Virtual Private Cloud(VPC) in AWS
Table of contents
Today, we will learn about VPC and also learn the architecture of a virtual private cloud in detail.
What is VPC?
A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. After you create a VPC, you can add subnets.
It is like having our own data center but in the cloud space without using extra hardware.
Subnet: A subnet is a range of IP addresses in your VPC. A subnet must reside in a single Availability Zone. After you add subnets, you can deploy AWS resources in your VPC.
Routing: Use route tables to determine from where network traffic from your subnet or gateway is directed.
Architecture of VPC
→ VPC consists of a public subnet and private subnet, generally the EC2 instances are kept inside the private subnet for increasing the security.
→ If there are 2 availability zones(Availability zones are those in which our application is available, if one availability zone comes down we can access our instances from another availability zone), therefore we would require 2 public subnets and 2 private subnets.
1 public and private subnet for each availability zone.
→ If any user from outside the VPC wants to access the instances, it can be done through the NAT gateway.
i) If the instance is inside the public subnet then the user can easily communicate with the instance via the Internet gateway(Internet Gateway enables bidirectional communication between instances in a VPC and the Internet).
ii) If the instance is inside the private subnet then the user cannot directly communicate with the instance. Then we would require a bastion host or jump server to communicate with the instance residing inside the private subnet. If the instance inside a private subnet wants outbound internet access then a NAT gateway is used.
NOTE: A NAT Gateway enables instances in a private subnet to connect to the internet or other AWS services but prevents the internet or other AWS services from initiating a connection with those instances.
→ For high availability and scalability we will use autoscaling groups
→ To increase the security of our application we will use security groups that will provide security at the instance level. We can also use NACL to increase security which is the security at the subnet level.
