- Amazon VPC - Home
- What is Amazon VPC?
- Amazon VPC - Components
- Creating Your First VPC
- Public vs Private Subnets
- Amazon VPC - Security Groups
- Network Access Control Lists
- Amazon VPC - Flow Logs
- Amazon VPC - Endpoints
- Amazon VPC - Peering
Amazon VPC Useful Resources
Amazon VPC - Components
Amazon Virtual Private Cloud (VPC) allows you to set up your own isolated network within the AWS cloud. It is just like a traditional on-premises network setup.
With the help of Amazon VPC, you can securely connect your AWS resources like EC2 instances in a logically isolated section of the AWS cloud. It is important to understand the key components of Amazon VPC to set up and manage your cloud infrastructure efficiently.
The key components of Amazon VPC include Subnets, Route Tables, Internet Gateways, and NAT Gateways. In this chapter, lets understand these important components in detail −
What are Subnets?
Subnets are basically subdivisions within a VPC that allow you to organize and manage your resources. In other words, a subnet is a range of IP addresses in your VPC.
You launch your AWS resources in your subnet. Every subnet must be in just one Availability Zone (AZ), and they cannot cross over to other AZs. Keeping your resources in different AZs protects your application from failure of a single AZ.
Types of Subnets
Subnets can be categorized in the following four categories based on how you configure routing for your subnets −
- Public Subnet − These subnets are directly connected to the internet via an internet Gateway. Resources like web services in a public subnet can access the public internet.
- Private Subnet − Opposite to public subnets, private subnets are not directly connected to the internet. To access the internet, resources in these subnets require a NAT device.
- VPN-only Subnet − As name implies, VPN-only subnet has a route to a Site-to-Site VPN connection via a virtual private gateway. They do not have a route to an internet gateway.
- Isolated Subnet − As name implies, isolated subnet has no route to any destination outside its VPC. Resources in an isolated subnet can only be accessed by other resources in the same VPC.
See the following diagram to better understand the working and placement of these key components in Amazon VPC.
Route Tables
Another key component of VPC is Route Tables. The main aim of route tables is to determine the route of the traffic within a VPC. Route Tables contains a set of rules or routes that specify the path for network traffic.
When an instance such as Amazon EC2 in a subnet receives traffic, the route table, based on the destination IP address, will decide where that traffic should go.
A VPC may have the following Route Tables −
- Main Route Table − Main route table is the default route table that comes with every VPC and by default all subnets in your VPC are associated with it.
- Custom Route Tables − As the name implies, custom route tables are the tables that users create for their VPC.
Internet Gateways
An Internet Gateway allows communication between the resources in your VPC and the internet. As the name implies, it acts as a gateway to route the traffic from public subnets to the internet and from the internet to your instances in public subnets.
Two major concerns with Internet Gateways in VPC are −
- Enabling Internet Access − Internet Gateway enables internet access to the resources in a public subnet.
- Security − Resources connected through an Internet Gateway can be secured by configuring security groups and network access control lists (ACLs).
NAT Gateways
A NAT gateway is a Network Address Translation (NAT) service that provides access to resources within a private subnet.
NAT allows instances like Amazon EC2 instance, in a private subnet to send outbound traffic to the internet for downloading software updates or connecting to external APIs. At that time, they block the inbound internet traffic from initiating a connection to those resources.