A basic AWS service in both the Compute and Network AWS categories is Amazon’s Virtual Private Cloud (VPC). Being fundamental, a VPC network must be present to access other AWS services, such as Elastic Compute Cloud (EC2).
Running on the AWS cloud requires setting up a VPC. Now let’s look at:
- How VPCs operate
- their residence
- Management of VPC
- Parts of a VPC
- joint accountability
(This lesson is included in our AWS Guide. To browse, use the menu on your right.)
Virtual networking environments: How VPCs function
Each VPC builds its own virtual network environment for your AWS account in the cloud. Other AWS resources and services run inside VPC networks to offer cloud services.
Anyone who manages a real Data Center will recognize AWS VPC (DC). A VPC functions similarly to a conventional TCP/IP network that may be grown and expanded as necessary. However, a VPC does not explicitly contain any DC parts you are accustomed to working with, such as routers, switches, VLANS, etc. They were redesigned and abstracted into cloud software.
A virtual network architecture into which AWS instances may be launched can be easily created using VPC. Each VPC specifies the requirements for your AWS resources, such as:
- An IP address
- Networking capabilities
- the location of VPCs
One and only one AWS region serves as the creation and home for all VPCs. The geographical areas where Amazon clusters its cloud data centers are known as AWS regions.
A regional VPC offers network services from that region, which is a benefit of regionalization. You can create a second VPC in a different region if you need to provide customers there easier access.
This fits well with the AWS cloud computing idea, according to which pay-as-you-go pricing and on-demand internet delivery of IT resources and applications are standard. By restricting VPC configurations to particular areas, you may deliver network services where and when they are required.
A VPC can be hosted by many Amazon accounts. Because VPCs are separate from one another, you may utilize the same private subnet in several VPCs just as you would in two distinct physical data centers. Additionally, you may add public IP addresses that can be used to access instances deployed from a VPC over the internet.
Each account receives a single default VPC from Amazon, replete with the following:
- Standard subnets
- scheduling tables
- security teams
- list of network access controls
You have two options when creating a new VPC and its accompanying services: either alter the existing VPC or utilize it for your cloud setups.
In charge of your VPCs
These AWS management APIs are used for managing VPCs:
AWS Management Console is the web-based management tool for all AWS services (image below).
For many AWS services, the AWS Command Line Interface (CLI) offers commands for Windows, Linux, and Mac. AWS typically offers CLI commands for configuration instructions.
For AWS services, including VPCs, the AWS Software Development Kit (SDK) offers language-specific APIs.
Consult APIs. HTTP or HTTPS requests can be used to submit low-level API activities. For further details, see the EC2 API Reference on AWS.
Your VPCs and other AWS services are managed through the AWS Management Console.
(Discover further AWS administration tools.)
Parts of a VPC
Most of the VPC resources you may build and administer are displayed in the web-based AWS administration dashboard, as seen above. VPC network services consist of the following:
- Blocks of IPv4 and IPv6 addresses
- establishment of a subnet
- Route charts
- Internet accessibility
- Flexible IP addresses (EIPs)
- LAN/subnet security
- supplementary networking services
- Let’s take a quick look at each.
Classless interdomain routing (CIDR) blocks are used to build VPC IP address ranges for IPv4 and IPv6. If the secondary CIDR block is from the same address range as the primary block, you can add both primary and secondary CIDR blocks to your VPC.
The private address ranges listed in RFC 1918, as indicated in the table below, are what AWS advises you to use when specifying CIDR blocks. The limitations on which CIDR blocks may be utilized are listed on the AWS VPCs and Subnets page.