Introduction
When deploying applications in AWS, networking plays a crucial role in ensuring security, availability, and connectivity. Amazon Virtual Private Cloud (VPC) allows you to create a logically isolated network for your AWS resources. Today, we will explore VPC fundamentals, subnets, route tables, security mechanisms, and real-world applications to help you gain a solid understanding of AWS networking.
What is a VPC?
A Virtual Private Cloud (VPC) is a private, customizable network inside AWS where you can launch and manage your resources, such as EC2 instances, RDS databases, and Lambda functions.
Each AWS account comes with a default VPC, but you can also create custom VPCs to have better control over networking and security.
Why is VPC Important?
• Isolated environment: Resources in a VPC are logically separated from other AWS accounts.
• Security and control: You can define who and what can access resources inside the VPC.
• Scalability: Supports multi-tier applications with public and private subnets.
• Custom networking: Enables custom route tables, VPNs, and direct AWS connectivity.
Key Components of a VPC
Subnets
• A subnet is a logical division of a VPC.
• Each subnet is tied to a single Availability Zone (AZ) for high availability.
• Types of Subnets:
• Public Subnet – Accessible from the internet (requires an Internet Gateway).
• Private Subnet – No direct internet access (used for databases or internal services).
Example: A web server (EC2) is in a public subnet, while a database (RDS) is in a private subnet.
Route Tables
• Define how traffic is directed within the VPC and outside it.
• Each subnet is associated with a route table that controls traffic flow.
• Example Routing Rules:
• Local traffic within the VPC – Stays inside AWS.
• Internet-bound traffic – Needs an Internet Gateway.
Example:
• Public subnet – Route to the Internet Gateway (IGW) for internet access.
• Private subnet – Route to a NAT Gateway or VPC Endpoint for external communication.
Security Groups and Network ACLs (NACLs)
These control network traffic in and out of your VPC.
Security Groups:
• Works at the instance level (for example, EC2).
• Stateful: Outbound responses are automatically allowed.
• Example: Allow SSH (port 22) access from a specific IP range.
Network ACLs (NACLs):
• Works at the subnet level.
• Stateless: Every request must have an explicit inbound and outbound rule.
• Example: Block all traffic from a specific country.
Example Use Case:
• A public-facing EC2 needs port 80 (HTTP) open for a web server.
• A private database in a private subnet should only allow connections from a web server inside the VPC.
Real-World Use Case: Hosting a Web Application in a VPC
Imagine you are deploying a highly available web application. Your architecture would look like this:
1. Public Subnet: Hosts EC2 instances with a web server (NGINX, Apache).
2. Private Subnet: Hosts an RDS database (MySQL, PostgreSQL).
3. Internet Gateway (IGW): Allows public traffic to reach web servers.
4. NAT Gateway: Enables private subnet resources to access the internet securely.
5. Security Groups and NACLs: Restrict access to only necessary traffic.
Hands-On Lab: Creating a VPC in AWS
Step 1: Create a VPC
1. Go to the AWS Console and search for VPC.
2. Click Create VPC and enter:
• Name: MyCustomVPC
• IPv4 CIDR: 10.0.0.0/16
3. Click Create VPC.
Step 2: Create Public and Private Subnets
1. Navigate to Subnets and click Create Subnet.
2. Choose your VPC and select an Availability Zone (AZ).
3. Add:
• Public Subnet (10.0.1.0/24)
• Private Subnet (10.0.2.0/24)
Step 3: Attach an Internet Gateway (IGW)
1. Go to Internet Gateways and click Create IGW.
2. Name it MyIGW and attach it to MyCustomVPC.
Step 4: Configure Route Tables
1. Create a public route table and attach the public subnet.
2. Add a route (0.0.0.0/0) to the IGW for internet access.
Key Takeaways
• A VPC is your private cloud network in AWS.
• Subnets separate public and private resources.
• Route tables control network traffic.
• Security Groups and NACLs add network security.
• VPC Endpoints allow private access to AWS services like S3.
Leave a Reply