AWS VPC – Virtual Private Cloud

Filed Under: AWS
Aws Vpc

AWS Virtual Private Cloud (VPC) gives you the flexibility to provision logically isolated section of the AWS cloud. Cloud knows no boundaries but there is a need for virtual isolation of your resources. So that you can configure and launch your AWS resources within the virtual network you define.

If you remember that in my post “Amazon EC2 – AWS Elastic Compute Cloud” we launched an EC2 instance within the default VPC. In this topic, we will talk about how to create AWS VPC for various use cases? AWS VPC supports all combinations where you need a public subnet or private subnet or both.

You will notice that throughout the tutorial, somewhere I will mention “Amazon VPC” and somewhere it will be “AWS VPC”. They refer to the same software and can be used interchangeably.

What is Amazon VPC?

Amazon VPC is an abbreviation for the Amazon Virtual Private Cloud (VPC). It is a networking service that provides an isolated virtual network on the AWS cloud. It enables you to launch AWS resources into the virtual network. AWS VPC is quite similar to the traditional network with the benefits of using the scalable infrastructure of AWS.

You can create your own IP address ranges, subnets (public and private), route table, and network gateways etc. You have complete control over your virtual networking environment.

Amazon Virtual Private Cloud (VPC) will look something like below within the AWS cloud:

Architecture Virtual Private Cloud

VPC Networking Components

There are several networking components are used in Amazon Virtual Private Cloud. You may be familiar with most of them since they are components of traditional networking. But the difference here is that they are elastic in nature.

Let’s explore a few of many commonly known components:

Network Interfaces

In general, a network interface is the interconnection point between a network and a computer. Network Interfaces on AWS Cloud are elastic and virtual. Virtual network interfaces can include the below attributes:

  • A primary IPv4 address (private)
  • A elastic IP per IPv4 address (private)
  • A mac address
  • One or more private IPv4 address
  • One public IPv4 address
  • Security Groups
  • One or more IPv6 address

Each instance in your AWS VPC has a default network interface also called Primary Network Interface. Default network is assigned a private IPv4 address from within the IPv4 address range of your AWS VPC.

Route Tables

A router table contains the rules which are nothing but the set of rules which determine where network traffic is directed. As shown in the above picture each subnet in VPC is associated with a routing table.

Note: A subnet can be associated with only one routing tables at a time.

To understand the routing table, you must go through the networking basics like routing, routing table, priority etc.

Internet Gateways

Internet gateways enable access to the Internet for your VPC. These allow your instances in VPC to communicate to the Internet. An Internet Gateway on AWS supports both IPv4 and IPv6 traffic.

It’s a redundant, highly available, and horizontally scaled VPC component on AWS cloud. TO enable the access to the Internet you must attach the Internet gateway to the VPC.

Let’s understand this with the help of the below diagram: Subnet 1 in the VPC is associated with a custom route table that points all internet-bound IPv4 traffic to an internet gateway. The elastic IP address of instance enables communication with the internet.

Internet Gateways

Internet Gateways

NAT Gateway

NAT is an abbreviation for Network Address Translation. If you are using a private subnet in your VPC then you would need the NAT device to connect to the Internet. NAT Gateway prevents the Internet to initiate communication.

NAT gateway is paid service on AWS cloud. You will be charged hourly for this. I would suggest checking the VPC Pricing before opting to this.

Let’s understand NAT Gateways from the below diagram:

Nat Gateways

Nat Gateways

Elastic IP Address

An elastic IP address is the static IP address. Which are designed for dynamic cloud computing. AWS supports Elastic IP for IPv4 address only. As I mentioned in network interfaces, an Elastic IP address is a property of network interfaces.

You can update a network interface to attach the Elastic IP address to the instance.

Note: If you create an Elastic IP address then it will be associated with your account. You can release the Elastic IP address from your account.

VPC Configuration Types

AWS offers four types of VPC configurations.

VPC with a Single Public Subnet

VPC Type 1

VPC Type 1

VPC with Public and Private Subnets

VPC Type 2

VPC Type 2

VPC with Public and Private Subnets and Hardware VPN Access

VPC Type 3

VPC Type 3

VPC with a Private Subnet Only and Hardware VPN Access

VPC Type 4

VPC Type 4

Getting Started with VPC

In the below exercise, we will create a VPC and Subnet with IPv4 CIDR block. Though, AWS provides you a default VPC when you launch an EC2 Instance. The purpose of this is to create your own VPC and Subnets and use them.

Creating a VPC

Let’s create the VPC using the AWS VPC wizard:

  1. Login and Open AWS Management Console
  2. You can directly copy and paste the URL https://console.aws.amazon.com/vpc/ in the address of your browser once logged in.
  3. Find the “VPC” in service tab and click on the link given.
    You will see the below screen:
    Launch Vpc

    Launch Vpc

Step 1: Select a VPC Configuration

Now, you will see the below screen, choose the required VPC configurations. I’m going to create a VPC with a single public subnet.

VPC Type 1

VPC Type 1

Click on the “Select” button.

Step 2: VPC with a Single Public Subnet

In below screen, the first section defines a VPC IPv4 CIDR block. The second section defines public subnet.

Create Vpc

Create Vpc

Click on “Create VPC” button.

Step 3: View VPC

You will see the below screen on completion of creation on the VPC.

Sucess Vpc

Sucess Vpc

You can go to the VPC Dashboard and see you VPC is listed in the summary. If you click on your VPC then you will see the below details which you filled during creation.

View Vpc

View Vpc

Step 4: View Subnet

Let’s see the public subnet which we created along with the VPC. See the description of the subnet that your public subnet is associated with the VPC you created.

View Subnet

View Subnet

Step 5: View Route Table

You can check the subnet route table as well.

View Route Table

View Route Table

Step 6: View Internet Gateway

From the left panel click on the “Internet Gateways” and you will see the below screen.

View Internet Gateways

View Internet Gateways

Your VPC is attached with the Internet gateway which will allow all your resources of the VPC to communicate to the internet.

Quick Tip: The details are more than enough to get started with VPC, Subnet, Internet Gateway and Router Table etc. I know that for a beginner to understand all of this will take a little time. You will get used to the vocabulary when you will actually use this in an application.

Deleting your VPC

Deleting VPC will delete several associated objects to it. Make sure that your review all of them before clicking on the “Delete VPC” button.

Deleting Vpc

Deleting Vpc

AWS will also delete these objects associated with the VPC for the region:

  1. Subnets
  2. Security Groups
  3. Network ACLs
  4. Internet Gateways
  5. Egress Only Internet Gateways
  6. Route Tables
  7. Network Interfaces
  8. Peering Connections
  9. Endpoints

You are good to go, just click the “Delete VPC” button and you wait for a while. You will see this screen:

Deleted Vpc

Deleted Vpc

Limits of VPC and Subnets in AWS

There are certain limits of the use of VPC and Subnets. AWS has listed them as below:

Limits

AWS VPC Limits

Comments

  1. Abhijeet Agnihotri says:

    Nice update on cloud expecting more

Leave a Reply

Your email address will not be published. Required fields are marked *

close
Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages