AWS VPC Introduction

What is VPC?

VPC Design

Basics Of VPC :

Subnets :

Subnet is a network inside a network. subnet is a dividing a large network into smaller networks. This is done because the maintenance of smaller networks is easier and it also provides security to the network from other networks.

Route Tables:

A route table contains a set of rules called routes which determine where traffic has to be directed. You can have multiple route tables in a VPC.

Internet Gateways (IGW):

Internet Gateway is a VPC component that allows communication between your VPC and the Internet. They are horizontally scaled, redundant, and highly available. and the VPC component that allows communication between instances and the internet. Only one IGW can be attached to a VPC at a time.

Network Address Translation Gateway (NAT):

NAT Gateway is allows a private subnet to have access to the Internet, but prevents the Internet from initiating a connection directly to the instances.

While the NAT Gateway is needed for private subnets to have Internet access, it is created in a public subnet. Unfortunately, it has an hourly cost unlike Internet Gateways.

VPC Flow Logs:

VPC FlowLog is a feature of aws that captures the information about the IP traffic going to or from the network interfaces in a VPC. Amazon FlowLog data can be either stored either by using the Amazon CloudWatchLogs or Amazon S3 bucket. After you have created a FlowLog, you can view and retrieve the data from the Amazon CloudWatch Logs.

VPC Peering:

A VPC Peering connection is a networking connection between two VPCs that enables you to route traffic between them privately (using private IPv4 or IPv6 addresses). Instances in either VPC can communicate with each other as if they are within the same network.

VPC Endpoints:

VPC endpoint enables creation of a private connection between VPC to supported AWS services and VPC endpoint services powered by PrivateLink using its private IP address. Traffic between VPC and AWS service does not leave the Amazon network.

Security groups:

Security groups are a set of firewall rules that controls the traffic for your instance. In Amazon Firewall the only action that can be carried out is allow. You cannot create a rule to deny. The destination is always the instance on which the service security group is running. You can have a single security group associated with multiple instances.:

Network Access Control Lists (NACL):

It is a security layer for your VPC that controls the traffic in and out of one or more subnets. It is an optional layer for your VPC. You can set up a Network ACL similar to the security group that adds an additional layer of security to your VPC.

Liked This Article?

Hands on VPC :

  1. Create a VPC. Create public and private subnet and attached Internet Gateway to public subnet.
  2. Create EC2 instances for each public and private subnet.
  3. SSH and test the internet access from an instance in private subnet.
  4. To provide internet access to the Instance in the private subnet, create a NAT Gateway and attach it to the VPC.
  5. Attach NAT Gateway to correct route table.
  6. Test the internet access from the Instance created inside the private subnet.

Create VPC :

Create Subnet :

Creation of Public Subnet :

Creation of Private Subnet :

Creation of Gateways :

Creation of Internet Gateway :

Creation of NAT Gateway :

Creation of Route Tables :

Creation of Public Route Table :

Creation of Private Route Table :

Associate the public subnet to the public route table.

Associate the private subnet to the Private route table.

Add a route to allow Internet traffic to the VPC in the Public route table.

Enable auto-assign public IPv4 address for Public subnet.

Launch the Instances :

Launch the Public Instance :

Launch the Private Instance :

connect the SSH :

Conclusion :

You have learned VPC Basics & How to Set up the network in VPC.

Leave a Reply

Your email address will not be published. Required fields are marked *