Saturday, 4 February 2023

Everything about VPC in AWS

VPC in AWS 


Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

 

  • VPC stands for Virtual Private Cloud.
  • Amazon Virtual Private Cloud (Amazon VPC) provides a logically isolated area of the AWS cloud where you can launch AWS resources in a virtual network that you define.
  • You have complete control over your virtual networking environment, including a selection of your IP address range, the creation of subnets, and configuration of route tables and network gateways.
  • You can easily customize the network configuration for your Amazon Virtual Private Cloud. For example, you can create a public-facing subnet for web servers that can access to the internet and can also place your backend system such as databases or application servers to a private-facing subnet.
  • You can provide multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.

Some ranges are reserved for private subnet:

  • 10.0.0.0 - 10.255.255.255 (10/8 prefix)
  • 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
  • 192.168.0.0 - 192.168.255.255 (192.108/16 prefix)

What can we do with a VPC?

  • Launch instances in a subnet of your choosing. We can choose our own subnet addressing.
  • We can assign custom IP address ranges in each subnet.
  • We can configure route tables between subnets.
  • We can create an internet gateway and attach it to our VPC.
  • It provides much better security control over your AWS resources.
  • We can assign security groups to individual instances.
  • We also have subnet network access control lists (ACLS).

VPC Peering

  • VPC Peering is a networking connection that allows you to connect one VPC with another VPC through a direct network route using private IP addresses.
  • Instances behave as if they were on the same private network.
  • You can peer VPC's with other AWS accounts as well as other VPCs in the same account.
  • Peering is in a star configuration, i.e., 1 VPC peers other 4 VPCs.
  • It has no Transitive Peering!!.

Dissecting AWS’s Virtual Private Cloud (VPC)

AWS's Virtual Private Cloud (VPC) is a powerful tool that companies can use to create isolated, secure instances that can run code and applications without affecting the public or internal networks. In this post, we'll explore how VPC works and what benefits it has for businesses.

At a high level, you can think of a VPC in AWS as a logical container that separates resources you create from other customers within the Amazon Cloud. It is you defining a network of your own within Amazon. You can think of a VPC like an apartment where your furniture and items are analogous to databases and instances. The walls of your apartment isolate and protect your things from being accessible to other tenants of the apartment complex.

Subnets would then be analogous to the different rooms in your apartment. They are containers within your VPC that segment off a slice of the CIDR block you define in your VPC. Subnets allow you to give different access rules and place resources in different containers where those rules should apply. You wouldn't have a big open window in your bathroom on the shower wall so people can see you naked, much like you wouldn't put a database with secretive information in a public subnet allowing any and all network traffic. You might put that database in a private subnet (i.e. a locked closet).

 

Amazon Virtual Private Cloud (VPC) is a logical data center or virtual data center in Cloud. Its provide an isolated section to host your machine.VPC is a collection of the region, Internet Gateway(IG), Route table, ACL, Security group, Subnet, Instances.VPC provides us a completely separate environment where we can place our machine in our own way. only one internet gateway per VPC.

As you can see VPC is a collection of the internet gateway, Router, Network ACL, EC2, Subnet, route table, etc. Let's have a quick look at the individual.

Region: Amazon EC2 is hosted in multiple locations worldwide. These locations are composed of Regions and Availability Zones. Each Region is a separate geographic area. Each Region has multiple, isolated locations known as Availability Zones. Amazon EC2 provides you the ability to place resources, such as instances, and data in multiple locations.

Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses. Route tables contain a set of rules, called routes, that are used to determine where network traffic is directed. Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table.

Network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.VPC automatically comes with a modifiable default network ACL. By default, it allows all inbound and outbound IPv4 traffic and, if applicable, IPv6 traffic. One subnet can only connect with a single ACL but a single ACL can have multiple subnets.

Subnetwork or subnet is a logical subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting.AWS provides two types of subnetting one is Public which allow the internet to access the machine and another is private which is hidden from the internet.

Instance is a virtual server in the AWS cloud. With Amazon EC2, you can set up and configure the operating system and applications that run on your instance.

 


How do you connect multiple sites to a VPC?

If you have numerous VPN connections, you may use the AWS VPN CloudHub to encrypt communication across locations. Here’s an illustration of how to link different sites to a VPC:




What are some of the security products and features offered in VPC?

Here are some security products and features:

Security groups – serve as a firewall for EC2 instances, allowing you to regulate inbound and outgoing traffic at the instance level.

Network access control lists – It operates as a subnet-level firewall, managing inbound and outgoing traffic.

Flow logs – capture inbound and outgoing traffic from your VPC’s network interfaces.

Can I connect my corporate datacenter to the Amazon Cloud?

Yes, you can do this by establishing a VPN(Virtual Private Network) connection between your company’s network and your VPC (Virtual Private Cloud), this will allow you to interact with your EC2 instances as if they were within your existing network.

Is it possible to change the private IP addresses of an EC2 while it is running/stopped in a VPC?

Primary private IP address is attached with the instance throughout its lifetime and cannot be changed, however secondary private addresses can be unassigned, assigned or moved between interfaces or instances at any point.

How many subnets can you have per VPC?

You can have 200 subnets per VPC.


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)