Show
What is AWS VPC?
We all know the benefits of Public Cloud and the private Data centre. What if you get good from both worlds ? When you get some private cloud liberty (get own IP ADDRESS, Define routes etc) with Public Cloud’s power. A Virtual Private Cloud (VPC) asthe name suggests, gives you a private environment inside a public cloud. It is provided by all big 3 cloud providers namely AWS VPC, AZURE VPC & GCP VPC . To understand VPC practically, in this article we will have a introduction to AWS VPC and its features. The service names & pricing changes but the concept of VPC remains almost same among different cloud providers. Knowledge of CIDR notation, Subnets and basic AWS services will be helpful in understanding this article. What is VPC ?The Virtual Private Cloud (VPC) service lets you provision a private, isolated section of the Cloud where you can launch cloud services and other resources in a virtual network that you define (like 10.0.0.0/16). You have complete control over your virtual networking environment, including selection of an IP address range, creation of subnets, and configuration of route tables and network gateways.
How to set up a AWS VPCSetting up a VPC is straightforward through the AWS Management Console by choosing the VPC option. Once chosen, the VPC becomes operational after (1) Choosing an IP address range (2) Creating Subnets (3) Creating routes to the Internet (4) Authorizing traffic to and from the VPC. Components of AWS VPCThere are various sub - services of AWS VPC . Every service adds to the functionality of VPC, let us see how 1.Subnet : Subnet is a range of IP addresses in your VPC. You can launch AWS resources, such as EC2 instances, into a specific subnet. Type of Subnets :
AWS Specific VPC TYPES :
2.Security Groups : a virtual firewall. This Helps filter network traffic to a resource within VPC (like EC2, RDS Database etc) 3.Network ACL : Associated with a Subnet in a VPC to filter the traffic to and from subnet. Stateful means both to and fro traffic is allowed. While stateless means you seperately have to allow both request and response. 4.Internet Gateway : A gateway which connects public subnet to public internet. 5.NAT Gateway : Provides one way connection from private subnet to external resources (resource not in your VPC). External resource can’t initiative a connection to your resources in private subnet. It also performs NAT. 6.Resources : The resources which reside within Subnets (like EC2 instance, RDS database etc) Features of AWS VPCAWS VPC spans multiple Availability Zones. AWS VPC can have /16 to /28 CIDR address spaces. You can expand VPC by adding 4 secondary address space. The subnets should have min /28 CIDR address. Total 5 IP Address from the subnet is reserved by AWS VPC for its use. Some FAQ :
VPC flowlogs : It is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs or Amazon S3. VPC Reachability Analyser: It performs connectivity testing between a source resource and a destination resource in your virtual private clouds (VPCs). If reachable then gives hop to hop detail. If not tells which security group, network ACL, route table, or load balancer blocks traffic. Traffic Mirroring: Traffic Mirroring is an Amazon VPC feature that you can use to copy network traffic from an elastic network interface of Amazon EC2 instances. You can then send the traffic to out-of-band security and monitoring appliances for:
VPC endpoints : It enables private connections between a virtual private cloud (VPC) and supported services, without requiring that you use an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Therefore, your VPC is not exposed to the public internet. VPC PEERING: It is a networking connection between two VPCs (even in different AWS accounts) that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. AWS VPC Use CasesAccording to Aviatrix Some common use cases for VPCs include: •Hosting Web Applications Common networking use cases for VPCs include: •VPC to VPC peering General VPC Best Practices : The following are general best practices: •Plan for your IP Addresses need (with future needs in mind) then choose CIDR Range for VPC. •Use multiple Availability Zone deployments so you have high availability. •Least Privilege given to users/services equals better security. So, Use security groups and network ACLs accordingly. •Keep Network ACL simple, as each additional rule increases complexity. •Use IAM policies to control access. •Use Amazon CloudWatch to monitor your VPC components and VPN connections. •Use flow logs to capture information about IP traffic going to and from network interfaces in your VPC. AWS VPC PricingThere is No additional charge for AWS VPC itself but :- NAT Gateway charged for hourly basis. Data processing charges apply for each gigabyte processed through the NAT gateway regardless of the traffic’s source. Image showing Pricing of NAT GATEWAY
There’s also pricing for Transfer of data among different availability zones within a VPC. AWS Pricing Calculator Image showing Prices for outbound data transferAmazon VPC Reachability Analyzer charges you each time you analyze connectivity between a given source and destination. There is NO change in Pricing for each resource provisioned within a VPC. Normal resource rate + data transfer rates apply. For details please check here. BONUSAs per my experience so far ; Nothing can match the level of confidence you gain after hands on with cloud services. So, I have created a GitHub repo with AWS VPC. This will certainly help you apply the concept in action that you learned here by creating a simple web address book. Architecture Here RDS INSTANCE is NON ACCESIBLE via INTERNETHope You like it !! Let’s connect - More content at plainenglish.io. Sign up for our free weekly newsletter here. Which components that can be configured in the VPC section of the AWS Management Console?The AWS Management Console now supports the Amazon Virtual Private Cloud (VPC). You can now create and manage a VPC and all of the associated resources including subnets, DHCP Options Sets, Customer Gateways, VPN Gateways and the all-important VPN Connection from the comfort of your browser.
What are the components of VPC in AWS?These components are:. VPC CIDR Block.. Subnet.. Gateways.. Route Table.. Network Access Control Lists (ACLs). Security Group.. What type of services are associated with an AWS VPC?Amazon Virtual Private Cloud (VPC). Subnets.. Elastic IPs.. Internet Gateways.. Network ACLs.. Route Tables.. Security Groups.. Which component is used to connect a VPC to the Internet?An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.
|