Amrit Poudel's Blog

Understanding AWS VPC: Learning AWS for 30 Days. || Day 4

Amrit Poudel's photo
Amrit Poudel
·

4 min read

Introduction

In the journey of learning AWS for 30 days, here on day 4, we will look after the AWS service called Virtual Private Cloud (Amazon VPC). VPC allows us to create logically isolated servers in AWS. We can have complete control over our virtual network environment, including IP address range selection, creation of subnets, and configuration of route tables and network gateways.

About VPC

History

Before VPC the application of different organizations used to be deployed on the same server in a particular availability region. In this case, the major problem arises which is a security vulnerability. If the security system of some organization is not up to the mark and some malware attack happens that will keep the whole organization's data at risk that is being hosted on that server. To solve the problem AWS came up with something called Virtual Private Cloud where AWS will allocate us the logically separated cloud where we can define the configuration ourselves like IP address range, internet gateway, route table, and many more configurations which will secure the safety.

VPC

We use VPC as we need control over the organization of resources. Control of security. And control of traffic between our services.

We will create VPC and define the size of the VPC by declaring the range of IP addresses. And within that IP range, we can divide into different subnets allocating the IP address that we have. The subnet should be in the same availability zone but different subnets can be in a different availability zone.

There are different components with the VPC like Internet gateway, load balancer, NAT gateways*, Subnet, Security Group, and Route table.*

When the user tries to access some app that is inside the ec2 instance that is located in some subnet.

At first, the traffic came in contact with the internet gateway that will link with the VPC. Along with the internet gateway, there is a public subnet.

In this way, the user communicates with the public subnet through an internet gateway which only allows authorized traffic to enter the VPC.

And from the internet gateway, the traffic is directed toward the required subnet by the load balancer located in the internet gateway.

But there needs to be a path between the load balancer and the subnet. The Route table defines that path. We Use the route table to determine where network traffic from our subnet or gateway is directed.

There is another authorization check within the subnet as there is a security group. Every subnet has its security group. Many subnets can also share the same security group instead of having each for every subnet. We can achieve this using NAC, Known as Network Access Control which will allow only authorized and compliant devices and users to be granted access to the network resources.

In the subnet if any server needs access of communicating with the outer world. It is done with the help of a NAT gateway which will help the subnet to get access to the internet, it allows only the traffic from the server in the subnet to the internet for example like to download some dependencies.

As the subnet has a private IP address, NAT (Network Address Translation) will mask the private address which will help to protect the private IP Address of subnets.

We will learn more about the VPC in the coming days along with creating the VPC.

This Pic will give a brief pictorial representation of the Theory above.

Conclusion

Virtual Private Cloud (VPC) in AWS allows users to create isolated virtual networks with control over IP addresses, subnets, routing, and security. VPC provides secure environments, separates organizations or applications, and enables communication with the outside world through components like internet gateways, load balancers, NAT gateways, subnets, security groups, and route tables. It ensures authorized access and supports outbound internet connectivity. VPC is essential for building secure and scalable applications in AWS.

We will learn more about the VPC in the coming days. Here is the wrap for the first day of learning VPC.

AWSDevops