Select Page

“Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including a selection of your own IP address range, the creation of subnets, and configuration of route tables and network gateways.  You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.”

Simplified: A private sub-section of AWS that you control, in which you can place AWS resources (such an EC2 instances and databases). You have FULL control over who has access to the AWS resources that you place inside your VPC.

Note: When you create an AWS account, a “default” VPC is created for you. Including the standard components that are needed make it functional;

  1. Internet Gateway (IGW)
  2. A Route Tables (with predefined routes to the default subnets)
  3. A Network Access Control List (NACl) (with predefined rules for access)
  4. Subnets to provision AWS resources in (such as EC2 instances)

AWS Global Infrastructure

The AWS Cloud operates 42 Availability Zones within 16 geographic Regions around the world, with five more Availability Zones and two more Regions coming online throughout the next year.

AWS Regions

AWS Availability Zones

AWS Data Centers



Internet Gateway

“An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. It, therefore, imposes no availability risks or bandwidth constraints on your network traffic.”

An Internet gateway serves two purposes: to provide a target in your VPC route tables for Internet-routable traffic and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.

An Internet gateway supports IPv4 and IPv6 traffic.

Simplified: A combination of hardware and software the provides your private network with a route to the world outside (meaning the Internet) of the VPC.

Note: Your “default” VPC already has an IGW attached.

Route Tables rules and details you need to know:

  1. Only 1 IGW can be attached to a VPC at a time.
  2. An IGW cannot be detached from a VPC while there are active AWS resources in the VPC (such as an EC2 instance or RDS Database

Route Tables

“A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.”

Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table.

Note: Your “default” VPC already has a “main” route table

Route tables and details you need to know:

  1. Unlike an IGW, you can have multiple “active” route tables in a VPC
  2. You cannot delete a route table if it has “dependencies” (associated subnets)

Network ACLs

“A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.”

Note: Your “default” VPC already has an NACL in place and associated with default subnets.

NACL rules and details you need to know:

  1. Rules are evaluated



Availability Zones