Introduction to Amazon Virtual Private Cloud(VPC)

-

By Jayant Sharma


Introduction

Amazon VPC allows the users to use AWS resources in a virtual network. It enables you to launch AWS resources into a virtual network that is defined youIt is logically isolated from other virtual networks in the AWS Cloud. The users can customize their virtual networking environment as they like, such as selecting own IP address range, creating subnets, and configuring route tables and network gateways. VPC also enables a developer to create security groups to set limits on inbound and outbound traffic to AWS EC2 instances.
A subnet is a logical partition of an IP network into multiple, smaller network segments. The practice of dividing a network into two or more networks is called subnetting. It is typically used to subdivide large networks into smaller, more efficient sub-networksComputers that belong to a subnet have identical most-significant bit-group(24 bits are same) in their IP addressesYou can launch AWS resources into a specified subnet. Use a public subnet for resources that must be connected to the internet, and a private subnet for resources that won't be connected to the internet.

Components of Amazon VPC
ElementBrief description
Virtual Private Cloud (VPC)A logically isolated virtual network in the AWS cloud. You define a VPC’s IP address space from a range you select.
SubnetA segment of a VPC’s IP address range where you can place groups of isolated resources.
Internet GatewayThe Amazon VPC side of a connection to the public Internet.
NAT GatewayA highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the Internet.
Hardware VPN ConnectionA hardware-based VPN connection between your Amazon VPC and your data center, home network, or co-location facility.
Virtual Private GatewayThe Amazon VPC side of a VPN connection. The Customer gateway is the customer side of a VPN connection.
Peering ConnectionA peering connection enables you to route traffic via private IP addresses between two peered VPCs
VPC EndpointEnables Amazon S3 access from within your VPC without using an Internet gateway or NAT, and allows you to control the access using VPC endpoint policies.

Internet Gateways in VPC   

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. Gateways establish connections between your Amazon VPC network and the internet. There can be only one gateway associated with each VPC.
NAT (Network Address Translation) Gateway in VPC
It is used to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. A NAT device forwards traffic from the instances in the private subnet to the internet or other AWS services, and then sends the response back to the instances. When traffic goes to the internet, the source IPv4 address is replaced with the NAT device’s address and similarly, when the response traffic goes to those instances, the NAT device translates the address back to those instance's private IPv4 addresses.
AWS offers two kinds of NAT devices: 
  • NAT gateway  
  • NAT instance.

NAT gateways provide better availability and bandwidth over NAT instances. The NAT Gateway service is also a managed service that does not require your administration efforts. A NAT instance is launched from a NAT AMI. You can choose to use a NAT instance for special purposes. For more comparison, visit here.


Route Tables

route table contains a set of rules, called routes, that are used to determine where network traffic is directed. Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table.

Default VPC and Default Subnets

If you created your AWS account, you have a default VPC in each AWS Region. A default VPC is ready for you to use so that you don't have to create and configure your own VPC. You can immediately start launching Amazon EC2 instances into your default VPC. You can also use services such as Elastic Load Balancing, Amazon RDS etc, in your default VPC. A default VPC is suitable for getting started quickly, and for launching public instances such as a blog or simple website. You can modify the components of your default VPC as needed. 

AWS Services used with VPC
The list of AWS services that can be used with Amazon VPC are −
  • Amazon EC2
  • Amazon Route 53
  • Amazon Work-spaces
  • Auto Scaling
  • Elastic Load Balancing
  • AWS Data Pipeline
  • Elastic Beanstalk
  • Amazon Elastic Cache
  • Amazon EMR
  • Amazon OpsWorks
  • Amazon RDS
  • Amazon Redshift

Comments

Post a Comment

Popular posts from this blog

AWS CloudWatch: Creating Billing Alarms

-
Image
AWS CloudWatch Billing Alarm By Jayant Sharma You can monitor your estimated AWS charges using Amazon CloudWatch. When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data. For beginners and students, Amazon Web Services has a  Free Tier , which is  very generous . However, as you move from free tier limits to general working, it’s good to have billing alerts set up that means you’ll get an email when your bill approaches a certain amount. Setting up billing alerts uses  CloudWatch .  The Billing metric data is stored in the US East (N. Virginia) region and represents worldwide charges What is actually done in this? The alarm triggers when your account billing exceeds the threshold specified by you. i.e. it triggers only when actual billing exceeds the threshold. If you create a billing alarm at a time when your char...
Read more

Cloud Computing: Introduction in a simple way

-
Image
Cloud Computing                                                                                    By:    Jayant Sharma                                                                                      Client - Server Architecture Client- server architecture is a system architecture in which the client requests some resources and the server host...
Read more