VPC - Virtual Private Cloud

Ibrahim S's photo
Ibrahim S
·

4 min read

A virtual private cloud (VPC) is a secure, isolated private cloud hosted within a public cloud. VPC customers can run code, store data, host websites, and do anything else they could do in an ordinary private cloud, but the private cloud is hosted remotely by a public cloud provider.

Virtual private clouds (VPC)

  • Subnet: A subnet in VPC is something with a range of IP addresses. It is a section of a VPC that can contain resources such as Amazon EC2 services and shares a common address component. Public Subnet where resources are exposed to the internet through Internet Gateway and Private Subnet where resources are not exposed to the outside world.

  • Route Table: They are the set of rules used to decide where the network traffic has to be managed. It specifies the destination i.e. IP address and target. The target can be an Internet gateway, NAT gateway, Virtual private gateway, etc. With the use of route tables, users can determine where the network traffic will be directed from their subnet or gateway.

  • Virtual Private Gateway: It is the VPN(Virtual Private Network) hub on the Amazon side of the VPN connection to have a secure transaction. Users can attach it to the VPC from which they want to create the VPN connection.

  • NAT Gateway: Network Address Translation (NAT) Gateway is used when higher bandwidth, and availability with lesser management effort is required. It updates the routing table of the private subnet such that it sends the traffic to the NAT gateway. It supports only UDP, TCP, and ICMP protocols.

  • VPC Peering: A VPC peering connection allows you to route traffic between two Virtual Private Clouds using IPv4 or IPv6 private addresses. Users can create a VPC peering connection between their own VPC with a VPC in another AWS account. This connection helps you to smoothly transfer the data.

  • Security Groups: It consists set of firewall rules that control the traffic for your sample. You can have a single security group associated with multiple instances.

  • Elastic IP: It is a static IP address which is a reserved public IP address that can be assigned to any Instance in a particular region and never changes.

  • Network Access Control Lists (NACL): It is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. It adds a layer of security to your VPC.

  • Customer Gateway: A VPN connection links your network (or data) to your Amazon VPC (virtual private cloud). A customer gateway is a presenter on your side of that connection. It can be a physical or software appliance.

  • Network Interface: It’s a connection between private and public networks. Network traffic is automatically shifted to the new instance if you move it from one instance to the other.

  • VPC Endpoints: It allows VPC to make a connection with other services of AWS without using the internet. They are of two types, Interference endpoints, and Gateway endpoints. They are scaled, redundant, and highly available VPC components.

  • IP addressing: With IP Addressing, you can assign your VPCs and subnets, the IPv4 addresses and IPv6 addresses.

  • VPC Flow Logs: VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs or Amazon S3. After you create a flow log, you can retrieve and view its data in the chosen destination.

  • New Flow Logs will appear in the Flow Logs tab of the VPC dashboard. The log group will be created approximately 15 minutes after you create a new Flow Log. You can access them via the CloudWatch Logs dashboard.

  • Private Link: AWS PrivateLink provides private connectivity between VPCs, AWS services, and your on-premises networks without exposing your traffic to the public Internet. AWS PrivateLink makes it easy to connect services across different accounts and VPCs to simplify your network architecture significantly.

  • AWS PrivateLink allows connectivity to services across other accounts and Amazon VPCs without requiring route table modifications. There is no longer a need to configure an internet gateway, VPC peering connection, or Transit VPC to enable connectivity.

  • Direct Connect: AWS Direct Connect is a network service that provides an alternative to using the Internet to utilize AWS cloud services. AWS Direct Connect enables customers to have low latency, secure and private connections to AWS for workloads that need higher speed or lower latency than the Internet.

  • Transit Gateway: AWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub.

Benefits Of Using AWS Virtual Private Cloud

  • EC2 Instance security group membership can be changed while it is running.

  • Static IPv4 is assigned to Instances that persist across the start and stop.

  • Create a layered network of resources.

  • A single-tenant hardware option is available to run EC2 Instances.

  • Access Control List (ACL) is an additional security layer to protect Instances.

  • Multiple IPv4 can be assigned to your Instances.

  • Control both inbound and outbound traffic of Instances.

  • Multiple network interfaces can be attached to EC2 Instances.

Ibbus#90daysofdevopsvpcDirectConnect#awsvpc