An Overview of VPCs (Virtual Private Clouds) in AWS

VPC

Intro

You cannot enjoy any associate level AWS certification exam and not be hammered with VPC questions. This makes it a very important topic for those interested in AWS certs. This post reviews key elements of these important constructs with you.

Key Points

  • Think of a VPC as your own data center in the AWS cloud
  • AWS provides you with a default VPC in the region you select; this is to lower the barrier to entry when it comes to providing cloud-based resources quickly
  • When you create a VPC from scratch on your own, this is termed a Custom VPC
  • The default VPC provides public Internet access to all subnets inside it by default; again, this is to lower barriers to entry
  • Subnets in a VPC can be made publicly Internet accessible or private
  • Your VPCs are logically isolated from other customers and resources within AWS
  • You have high levels of control over the components in your VPC; in fact, it is your responsibility (in the shared responsibility model) to properly secure many of these components; for example, when you create a new Security Group for an EC2 instance you are provisioning, you must ensure the correct security rules exist for your appropriate usage
  • An Internet Gateway exists (one per VPC) in order to provide Internet Access
  • A Virtual Private Gateway can be used to provide VPN access
  • You have virtual routers in your VPC that contain route tables that you can manipulate; one important use of this would be to provide routing functions between your VPC subnets
  • Network Access Control Lists exist so you can enforce security rules within your VPC; these ACLs are stateless; one important aspect of this is the fact that if you permit traffic inbound, you must also permit this traffic outbound as this is not automatically provisioned
  • Subnets exist in your VPC and use RFC 1918 private addressing; each subnet is contained in an Availability Zone (AZ)
  • Security Groups can span multiple AZs, they permit you to define traffic rules for access to EC2 (and other) resources
  • Since you can have multiple VPCs in your infrastructure, you can configure VPC peering to permit access between the clouds
    • You can create direct routes using Private IPs to define connectivity
    • You can even provide peering between VPCs of different AWS accounts
    • There is no transitive peering with VPCs; so if VPC A peers with VPC B and VPC C, it does not mean that VPC B and VPC C are also peered; think of the peerings as hub and spoke

3 thoughts on “An Overview of VPCs (Virtual Private Clouds) in AWS

  1. Good stuff. I get excited about this technology every time I see a mention if it.when does the TTT Cloud start?

Leave a Reply

Your email address will not be published. Required fields are marked *