Amazon Virtual Private Cloud (Amazon VPC) allows you to have full control over a virtual networking environment, including resource placement, connectivity, and security.

Components

Internet Gateway (IGW)

Allows bidirectional connectivity between the VPC and the outside network.

Subnet

Each subnet exists within a single Availability Zone (AZ), and an AZ can have multiple subnets.

Public Subnet

Has an Internet Gateway (IGW) for external connectivity and can be accessed from the outside.

Private Subnet

Does not have external connectivity by default and requires a NAT Gateway for external access. Even if services (e.g., EC2) within the subnet have a public IP and ports open, external connections are not allowed.

NAT Gateway

Redirects traffic from a private subnet to a public subnet and then forwards it to the external network, enabling outbound connectivity for the private subnet without being recognized by the external network.

Without a NAT Gateway, a private subnet cannot connect externally, including for OS updates.

Route Table

A subnet with a route table that points to an IGW address for 0.0.0.0/0 is considered a public subnet.

VPC Endpoint

Allows a VPC to access other “AWS services” that are not within the VPC as if they were internal.
Without a VPC Endpoint, access to S3 from within the VPC would require external routing.
With a VPC Endpoint, access is direct and private, significantly enhancing security.

Peering Connection

Enables communication between VPCs using private IP addresses.
Ensure there are no overlapping IPv4 CIDR blocks in the VPCs to avoid connection issues.

VPN Connection

Used in hybrid cloud scenarios to connect a VPC to an on-premises network.
The connection is encrypted and accessed using internal IP addresses.

VPC Sharing

When multiple departments have AWS accounts, sharing VPCs can simplify cross-account connections.
A core department can create a subnet and share it with other AWS accounts, allowing easy resource access while keeping billing separate.

Additional

Monitor VPC network traffic with VPC Flow Logs .

Example Operation Videos

AWS22- Creating VPC, public subnet
AWS23- Testing public subnet, private subnet, and bastion host