Overview to the Amazon Virtual Private Cloud
In Simplest terms, cloud computing means storing and accessing the data and programs on remote servers that are hosted on the internet instead of the computer’s hard drive or local server. It is also referred to as Internet-based computing.
Features of cloud
- No up-front investment
- Lowering operating cost
- Highly scalable
- Easy access
- Reducing business risks and maintenance expenses
- Amazon Web Services
Amazon Web Services
Amazon Web Services is a subsidiary of Amazon.com that provides on-demand cloud computing platforms to individuals, companies, and governments, on a paid subscription basis.
Before diving deep into VPC it is important to know about following networking terms:
Subnet: Subnet is referred to as a part of a network formed by breaking a larger network. It is the portion of the network in which IP addresses of all devices share a common prefix. Go through Introduction to subnetting to know more about subnets.
Subnet mask: Subnet mask is used for determining the subnet of the IP address to which it belongs. The subnet mask is a combination of 1’s and 0’s. 1’s represents network and subnet ID while 0’s represents the host ID. Go through the Role of subnet mask to know more about it.
Route Table: It is a table that contains a set of rules for routing traffic within and outside a subnet. The route table is also used to add Internet Gateway to the subnet. There can be multiple route tables in a VPC. To learn more about the route table go through this link and learn more about its functionality.
Amazon Virtual Private Cloud (VPC)
Virtual Private Cloud is a logically isolated area of AWS cloud that enables you to launch AWS resources into a defined virtual network. You have complete control over the virtual network and you can also restrict the incoming traffic using security groups. In simple terms, it helps you to secure your environment and also gives you the complete authority of incoming traffic.
Terminologies related to VPC:
- AWS Region: A region is a geographic area and in each region, there are multiple, isolated locations known as Availability Zones. Each Amazon EC2 Region is designed to be isolated from the other Amazon EC2 Regions. It helps in achieving the greatest possible fault tolerance and stability. Each region of an AWS account has a default VPC provided by AWS.
- Availability zones: An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. These availability zones are present within VPC and contains one or more subnets in which instances are allocated. An Availability Zone is represented by a Region code followed by a letter identifier. For example, us-east-1a.
- Public subnets: A public subnet is a subnet associated with a route table that has a route to the Internet gateway. The instances in the public subnet can send outbound traffic directly to the internet. As shown in the diagram, the public subnet may contain instances that host web application and needs access to the internet.
- Private subnets: A private subnet contains instances that have a private IP and internet traffic is routed through the NAT gateway. The instances in the private subnet can’t send outbound traffic directly to the internet. As shown in the diagram, the private subnet may contain instances that contains the database of the web application
- Internet Gateway: Internet Gateway allows an EC2 instance and other AWS services to connect to the internet. As it allows the user to make the subnet public so with the help of Internet Gateway an instance can access the internet and the resources outside instance can access the instance. The Internet gateway plays a very role in VPC.
- Virtual Private Gateway: A virtual private gateway sits at the edge of VPC and sets up a VPN connection between VPC and Customer gateway (a device connected to the on-premises environment of an organization). A Virtual Private Gateway is a way for you to land in your cloud when creating a VPN tunnel.
- NAT Gateway: Network Address Translation (NAT) Gateway makes it easy for the instances in a private subnet to connect to the Internet in an AWS Virtual Private Cloud (VPC). A NAT device is used for forwarding traffic from the instances in the private subnet to the internet or other AWS services and then sends the response back from the internet to the instances.
- Customer Gateway: A customer gateway device is a physical or software appliance on the customer side. It sets up a VPN connection between the on-premises environment of a customer and the Virtual Private Gateway.
- Security Groups: Security groups acts as a virtual firewall for the EC2 instance and controls the incoming and outgoing traffic. It contains outbound rules that control the outgoing traffic of the instance and inbound rules which control the incoming traffic of the instance. It is specified while launching the instance or can also be associated with instance later on. We can specify one or more security groups while launching the instance.
- Network Access Control Lists: Network ACL is an optional layer of security for VPC that works at the subnet level. It acts as a firewall for controlling traffic entering and exiting at one or more subnets. If you set up network ACLs with rules similar to your security groups, it adds a layer of security to your VPC.
Default VPC vs Non-Default VPC
|Access to Internet||Can access||Cannot access|
|Public IP addresses||Receives public IP address (by default)||Doesn’t receive public IP unless specified|
|Internet Gateway||Attached by default||May have internet gateway depending on its creation|
Benefits of Amazon VPC
- Security: It provides security at the instance level as well as the subnet level. A VPC enables inbound and outbound filtering by providing security groups and network access control lists. For example: Users can store all the data on Amazon S3 and restrict its access to the public.
- Easy-to-Use: This service is user-friendly and the user can easily set up a VPC. Users can select from different common network setups and look for the one that matches their needs. All subnets, route tables, and security groups get created automatically. There is also a default VPC for your account which is pre-configured and lets you focus on building and deploying the application.
- Customizable: The Amazon VPC is highly customizable. The user can select from a range of IP addresses and create as many subnets as they desire, and configure route tables.
- Application Performance: The congestion on the Internet can slow down the application performance. VPC decreases the probability of application performance going down as it helps in delivering the traffic with high priority.
AWS VPC Peering is a networking connection that connects one VPC with another VPC through a direct network route using private IP addresses. It enables two VPCs to communicate with each other by building a fast and reliable connection. Instances of the connected VPCs behave as if they belong to the same private network. It provides access to the resources of one network to another. You can peer VPC’s with other AWS accounts as well as other VPCs in the same account.
References: AWS official documentation