What is VPC?
A VPC is a logical data center within AWS that allows you to launch resources within virtual network and each virtual network is isolated from other virtual network within AWS. AWS allows you full control over your VPC and restrict others, specific IP addresses to access the resources within it. It prevents
To create a VPC, you must need to specify a range of IPv4 addresses in terms of Classless Inter-Domain Routing (CIDR). AWS also allows you to optionally add IPv6 addresses to your VPC.
The few key components of VPC are as follows
Subnet – A subnet is a range of IP addresses within your VPC. That means its a segment of a VPC’s IP address range to allow you to launch group of isolated resources. A VPC consists of one or more subnets in the availability zone.
A subnet could be private or public. If the subnet is routed to an internet gateway, then the subnet is called public subnet and this allows your resources within the subnet to interact with internet. The other one which does not have route to the internet gateway, its called private subnet. If the subnet doesn’t have routed to internet gateway, but has been routed towards a virtual private gateway for establishing the VPN connection, then its called VPN-only subnet.
Route Tables – It contains a set of rules that decides where the network traffic would be directed. The two main route tables are as main route table and custom route table. The main route table automatically comes with your VPC. It helps to communicate with all subnets within your VPC. A custom route table is created with own set of rules that you want your traffic where to be directed. The other route tables are subnet route table, gateway route table.
Internet Gateway – An internet gateway is a horizontally scaled and highly available VPC components that helps to communicate between the instances in your VPC and the internet. It also provides a target in route table for internet traffic and to perform network address translation (NAT) for public IP assigned instances.
VPC Endpoint – It enables your instances without the need of public IP within your VPC to privately connect to supported AWS services without requiring internet gateway, NAT, VPN connection or AWS Direct connect.
NAT Instance – The network address translation (NAT) instance launched in a public subnet of your VPC enable your instances within private subnet to connect to the internet. However it prevents incoming request from internet to the instances hosted in private subnet.
NAT Gateway – NAT gateway works in the same way as like NAT instance. You charges for hourly usage and data processing rates. Both NAT instance and NAT gateway supports IPv4 traffic only.
DHCP – The dynamic host configuration protocol (DHCP) helps in passing configuration information to hosts on a TCP/IP network. It uses parameters such as domain name, name server to set the DHCP options sets for your virtual private cloud.
NACL – A Network address control list (NACL) is an additional layer of security that you could opt for controlling traffic in and out of one or more subnets within your VPC. AWS VPC supports default and custom NACL. The few key points for network ACL are as follows
- A default network ACL is created automatically with the creation of a VPC and its modifiable when needed. It allows all inbound and outbound traffic by default.
- Custom network ACL could be created with own set of rules and could be associated with a subnet. It denies all inbound and outbound traffic by default.
- Each subnet must be associated with a network ACL. The subnet would be associated with default network ACL, if its not explicitly associated with a network ACL.
- A single NACL could be associated with multiple subnets
- A NACL supports separate inbound and outbound rules and each rule could either allow or deny the traffic.
- NACLs are stateless. That means the responses to allowed inbound traffic are subjected to the rules for outbound traffic.
Security Group – Security group act as a firewall to control inbound and outbound traffic for your instances. Security group supports on EC2 level. You could edit both inbound and outbound rules of your security group for firewall setup of your instance.
Benefits of using VPC
The benefit of VPC are as follows
Secure – AWS VPC allows you to secure your resources within your virtual network using security groups and network access control list (NACL) at the instance and subnet level.
Simple – AWS allows you to create a VPC using console UI quickly to start provision of your resources within it.
Customizable – You could create a VPC and subnets with your own custom CIDR range. You could also set rules for your route tables and as that of NACL and security groups at anytime.
I hope this blog helps to get started with AWS VPC. Please comment below for any questions related to this blog.