 |
| virtual private cloud |
virtual private cloud
It is a virtual network that operates in your own data center with the advantage of using the scalable infrastructure of AWS.VPC is a virtual network inside AWS for one client, It is logically isolated from one virtual network from another virtual network. maximum 5 VPC can be created and 200 subnets in one VPC we can allocate a maximum of 5 Elastic IPs in a virtual private network once we created VPC it will create automatically DHCP, NACL, and security group.
A virtual private network is confined to an AWS Region and does not extend between regions. Once the VPC is created you cannot change its CIDR block RangeIf you need a different CIDR size you have to create a new VPC The different subnets within a VPC cannot overlap You can however expand your VPC CIDR by adding the new extra IP address ranges.
Components of VPC
CIDR and IP address subnets.
Routers and Routing tables
Internet gateway
Security Groups
Network ACL
virtual Private gateway
Peering connection
Elastic IP
Types of VPC
Default VPC
It is Build in each AWS Region when an AWS account is created
It has a Default CIDR security group and Route table settings
It has an Internet gateway by default.
Custom VPC
It is a VPC on AWS account owner creates, AWS user creating the
custom VPC can decide the CIDR
It has its own default security group network ACL and Route
tables. It does not have an Internet gateway by default once needs
to be created if needed.
Public Subnet
Public Subnet traffic is Routed to an Internet Gateway the subnet is
called as Public subnet.If you want your instance in a public subnet
to Interface with the internet over IPV4, It must have a public IPV4
address or an Elastic IP address.
Private Subnet
Private Subnet does not have a route to the internet gateway it is known
as a private Subnet. When you create a Virtual private cloud you must state an IPV4 CIDR block for the VPC. The allowed block-sized between /16 to /28 network
The first four and the last IP address of the subnet it cannot be assigned
Routers and Routing tables
It is the central routing Function, It connects the different AZ together
and connects the VPC to the internet gateway.
you can have up to 200 route tables per VPC and have 50 Routes
entries per route table.
Each subnet is associated with only one route table at a time, if you do not
specify a subnet to route table association. the subnet will be associated
with the default VPC route table.
you can also edit the main route table if you need but you cannot delete
main route table.
however, a custom Route table manually becomes the main route
the table then you can delete the former main Route table. you can associate
multiple subnets with the same route table.
Internet gateway
An internet gateway kind of virtual router that connects a VPC to
the internet.
Default VPC is already attached with an internet gateway, if you create a
new VPC then you must attach the internet gateway in order to access
the internet.
Ensure that your subnet Route table points to the internet gateway, It
perform NAT between your private and public IPV4 addresses.
It supports both IPV4 and IPV6
NAT Gateway
Network address translation gateway to enable instance in a private
subnet to the internet or other AWS services but it block
the internet from opening a connection with those instances.
you are charged for creating and using NAT gateway in your account
The data processing rates apply by amazon Ec2 charges for data transfer
To create a NAT gateway you must state the public subnet in which
the NAT GATEWAY reside and you must identify the elastic IP address
to associated with NAT gateway when you create it.
Security group
It is a virtual firewall it can apply up to 5 security groups per Ec2
instance interface can be applied.
It has only a permit rule and cannot have denied Rule.
Network ACL
Network Acl is a function performed on the implied router, NACL is a
an elective layer of security for your VPC that acts as a firewall for
manage traffic in and out of one or more subnets.
VPC peering
A VPC peering connection is a network between the two VPC that
enables you to route traffic joining them using private IPV4
addresses. Instances in VPC can communicate with each other as if they
are within the same network.