What is Amazon VPC?

Networking is an important aspect of cloud computing. Cloud services providers like Microsoft, Amazon, Google etc. which host applications and various database systems, storage etc. provide a way to manage your own instance as if you are operating on a private cloud. The virtual private cloud or VPC’s is a cloud computing service which provides a virtual private cloud with a logical isolation of Amazon web services (AWS) cloud. 

In today’s topic we will learn about Amazon VPC (Virtual Private Cloud), why is it needed? Its architecture, advantages and use case. 

Amazon VPC

Amazon VPC is a service which allows its users to launch their virtual machines in an isolated and protected virtual environment established by them. Having complete control over VPC with creation to customization and deletion is with the customer. VPC enables one to choose the virtual address of a private cloud and also define its sub components such as subnet, subnet mask, availability zones etc. All necessary resources and access management of those resources reside in VPC, an area that you can control within Amazon cloud. A default VPC is generated when an AWS account is registered which allows us to manage our virtual networking environment, the IP address, subnets, route tables and gateways etc. 

It is a logical grouping of resources in a specified network. The servers which we will deploy in VPC are completely isolated from all other servers deployed within Amazon cloud. With the usage of security groups and network access control lists we can protect applications hosted in AWS VPC.

Advantages of Using VPC

• While VPC is running we can change EC2 Internet security group membership
• Creation of layered network of resources
• Single tenant hardware option for EC2 instances 
• Access control list as an additional security layer provided by VPC
• Instances can have multiple IPv4 assigned
• Both inbound and outbound network traffic can be controlled
• EC 2 instances can have multiple network interfaces assigned 

Components of Amazon VPC

Let’s look at more in detail about Amazon VPC components. 

• Route Table – In AWS private cloud, route tables are a set of rules which are used to determine where to direct network traffic. Route table specifies destination IP address and target where traffic needs to reach. The target can be NAT gateway, gateway, virtual private gateway, VPC Peer connection etc.
• Subnet – It is part of a network which shares a common address component. All devices have the same prefix in the same subnet. Subnets are of two types – private where resources are not exposed to the outer world and public subnet where resources are exposed to the Internet. 
• Security Groups – are a set of firewall rules to control traffic for instances. Amazon firewall can only create a rule for traffic forwarding and not for deny. The destination instance runs the security group and a single security group could be associated with multiple instances.
• NAT Gateway – is used when high bandwidth and availability is required but administrative effort has least priority. NAT gateway resides inside a public subnet in an availability zone. Routing table is updated in the private subnet so traffic is sent to the NAT gateway. Elastic IP is associated with NAT gateway while creation. TCP, UDP and ICMP are supported by NAT gateway.
• VPC Peering – is a connection which allows to route traffic between two VPCs within the same network. VPC peer connection facilitates data transfer. 
• Network Access Control Lists (NACL) – is an optional layer of security for VPC which act as a firewall to control traffic in and out of subnet. The default network VPC is configured to allow all traffic which allows traffic flow in and out of subnets to which it is associated. 
• Virtual Private Gateway – is VPN concentrator of VPN connection on Amazon side. We can create a virtual private gateway and connect to VPC from which you want to create a VPC connection.
• Customer Gateway – Amazon VPC VPN connection link data center to Amazon VPC. 
• Elastic IP – is a static IP which never changes and is a reserved public IP address which can be assigned to any instance (In particular region). Elastic IP is reserved for AWS account until it is released. 
• Network Interface – it is a point of connection between public and private network. Every instance has a default network interface known as primary network interface. When an instance is moved it automatically shifts to a new instance.
• VPC Endpoints – allows private connections between AWS VPC and AWS services without the use of the Internet. VPC endpoints are scalable, redundancy and highly available VPC components. 

Use Cases for Amazon VPC

• With VPC we can host public facing website, single-tier basic web application, or a plain old website
• Using VPC peering connectivity can be limited between web servers, databases and applications
• To manage inbound and outbound connections, and restricting incoming and outgoing security of applications 

ABOUT THE AUTHOR

Rashmi Bhardwaj

I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”

I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.

I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)