Virtual Private Cloud (VPC): Your Gateway to Secure and Scalable Cloud Infrastructure
Table of contents
- Architecture of VPC
- Steps To Create And SetUp VPC:
- Step 1: Go to AWS Management Console and open AWS VPC Service. This is how the console page would look like:
- Step 2: Click on VPC and then on create VPC. Give you VPC a name, and IPv4 Block and click on create.
- Step 3: Next step is to create a subnet, on the VPC Dashboard select subnet. Click on create Subnet. Fill in the below details and select VPC which we created and click on create
- This is the Subnet we created
- Step 4: Let us now create an internet gateway, that lets us drive write traffic across our instances. To do that, let us go ahead create one by going to VPC dashboard and clicking on Internet gateway, once we do that, let us select create Internet gateway, fill in the details as shown below.
- Step 5: Once the Gateway is created, select your Internet Gateway, click on actions and select attach to VPC. In this case attach to the VPC you have created.
- Step 6: Select Route Tables and click on create one, fill in the details as shown below,
- Step 7: Select your route and below it Click on Subnet associations, select you subnet and click on save,
- Step 8: Click on routes, select add route and select Internet Gateway and then add the Internet Gateway we have added. And click on save route.
- Now go ahead and launch an EC2 instance and in the networking bit select the VPC you have created and that VPC should be active in your instance.
- Conclusion:
What is AWS VPC?
VPC stands for Virtual Private Cloud.
A virtual private cloud (VPC) is a virtual network dedicated to your AWS account.
Amazon Virtual Private Cloud provides a logically isolated area of the AWS cloud where you can launch AWS resources in a virtual network that you define.
VPC allows the user to select IP address range, create subnets, and configure route tables, network gateways, and security settings, etc
You can provide multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.
How does it work?
AWS VPC will look familiar to anyone who used running a physical Data Center (DC). However, the DC components you are used to dealing with such as routers, switches, VLANS, etc. it does not explicitly exist in a VPC. They have been abstracted and re-engineered into cloud software.
Where VPCs live?
All VPCs are created and exist in one and only one AWS region.
AWS regions are geographic locations around the world where Amazon data centers are clustered within region.
Each Amazon account can host multiple VPCs because VPCs are isolated from each other.
We can multiple VPC in the same region with different CIDR.
Default and Custom VPCs
If your account was created, it comes with a default VPC.
It has a default subnet in each Availability Zone and it is ready for you to use.
You can launch instances into your default VPC without needing to know anything about Amazon VPC.
You can also create your own Custom VPC, and configure it as you need. This is also known as a nondefault VPC.
Architecture of VPC
Let’s understand some basics of VPC and important concepts to configure your VPC to provide the connectivity that your applications need
Subnets — Subnets refer to a division of an IP network into smaller, more manageable network segments and are associated with a VPC. They can be either public or private. Public subnets have a route to the Internet, typically through an Internet Gateway, while private subnets do not have direct Internet access. I will talk about Internet gateway a little later in this blog.
Route Tables — Route tables are used to take care of the routing of the traffic coming from the internet into your VPC. They consist of set of rules called routes which determine where the traffic is directed.
Internet Gateway — Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows the connection between your VPC and the internet. It supports both IPv4 and IPv6 traffic and there can only be one internet gateway attached to a VPC. It enables the resources in the public subnets to connect to the internet and vice versa.
Security groups — A security group refers to a set of firewall rules that controls the traffic allowed to and from your instance. You can create rules to choose the ports and protocols to allow for inbound traffic and outbound traffic. Security groups are stateful that is responses to allowed inbound traffic are allowed to leave the instance regardless of outbound traffic.
NACL (Network Access Control List) — Network ACL allows or denies specific inbound or outbound traffic at the subnet level. It is a layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. By default, Network ACL allows all traffic to flow in and out of the subnets to which it is associated. Also, Network ACLs are stateless meaning you need a rule that allows responses to inbound traffic.
VPC Flow logs — AWS VPC flow logs are a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC which could help you with a number of tasks like monitoring, diagnosing some network issues, etc.
Steps To Create And SetUp VPC:
Step 1: Go to AWS Management Console and open AWS VPC Service. This is how the console page would look like:
Step 2: Click on VPC and then on create VPC. Give you VPC a name, and IPv4 Block and click on create.
Step 3: Next step is to create a subnet, on the VPC Dashboard select subnet. Click on create Subnet. Fill in the below details and select VPC which we created and click on create
This is the Subnet we created
Step 4: Let us now create an internet gateway, that lets us drive write traffic across our instances. To do that, let us go ahead create one by going to VPC dashboard and clicking on Internet gateway, once we do that, let us select create Internet gateway, fill in the details as shown below.
An internet gateway is a virtual router that connects a VPC to the internet. To create a new internet gateway, specify the name for the gateway below.
Step 5: Once the Gateway is created, select your Internet Gateway, click on actions and select attach to VPC. In this case attach to the VPC you have created.
Next we will create a route table, attach a subnet to it and route the traffic using Internet gateway,
Step 6: Select Route Tables and click on create one, fill in the details as shown below,
Step 7: Select your route and below it Click on Subnet associations, select you subnet and click on save,
Step 8: Click on routes, select add route and select Internet Gateway and then add the Internet Gateway we have added. And click on save route.
Now go ahead and launch an EC2 instance and in the networking bit select the VPC you have created and that VPC should be active in your instance.
Conclusion:
A default VPC is created in your AWS account in each AWS region and is configured such that you can immediately start launching and connecting to the EC2 instances. AWS offers various reliable and secure connectivity solutions to optimize your integration of remote networks with Amazon VPC. By leveraging Amazon Virtual Private Cloud (Amazon VPC), you can easily deploy AWS resources within a custom-defined virtual network. This virtual network closely mirrors the structure of a traditional network found in your on-premises data center, while benefiting from the scalable infrastructure provided by AWS.