[AWS Cloud Fundamental Notes] VPC
Introduction to VPC and its usage and operational mechanism
Amazon Virtual Private Cloud (Amazon VPC) allows you to have full control over a virtual networking environment, including resource placement, connectivity, and security.
Components
Internet Gateway (IGW)
Allows bidirectional connectivity between the VPC and the outside network.
Subnet
Each subnet exists within a single Availability Zone (AZ), and an AZ can have multiple subnets.
Public Subnet
Has an Internet Gateway (IGW) for external connectivity and can be accessed from the outside.
Private Subnet
Does not have external connectivity by default and requires a NAT Gateway for external access. Even if services (e.g., EC2) within the subnet have a public IP and ports open, external connections are not allowed.
NAT Gateway
Redirects traffic from a private subnet to a public subnet and then forwards it to the external network, enabling outbound connectivity for the private subnet without being recognized by the external network.
Without a NAT Gateway, a private subnet cannot connect externally, including for OS updates.
Route Table
A subnet with a route table that points to an IGW address for 0.0.0.0/0
is considered a public subnet.
VPC Endpoint
Allows a VPC to access other “AWS services” that are not within the VPC as if they were internal.
Without a VPC Endpoint, access to S3 from within the VPC would require external routing.
With a VPC Endpoint, access is direct and private, significantly enhancing security.
Peering Connection
Enables communication between VPCs using private IP addresses.
Ensure there are no overlapping IPv4 CIDR blocks in the VPCs to avoid connection issues.
VPN Connection
Used in hybrid cloud scenarios to connect a VPC to an on-premises network.
The connection is encrypted and accessed using internal IP addresses.
VPC Sharing
When multiple departments have AWS accounts, sharing VPCs can simplify cross-account connections.
A core department can create a subnet and share it with other AWS accounts, allowing easy resource access while keeping billing separate.
Additional
Monitor VPC network traffic with VPC Flow Logs .
Example Operation Videos
AWS22- Creating VPC, public subnet
AWS23- Testing public subnet, private subnet, and bastion host