Skip to Content

AWS VPC Creation

Posted on October 25, 2022 by

Categories: AWS

Tags:

VPC establishes an exclusive virtual network environment for your AWS account in the cloud. Other AWS resources and services run inside VPC networks to offer cloud services.

AWS Virtual Private Cloud components

Route Table: In the AWS Virtual Private Cloud, a routing table is a collection of guidelines that specify the direction that network traffic should be traveling. The target (IP address) and destination are specified in the routing table (where do want to send the destination traffic). The target might be a virtual private connection, NAT gateway, Internet gateway, or virtual private cloud.

A subnet is a section of the network that uses a single address. The same subnet includes all devices with the same prefix on their addresses. For instance, devices with IP addresses that begin with 172.31.1 would be included in the same subnet. Subnets come in two different flavors. Resources on a Public Subnet are accessible via an Internet Gateway, whereas those on a Private Subnet are not accessible from the outside world.

Security Groups: Your instance’s traffic is governed by firewall rules called security groups. The only action that may be taken in Amazon Firewall is permitted. There can be no rule that forbids it. The instance on which the service security group is operating is always the destination. A single security group may be connected to several instances.

Gateway NAT: When more bandwidth, availability, and less administrative effort are required, a network address translation (NAT) gateway is utilized. An Availability Zone’s public subnet is where the NAT gateway is always located. It makes the necessary changes to the private subnet’s route table to direct traffic to the NAT gateway. When generating, Elastic IP must be connected to the NAT gateway. Only the TCP, UDP, and ICMP protocols are supported.

VPC Peering: Using an IPv4 or IPv6 peering connection, you may transport traffic between two Virtual Private Clouds. It is possible for instances in either VPC to talk with one another as though they were on the same network. Between your own VPCs or with a VPC in another AWS account, you may establish a VPC peering connection. Network Access Control Lists (NACL): an optional layer of protection for your

VPC functions as a firewall regulating traffic into and out of one or more subnets. A VPC peering connection aids in the flow of data.

To further secure your VPC, you may configure network ACLs with rules corresponding to those in your security groups. All traffic can enter and exit the subnets to which the default network ACL is connected.

Any instance inside a specific area may be given an elastic IP address, a reserved public IP address that never changes. AWS reserves an elastic IP for your account; it belongs to you until you relinquish it.

A network interface is a point of connectivity between a private and public network. The primary network interface is the default one that comes with every instance. If you switch network traffic from one instance to another, it is instantly routed to the new instance.

VPC Endpoints: Without utilizing the internet, VPC endpoints enable private connections between your AWS VPC and other AWS services.

The scalable, redundant, and highly available VPC endpoint devices. AWS Virtual Private Cloud endpoints come in two varieties: Interface endpoints and Gateway Endpoints.

VPC Scope:

The CIDR range for default VPCs is 172.31.0.0/16. A VPC’s default subnets are given /20 netblocks in the VPC CIDR range.

For IPv4, Amazon VPC currently supports five IP address ranges: one primary and four secondaries. Each of these ranges has a size ranging from /28 (in CIDR notation) to /16. Your old network’s IP address ranges and VPC’s IP address ranges shouldn’t cross over.