AWS Virtual Private Cloud (VPC) gives you the flexibility to provision logically isolated section of the AWS cloud. Cloud knows no boundaries but there is a need for virtual isolation of your resources. So that you can configure and launch your AWS resources within the virtual network you define.
If you remember that in my post “Amazon EC2 – AWS Elastic Compute Cloud” we launched an EC2 instance within the default VPC. In this topic, we will talk about how to create AWS VPC for various use cases? AWS VPC supports all combinations where you need a public subnet or private subnet or both.
What is Amazon VPC?
Amazon VPC is an abbreviation for the Amazon Virtual Private Cloud (VPC). It is a networking service that provides an isolated virtual network on the AWS cloud. It enables you to launch AWS resources into the virtual network. AWS VPC is quite similar to the traditional network with the benefits of using the scalable infrastructure of AWS.
You can create your own IP address ranges, subnets (public and private), route table, and network gateways etc. You have complete control over your virtual networking environment.
Amazon Virtual Private Cloud (VPC) will look something like below within the AWS cloud:
VPC Networking Components
There are several networking components are used in Amazon Virtual Private Cloud. You may be familiar with most of them since they are components of traditional networking. But the difference here is that they are elastic in nature.
Let’s explore a few of many commonly known components:
In general, a network interface is the interconnection point between a network and a computer. Network Interfaces on AWS Cloud are elastic and virtual. Virtual network interfaces can include the below attributes:
- A primary IPv4 address (private)
- A elastic IP per IPv4 address (private)
- A mac address
- One or more private IPv4 address
- One public IPv4 address
- Security Groups
- One or more IPv6 address
Each instance in your AWS VPC has a default network interface also called Primary Network Interface. Default network is assigned a private IPv4 address from within the IPv4 address range of your AWS VPC.
A router table contains the rules which are nothing but the set of rules which determine where network traffic is directed. As shown in the above picture each subnet in VPC is associated with a routing table.
Note: A subnet can be associated with only one routing tables at a time.
To understand the routing table, you must go through the networking basics like routing, routing table, priority etc.
Internet gateways enable access to the Internet for your VPC. These allow your instances in VPC to communicate to the Internet. An Internet Gateway on AWS supports both IPv4 and IPv6 traffic.
It’s a redundant, highly available, and horizontally scaled VPC component on AWS cloud. TO enable the access to the Internet you must attach the Internet gateway to the VPC.
Let’s understand this with the help of the below diagram: Subnet 1 in the VPC is associated with a custom route table that points all internet-bound IPv4 traffic to an internet gateway. The elastic IP address of instance enables communication with the internet.
NAT is an abbreviation for Network Address Translation. If you are using a private subnet in your VPC then you would need the NAT device to connect to the Internet. NAT Gateway prevents the Internet to initiate communication.
NAT gateway is paid service on AWS cloud. You will be charged hourly for this. I would suggest checking the VPC Pricing before opting to this.
Let’s understand NAT Gateways from the below diagram:
Elastic IP Address
An elastic IP address is the static IP address. Which are designed for dynamic cloud computing. AWS supports Elastic IP for IPv4 address only. As I mentioned in network interfaces, an Elastic IP address is a property of network interfaces.
You can update a network interface to attach the Elastic IP address to the instance.
Note: If you create an Elastic IP address then it will be associated with your account. You can release the Elastic IP address from your account.
VPC Configuration Types
AWS offers four types of VPC configurations.
VPC with a Single Public Subnet
VPC with Public and Private Subnets
VPC with Public and Private Subnets and Hardware VPN Access
VPC with a Private Subnet Only and Hardware VPN Access
Getting Started with VPC
In the below exercise, we will create a VPC and Subnet with IPv4 CIDR block. Though, AWS provides you a default VPC when you launch an EC2 Instance. The purpose of this is to create your own VPC and Subnets and use them.
Creating a VPC
Let’s create the VPC using the AWS VPC wizard:
- Login and Open AWS Management Console
- You can directly copy and paste the URL https://console.aws.amazon.com/vpc/ in the address of your browser once logged in.
- Find the “VPC” in service tab and click on the link given.
You will see the below screen:
Step 1: Select a VPC Configuration
Now, you will see the below screen, choose the required VPC configurations. I’m going to create a VPC with a single public subnet.
Click on the “Select” button.
Step 2: VPC with a Single Public Subnet
In below screen, the first section defines a VPC IPv4 CIDR block. The second section defines public subnet.
Click on “Create VPC” button.
Step 3: View VPC
You will see the below screen on completion of creation on the VPC.
You can go to the VPC Dashboard and see you VPC is listed in the summary. If you click on your VPC then you will see the below details which you filled during creation.
Step 4: View Subnet
Let’s see the public subnet which we created along with the VPC. See the description of the subnet that your public subnet is associated with the VPC you created.
Step 5: View Route Table
You can check the subnet route table as well.
Step 6: View Internet Gateway
From the left panel click on the “Internet Gateways” and you will see the below screen.
Your VPC is attached with the Internet gateway which will allow all your resources of the VPC to communicate to the internet.
Quick Tip: The details are more than enough to get started with VPC, Subnet, Internet Gateway and Router Table etc. I know that for a beginner to understand all of this will take a little time. You will get used to the vocabulary when you will actually use this in an application.
Deleting your VPC
Deleting VPC will delete several associated objects to it. Make sure that your review all of them before clicking on the “Delete VPC” button.
AWS will also delete these objects associated with the VPC for the region:
- Security Groups
- Network ACLs
- Internet Gateways
- Egress Only Internet Gateways
- Route Tables
- Network Interfaces
- Peering Connections
You are good to go, just click the “Delete VPC” button and you wait for a while. You will see this screen:
Limits of VPC and Subnets in AWS
There are certain limits of the use of VPC and Subnets. AWS has listed them as below: