In this series of articles around VPC, we are going to learn in detail what VPC is and how can we actually set it up. Here we will be covering the below topic:
INTRODUCTION TO VPC
Virtual private cloud (VPC) is a virtual network dedicated to your AWS account and this is logically isolated from the other virtual networks in AWS.
We can launch the AWS resources into our own VPC. You can configure your VPC; you can select its IP address range, create subnets, and configure route tables, network gateways, and security setting.
Generally, when we go to the cloud platform like AWS in production , we give the security to our instances using the security group and the credentials, but in production our instances are public facing and thus in case of any mistake , the instance’s security can be breached, and this problem of security can be solved by the VPC.
So, VPC can be understood as a LAN and with respect to cloud it comes with many additional features.
Now let’s see what a corporate datacenter looks like,
Here we can see that we have a router which is connected to the switches and each switch has a Local area network and we generally call them subnet, as it is a part of a larger network.
For example, if we take an example of subnet 172.20.1.0/24 then we can understand that any computer under this subnet will have an IP address in this range.
Now we can place all the servers of a project in this subnet or in other subnet as well.
Computers in subnet can be connected or can communicate if they are connected to a router.
If we don’t want computers from one subnet to connect/communicate with other computers in other subnet then we can do that with the help of Network ACL (Access Control List) which can block or allow traffic based on IP addressing scheme.
So now the next question comes up -- how can I create my own personal network in AWS to have more control?
The answer is VPC.
As we have a security group for the instances, similarly, we have NACL for the subnets.
Now, let’s see the pictorial representation of a VPC network.
Here blue lock indicates NACL.
When we create a subnet then the subnet will be created in an availability zone, we can also create multiple subnets in a single availability zone.
For example: If we have 2 instances under the load balancer, then we can create one instance in availability zone A and other in availability zone B and can create 2 different subnets in each availability zone and place the instances in those subnets.
We can see in the above diagram, that by doing this we have distributed the instances and got high availability at network level and also at instance level. So, if one zone goes down, we will still have another instance running in other zone.
INTRODUCTION TO COMMON NETWORK TERMINOLOGIES
Now it is also important to understand some of the basic terminologies before we move to the next part of this series.
Below are some of the most common and important terms to be familiar with:
What Is Subnet?
It is a range of IP addresses in your VPC. We can select the subnet and then launch the AWS resources into it.
One can use a public subnet for resources that must be connected to the internet and a private subnet for resources that are not connected to the internet.
What Is a Private Subnet?
A private subnet routes the traffic to the NAT Gateway. Private subnet instances only need a private IP and internet traffic is routed through the NAT in the public subnet.
What Is Public Subnet?
A Public subnet routes traffic through an Internet Gateway and instances in public subnet have public IPs.
What is NAT Gateway?
NAT Gateway is used to allow the instances in a private subnet to connect to the internet or other AWS Services but prevents instances in private subnets to be accessible from the Internet.
What is InternetGateway?
An Internet Gateway is a highly available VPC component that allows communication between instances in your VPC and the Internet.
What is RouteTable?
A Route Table contains a set of rules, called routes, that are used to determine where network traffic is directed.
Every subnet in the VPC is associated with a route table which tells the traffic of resources in the subnet where to go.
Each subnet can have only 1 route table at a time, but a route table can be associated with multiple subnets.
SUMMARY
In this article we have understood what is VPC and why do we use it and what are the benefits that can be reaped using VPC. We also learned some of the common terminologies which we are going to use frequently in the coming articles.
I hope you find this article helpful. Stay tuned for more … Cheers!!