AWS VPC (Virtual Private Cloud) provides an isolated and secure virtual cloud for companies to deploy websites, apps, and other services. It’s a private, provisioned portion of the Amazon virtual cloud and has the extreme flexibility and scalability to help a tiny startup launch a new website or a massive enterprise deploy a new web application.
Security is a primary reason to use AWS VPC, but there’s also the flexibility to configure the virtual cloud the way you need to run it. This can include using either IPv4 or IPv6, setting your IP address range, creating subnets, and configuring gateways and route tables.
Amazon Virtual Private Cloud (AWS VPC) is a service that lets you launch AWS resources in a logically isolated virtual network that you define. You have complete control over your virtual networking environment, including the selection of your own IP address range, the creation of subnets, and the configuration of route tables and network gateways.
A default VPC is created automatically by amazon inside each region for your account. This way, you don’t have to worry about it when starting with AWS services.
The AWS VPC architecture includes public and private subnets. The first set of private subnets share the default network access control list (ACL) from the Amazon VPC, and a second, optional set of private subnets includes dedicated custom network ACLs per subnet.
Benefits of Using AWS Virtual Private Cloud (AWS VPC):
- EC2 Instance security group membership can be changed while it is running.
- Static IPv4 assigned to Instances that persist across the start and stop.
- Create a layered network of resources.
- A single-tenant hardware option is available to run EC2 Instances.
- Access Control List (ACL) is an additional security layer to protect Instances.
- Multiple IPv4 can be assigned to your Instances.
- Control both inbound and outbound traffic of Instances.
- Multiple network interfaces can be attached to EC2 Instances.
Components of AWS Virtual Private Cloud (AWS VPC):
⦁ Route Table: In AWS Virtual Private Cloud, route Tables are the set of rules, that are used to determine where the network traffic has to be directed. Route table specifies the destination (IP address) and target (where do want to send the traffic of that destination). The target can be Internet gateway, NAT gateway, Virtual private gateway, VPC peering connection, etc
⦁ Subnet: It is a portion of the network that shares a common address component. All devices whose addresses have the same prefix are in the same subnet. For example, all those devices whose IP address would start with 172.31.1 would be part of the same subnet. There are two types of subnets. Private Subnet where resources are not exposed to the outside world and Public Subnet where resources are exposed to the internet through Internet Gateway.
⦁ Security Groups: Security groups are a set of firewall rules that controls the traffic for your instance. In Amazon Firewall the only action that can be carried out is allowed. You cannot create a rule to deny. The destination is always the instance on which the service security group is running. You can have a single security group associated with multiple instances.
⦁ NAT Gateway: Network Address Translation (NAT) Gateway is used when higher bandwidth, availability with lesser administrative effort is required. NAT gateway always resides inside the public subnet of an Availability Zone. It updates the route table of the private subnet such that it sends the traffic to the NAT gateway. Elastic IP must be attached to the NAT gateway while creating. It supports only TCP, UDP, and ICMP protocols.
⦁ VPC Peering: A VPC peering connection allows you to route traffic between two Virtual Private Cloud’s using IPv4 or IPv6 private addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. A VPC peering connection helps you to facilitate the transfer of data
⦁ Network Access Control Lists (NACL): an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC. The default network ACL is configured to allow all traffic to flow in and out of the subnets to which it is associated.
⦁ Virtual Private Gateway: A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the VPN connection.
⦁ Customer Gateway: An Amazon VPC VPN connection links your data center (or network) to your Amazon VPC (virtual private cloud). A customer gateway is an anchor on your side of that connection. It can be a physical or software appliance.
⦁ Elastic IP: It is a static IP address that never changes and is a reserved public IP address that can be assigned to any Instance in a particular region. An elastic IP is reserved for your AWS account and is yours until you release it.
⦁ Network Interface: Network Interface is a point of connection between a public and a private network. Every instance has a default network interface, called the primary network interface. Network traffic is automatically shifted to the new instance if you move it from one instance to the other.
⦁ VPC Endpoints: VPC endpoints allow private connection between your AWS VPC and other AWS services without using the internet. VPC endpoint devices are scaled, redundant, and highly available VPC components. There are two types of AWS Virtual Private Cloud endpoints Interface endpoints and Gateway Endpoints.