
Amazon Virtual Private Cloud (VPC)
Amazon VPC: What is a Virtual Private Cloud?
A VPC resembles:
- Private data centers
- Private corporate networks
Private Network
- Private and Public subnets
- Scalable infrastructure
- Ability to extend corporate/home network to the cloud as if it were part of your network
Amazon VPC: Benefits of a VPC
- Ability to launch instances into a subnet
- Ability to define custom IP address ranges inside of each subnet (private and puplic)
- Ability to configure route tables between subnets
- Ability to configure internet gateways and attach them to subnets
- Ability to create a layered network of resources
- Extending our network with VPN/VPG controlled access
- Ability to use Security Groups and Subnet network ACLs
Understanding the default VPC
- Default VPC is a difficult setup than a non-default VPC
- Default VPC gives users easy access to a VPC without having to configure it
- Default VPC subnets have internet gateways attached
- Each instance added has a default private and public IP address
- If you delete the default VPC, the only way to get it back is to contact AWS
Understanding the non-default VPC
- Non-default VPCs have private IP addresses but not public IP addresses
- Can only access resources through elastic IP addresses, VPNs, or gateway instances
- Do not have internet gateways attached by default
VPC Peering
- VPC Peering allows you to setup direct network routing between different VPCs using private IP addresses
- Instances will communicate with each other as if they were on the same private network
- VPC Peering can occur between other AWS accounts and other VPCs within the same region
Scenarios:
- Peering two VPCs – Company runs multiple AWS accounts and you need to link all the resources as if they were all under one private network
- Peering TO a VPC – Multiple VPCs connect to a central VPC but cannot communicate with each other, only the VPC (file sharing, customer access , Active Directory)
VPC Scenarios
- VPC with public subnet only – Single tier apps
- VPC with public and private subnets – Resources that don’t need public internet access/layered apps
- VPC with public and private subnets and hardware connected VPN – Extending to on-premises
- VPC with a private subnet only and hardware VPN access
VPC Limits
- 5 VPCs per region
- 200 Subnets per VPC
- 50 Customers gateways per region
- 5 Internet gateways per region
- 5 Elastic IP addresses per region for each AWS accounts
- 50 VPN connections per region
- 200 route tables per region
- 500 security groups per region