A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC. You can configure your VPC by modifying its IP address range, create subnets, and configure route tables, network gateways, and security settings.
For the Solutions Architect – Associate exam, it is very important that you are familiar with your default VPC that Amazon creates for your in AWS. The idea here is to shield you from the complexities of networking in the cloud and get you up and running as quickly as possible with resources such as EC2 instances that require the underlying Virtual Private Cloud (VPC) infrastructure.
Keep these key facts in mind regarding your default VPC:
- The default IPv4 addressing is private
- The default CIDR range is /16
- Each subnet must be associated with a route table, which specifies the allowed routes for outbound traffic leaving the subnet
- The route table for the VPC has a default route entry that directs traffic to an Internet Gateway
- AWS provides two features that you can use to increase security in your VPC: security groups and network ACLs; security groups control inbound and outbound traffic for your instances, and network ACLs control inbound and outbound traffic for your subnets; in most cases, security groups can meet your needs; however, you can also use network ACLs if you want an additional layer of security for your VPC
- The default network ACL permits all traffic inbound and outbound
- If you have a default VPC and don’t specify a subnet when you launch an instance, the instance is launched into your default VPC
- You can launch instances into your default VPC without needing to know anything about Amazon VPC
- Each instance that you launch into a default subnet has a private IPv4 address and a public IPv4 address; these instances can communicate with the internet through the internet gateway; an internet gateway enables your instances to connect to the internet through the Amazon EC2 network edge
- A VPC spans all the Availability Zones in the region