for (Example:10.0.0.0/16 For our VPC, this will serve as the main CIDR block).
RFC1918 Address(Private address)
- An enterprise organization will give an internal host an IP address known as an RFC1918 address. These IP addresses are employed in private networks that cannot be accessed or accessed through the internet.
The following networks are included in the RFC1918 address(Private address)
10.0.0.0 -10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
Amazon VPC Network Address Translation (NAT)
- RFC1918 address is a workable solution to IPv4 address exhaustion issues thanks to Network Address Translation (NAT).
- An internal host can communicate with an internet server with help of NAT.
- The internet and a private network are separated by a NAT device.
Use cases of Amazon VPC
- Using VPC, you can host a public-facing website, a single-tier basic web application, or just a plain old website.
- The connectivity between our web servers, application servers, and database can be limited by VPC with the help of VPC peering.
- By managing the inbound and outbound connections, we can restrict the incoming and outcoming security of our application.
Amazon VPC (Virtual Private Cloud) Working
Follow the Setps Mentioned Below To Configure Virtual Private Cloud(VPC)
Setp 1: Login into AWS Console and navigate to the VPC as shown below.
Step 2: After navigating to the AWS VPC know click on create VPC.
Step 3: Configure all the details required to create as shown in the image below. Some of the most required settings to configure VPC was as follows
- Nmae of the Network.
- IPv4 CIDR.
- And tags of VPC after that click on create VPC.
Step 4: Virtual Private Cloud Created successfully with the required setting to us.
Step 6: Check the VPC dashboard weather the VPC created is avalibile to use as shown in the image below GFG-VPC.
What Is AWS VPC (Virtual Private Cloud) Peering?
Amazon Virtual Private Cloud (VPC) is an private cloud where you can deploy your AWS Virtual machines with controlled access it is completely isolated from the each other the servers which are in the one VPC cannot communicate with the other virtual machines in the another virtual private network.
VPC peering can establish the connection between two Virtual Private Clouds which enables you to route the traffic between two VPCs using the IP address. The virtual servers which are in the same network can communicate with each other with out VPC peering connections but the servers which are in the two different networks can’t communicate with each other with out VPC peering.
AWS VPC (Virtual Private Cloud) Console
We can create and manage VPCs using the AWS Management Console log in to your AWS account. Once you are redirected to the AWS management console. Click on “Services”, and a list of options will be visible. Under “Networking & Content Delivery” there is an option named VPC, and there is the navigation pane, which consists of various services as options. Refer to the image attached ahead for a better understanding. We have discussed some of the important resources.
AWS Command Line Interface (AWS CLI)
We may issue commands on our own (OS) by using Windows, Mac, and Linux computers using AWS command line tools (OS). By using the command line, we can make it more expedient and quick than the console.
FAQs On Amazon VPC(Virtual Private Cloud)
1. Amazon VPC Full Form
The full form of Amazon VPC is Virtual Private Cloud which is isolated cloud with in the Amazon Web Service Cloud.
2. Amazon VPC Traffic Mirroring
Amazon VPC traffic mirroring is an feature provided by the amazon by which you can replicate the traffic from source instance to the target instance for the analysis or troubleshooting.
3. Amazon VPC Lattice
Amazon VPC is fully managed application networking service which streamlines the process of connecting,securing and monitoring application across the multiple AWS accounts and VPC’s which will reduce the efforts developers and can focus on the developing part.
4. Amazon VPC Flow Logs
Amazon VPC flow logs will helps you to monitor carefully the in and out of the traffic through the network the logs will stored in the CloudWatch, Amazon S3 or Amazon Kinesis data firehose.
Share your thoughts in the comments
Please Login to comment...