Virtual Private Cloud (VPC)

Provision a logically isolated sections of the AWS Cloud where you can launch AWS resources within a virtual network that you define

Introduction to VPC

Think of AWS VPC as your own personal data centre

Gives you complete control over your virtual networking environment

  • Internet Gateway (IGW)
  • Virtual Private Gateway (VPN Gateway)
  • Routing Tables
  • Network Access Control Lists (NACLs) - Stateless
  • Security Groups (SG) Stateful
  • Public Subnets
  • Private Subnets
  • Nat Gateway
  • Customer Gateway
  • VPC Endpoints
  • VPC Peering

Key Features

  • VPCs are Regions Specific, they do not span Regions
  • You can create up-to 5 VPCs per Regions
  • Every region comes with a default VPC
  • You can have 200 subnets per VPC
  • You can use IPv4 Cidr Block and in addition to a IPv6 Cidr Blocks (the address of the VPC)
  • Cost nothing: VPCs, Route Tables, Nacls, Internet Gateways, Security Groups and Subnets, VPC Peering
  • Some things cost money: e.g. NAT Gateway, VPC Endpoints, VPN Gateway, Customer Gateway
  • DNS hostnames (should your instance have domain name addresses)

Default VPC

AWS has a default VPC in every region so you can immediately deploy instances.

  • Create a VPC with a size /16 IPv4 CIDR block (172.31.0.0/16).
  • Create a size /20 default subnet in each Availability Zone.
  • Create an Internet Gateway and connect it to your default VPC.
  • Create a default security group and associate it with your default VPC.
  • Create a default network access control list (NACL) and associate it with your default VPo
  • Associate the default DHCP options set for your AWS account with your default VPC.
  • When you create a VPC, it automatically has a main route table

Default Everywhere IP

0.0.0.0/0

0.0.0.0/0 is also known a default

It represents all possible IP addresses

When we specify 0.0.0.0/0 in our route table for IGW we are allowing internet access When we specify 0.0.0.0/0 in our security groups inbound rules we are allowing all traffic from the internet to access our public resources

When you see 0.0.0.0/0, just think of giving access from anywhere or the internet

VPC Peering

VPC Peering allows you to connect one VPC to another over a direct network route using private IP addresses

  • Instances on peered VPCs behave just like they are on the same network
  • Connect VPCs across same or different AWS accounts and regions
  • Peering uses a Star Configuration: 1 Central VPC - 4 other VPCs
  • No Transitive Peering (peering must take place directly between VPCs)
    • Needs a one to one connection to immediate VPC
    • No Overlapping CIDR Block

Route Tables

Route tables are used to determine where network traffic is directed

Each subnet in your VPC must be associated with a route table

A subnet can only be associated with one route table at a time, ut you can associate multiple subnets with the same route table

Internet Gateway

The Internet Gateway allows your VPC access to the internet

IGW does ✌🏾 two things

  1. provides a target in your VPC route table for internet-routable traffic
  2. performs network address translation (NAT) for instances that have been assigned public IPv4 address

To route out to the internet your need to add in your route tables you need to add a route to the internet gateway and set the destination to be 0.0.0.0/0

Bastions / Jumpbox

Bastions are EC2 instances which are security hardened. They are designed to help you gain access to your EC2 Instances via SSH or RCP That are in a private subnet.

They are also known as Jump boxes because you are jumping from one box to access another.

NAT Gateways/ Instances are only intended for EC2 instances to gain outbound access to the internet for things such as security updates. NATS cannot/should not be used as Bastions

System Manager’s Session Manager replaces the need for Bastions

Direct Connect

AWS Direct Connect is the AWS solution for establishing dedicated network connections from on-premises locations AWS.

Very fast network Lower Bandwidth 50M-500M or Higher Bandwidth 1GB or 10GB

✅ Help reduce network costs and increase bandwidth throughput. (great for high traffic networks)

✅ Provides a more consistent network experience than a typical internet-based connection. (reliable and secure)