Amazon Virtual Private Cloud(VPC)
What is Amazon Virtual Private Cloud (VPC)?
Amazon Virtual Private Cloud (VPC) is a service provided by Amazon that lets you create your own private cloud and launch AWS resources in a logically isolated virtual network that you define.
You have complete control over your own virtual private cloud and networking , including selection of IP address , subnets, and configuring route tables and network gateways by yourself. The VPC is in single AWS region, but its subnets can be spread across multiple Availability Zones (AZs) in that region.
VPC Concept
The following are the concepts for VPC:
- Virtual private cloud (VPC) — A virtual network or private cloud dedicated to your AWS account.
- Subnet — A range of IP addresses in your VPC . There can be multiple subnets in a single VPC
- Route table — A set of rules called routes, that are used to see where and how network traffic is directed.
- Internet gateway — A Internet gateway that you connect to VPC to enable links between resources in your VPC and the Internet.
- VPC endpoint — Allows you to connect your VPC privately to supported AWS services without requiring an IGW , NAT device, or AWS Direct Connect connection.
- CIDR block — Classless Inter-Domain Routing. An internet protocol that allows address allocation and route aggregation.
Inside a VPC
Subnet 1: 10.0.0.0/24
Subnet 2: 10.0.1.0/24
Subnet 3: 10.0.2.0/24An Internet gateway (IGW) routes traffic from the EC2 instance in Subnet 1(Public Subnet) to the Internet.
Availability Zone B has a Private Subnet and is not connected to Internet Gateway
A virtual private gateway (VPG) establishes a hardware VPN connection to route traffic between the VPC and the corporate network. It is also called VPN-Only Subnet
VPC Components
IP Addresses = When you create VPC , AWS provides private and public IP address. Your VPC CIDR block has the number of private IP addresses that you will able to allocate to your VPC.
Elastic Network Interface (ENI) = It is a virtual network interface which carries a MAC address, one or more private IP address, and one or more public IP address. Your EC2 instance type specifies the number of Elastic Network Interfaces that can be attached to the instance.
Route tables = A route table has the routes that sees where your network traffic is routed. When you create your own virtual private cloud , a main route table is generated and all subnets that are present your VPC are connected to that main route table.
Internet Gateways = A Internet gateway that you connect to VPC to enable links between resources in your VPC and the Internet. It helps or allows the resources that are inside your VPC and a public subnet to communicate with Internet.
NAT Instances = A network address translation (NAT) instance is used to allow resources in a private subnet to communicate with resources or things on the Internet. Like EC2 instances that are in a private subnet cannot have a public IP address . Therefore, it cannot communicate with the Internet directly . It needs it’s private IP to be converted through a public interface.
DNS = The instance’s in VPC are given a DNS hostname by AWS. You can use the DNS by editing or creating DHCP option set and setting the DNS that is going to be used further.
Security Groups = Security groups act as firewalls. Using security groups you can decide what ports are open and the resources that can connect with your resources over those ports.
Network Access Control List = NACLs act as firewalls that either allows or blocks traffic at the subnet level. These can be used in concurrence with the security groups to increase your security.
Virtual Private Gateway = To establish a hardware VPN-ONLY connection between the corporate network and the Cloud(AWS), you can create and configure a virtual private gateway (VPG) inside your VPC.
Steps To Configure A VPC
Whenever we login into our AWS account the default VPC is created. Then we can launch instances it.
Step 1:- Create a VPC. Specify the name and IPv4 CIDR for the same.
Step 2:- Create 2 Subnets private and public . Name it as Subnet-private and Subnet-public across AZ. Then select the VPC you created and specify IPv4 CIDR for both the subnets.
Step 3:- Create 2 Route Tables one is Private-rt and other is Public-rt also connect it with your VPC. Then associate the subnets to the route tables respectively.
Step 3:- Create a IGW (Internet Gateway) and connect it to the VPC from Actions tab select Attach VPC and save it.
Step 4:- Add Route to the Route table for the Internet access. Go to Route Tables Option, Select Public Route Table, click on Route Tab which is there down and Click on Edit and the click on “add another route”. For Public route table we have to connect it to the internet.
For private we do not allow the internet access as it has to be private and not accessible by others.
Step 5:- Launch two EC2 instances in this VPC
- Instance-1 for the private subnet. Select the VPC name and the Private subnet in the instance configuration and Disable the Auto-Assign Public IP option. Configure the Security Group (SSH, HTTP. HTTPS).
- Instance-2 for the public subnet. Select the VPC name and the Public subnet in the instance configuration and Enable the Auto-Assign Public IP option. Configure the Security Group (SSH, HTTP. HTTPS).
Step 6:- After selecting the Public Instance Go to Connect Option and from SSH connection copy the command and paste it in CMD.
Step 7:- Validate your Connection through using the CMD and by ping the google.com to check the Internet Connection.
What is VPC Peering?
A VPC Peering connection is a networking connection between two or more VPC’s that allows you to route traffic between themselves using private IP Address.
Instances in VPC can communicate between themselves within the same network. or in other AWS account. The connected VPCs can be in different regions.
Conclusion
In this Blog, we have seen about the virtual private cloud . VPC lets you create your own private cloud and launch AWS resources in a logically isolated virtual network that you define. We saw the components of VPC like Route Tables, IGW, ENI, etc. Understood the core concept of VPC and what is there in it. There are types of subnets which were explained above . And in the last we saw what is actually VPC Peering.