AWS VPC - An Intro

VPC - Virtual Private Cloud. AWS VPC lets us create a logically isolated network within which we can deploy AWS Resources. By default, we can have 5 VPCs in an AWS Region. A VPC is available in each region by default.

Subnets - Refers to a range of IP addresses. A Subnet must reside within a single Availability Zone.

Gateway - A gateway connects VPC to another network. Example: Internet Gateway connects the VPC to the internet.

VPC Endpoint - This allows resources within VPC to connect to AWS Services privately.

Route Tables - The rules (called routes) that determine where the traffic from subnets should go are defined in route tables. Each subnet should be associated with one route table only. If a subnet is not explicitly associated with a route table, it will be associated with the main route table of the VPC. A single route table can be associated with multiple subnets. A route table is attached to a VPC at the time of its creation.

Route - A Route consists of a destination and a target. The destination is an IP address or IP range to which the subnet wants to send the traffic and the target refers to the gateway or endpoint to which the traffic will be sent so that the traffic will reach the final destination.

local route - A special route where the target is local and it enables communication within the VPC and is added to all route tabes, by default.

Sidebar :

CIDR blocks for IPv4 and IPv6 are treated separately.

0.0.0.0/0 represents all IPv4 addresses.

::/0 represents all IPv6 addresses.

Security Groups - A network security feature that operates at the EC2 instance level. We can define inbound and outbound allow rules within a security group. It is stateful and so it allows return traffic. We can define only allow rules but not deny rules.

Network ACL - A network security feature that operates at the subnet level and hence applies to all resources within that subnet. It is stateless. The allow rules as well as deny rules have to be explicitly defined.

Private Subnet - A private subnet can be created by restricting all inbound access to the subnet except from within the VPC using network ACL.