Post

AWS-VPC - Hand book (Draft)

Posted
By Mokhlesur Mahin 2 min read

AWS VPC - Hand book (Draft)

Virtual Private Cloud (VPC) is a secure, isolated network segment hosted within AWS.

VPC isolates computing resources from other computing resources. It gives the customer full control of the networking in the cloud_

  1. Subnetting (IP Addresses)
  2. Routing (Route Tables)
  3. Firewalls (NACLs and Security Groups)
  4. Gateways.

Subnet: Within your VPC, you create your subnet. Its nothing but a group of IP Addresses in your VPC. A subnet resides within a single availability zone.

Subnets can be Private or Public.

A private subnet is a subnet that is not exposed to the internet. Either the internet can’t talk to resources within that subnet or the subnet can’t talk to the internet either.

A public subnet is exposed to the internet.

CIDR Block: Every VPC has a range of IP Addresses assigned to it called the CIDR block. A CIDR block defines the IP Addresses that resources in the VPC can use.

A CIDR block size can be anywhere from a /16 to a /28. Subnets within a VPC must be within the CIDR range.

Example_ CIDR Block -> 192.168.0.0/16 means range 192.168.0.0-192.168.255.255

Subnet -> 192.168.10.0/24 (Allowed) Subnet -> 10.100.1.0/24 (Not Allowed)

The first 4 IP Addresses of a subnet are reserved and cannot be used_

Say, 192.168.10.0 is the network address.

192.168.10.0-192.168.10.3- reserved for AWS.

The last IP Address of a subnet is reserved as the broadcast address- 192.168.10.255.

Subnets when first created are private and not exposed to the internet.

Now, to make a private subnet public, we need to use Internet Gateway.

Internet gateway allows subnets in a VPC to communicate with the internet and vice-versa.

There is another tool, that provides internet connectivity to subnet is NAT gateway.

With NAT Gatway, a connection must be initiated from within the VPC.

Basic difference_ Internet Gateway and NAT Gateway

NAT

Internet Gateway allows either side to connect. From internet to VPC and from VPC to internet.

On the other hand, NAT Gateway blocks connection from the internet. It only allows request to be sent from the VPC to internet and the response.

Firewalls

Firewalls monitor traffic and only allow traffic permitted by a set of predefined rules. It only allows traffic that matches a certain set of rules. There are two types of rules_

  1. Inbound.
  2. Outbound.
AWS
Cloud AWS VPC
This post is licensed under CC BY 4.0 by the author.