Everything about Amazon Virtual Private Cloud(VPC)
This tutorial explains about Amazon Virtual Private Cloud ( VPC) . It will also explain the terms such as Subnet, CIDR Block,NAT Gateway, Internet Gateway, Route Table etc , that is used at the time of VPC creation.
What is Amazon VPC ?
Like a traditional Network, AWS allows a customer to create a Virtual Network inside his/her AWS account .This network is a Private network for that account holder only, means he/she only is the owner of that network.
You can create a VPC in any AWS Region ,and by default you can create 5 VPCs per AWS Region.However, we can increase this Quota Limit by sending a request to AWS Support.
Before Creating a VPC , let us have some basic understanding of the terms used in VPC creation.
A Subnet is a logical partition of the VPC/Network. In other words, we can break a VPC Network into multiple small Network Segments, called subnets.
By default, we can ceate 200 subnets per VPC .
AWS enables you to create Public and Private Subnets.
AWS Public Subnets
Instances in the Public Subnets are publicly accessible over the Internet and can access Internet as well.In other words, Instances inside Public Subnet can send outgoing traffic as well as receive Incoming traffic.We attach Public IPs to the Instances of this subset.Route Table of this subnet route traffic using Internet Gateway.
AWS Private Subnet
Instances in the Private Subnets are not publicly accessible over the Internet but can access Internet.In other words, Instances inside Public Subnet cannot send outgoing traffic but can receive Incoming traffic.We can access Private Subnet using harware/software VPN or from Public Subnet. Instances inside Private Subnet can access Internet by the help of NAT Gateway.Route table of this subnet route traffic using NAT Gateway.
CIDR Block/CIDR Notation
CIDR notation is an alternate way of representing a Subnet mask . It is simply a count of Network bits in the subnet mask. CIDR number is preceded by a slash sign ” / “.
A Network or Subnet IP 10.0.0.0 with subnet mask 255.0.0.0 will be represented in CIDR Notation as 10.0.0.0/8.Similarly , a Network or Subnet range 10.1.0.0 with subnet mask 255.255.0.0 will be represented by CIDR 10.1.0.0/16.Again , an IP address 10.10.1.1 with subnet mask 255.255.255.255 will be represented by CIDR 10.10.1.1/32 .
An Availability Zone( AZ) is a one or more discrete Data Centers in an AWS Region with redundant power, networking, and connectivity.
The no of AZs may varies from 2 to 5 in different AWS Regions.
It is good practice to distribute your web/applications/databases in multiple subnets in multiple AZs. In case , one AZ goes down due to power outage, lightning, earthquake etc, your application will be still running in another AZ.
Elastic IP address is a Public IP(IPv4) address provided by AWS Cloud and this Public IP address is static and easily attachable and de-attachable to any instance. You can attach or de-attach an Elastic IP any time(without shutting down the instance) and, to any Instance as per your requirement.Due to this flexible behavior, AWS named this IP address as Elastic IP.
NAT Gateway enables instances inside Private Subnet to get Internet access.Instances behind NAT Gateway cannot send outgoing traffic but can receive incoming traffic.
Internet Gateway enables instances inside Public Subnet to get Internet access. In addition, it enables Public Subnet , publicly accessible over the Internet.In other words , Instances behind Internet Gateway can send outgoing traffic as well as can receive incoming traffic.
Also, Internet Gateway is the only component that allows communication between your VPC and Internet.In fact , it is attached to route table of NAT gateway and Public Subnet to enable them to communicate with Internet.
Every VPC has an implicit Router and that router use route table to controls network traffic or directs the traffic to a destination.
You can associate the Route Table with an Internet Gateway or Nat Gateway for Internet access.
How to Create Amazon Virtual Private Cloud ?
Step 1 – Login to AWS account
Navigate to Services ——-> Networking and Content Delivery ————-> VPC
Click on Launch VPC Wizard
Step 2 – Create VPC with Public and Private Subnets
In this tutorial we are choosing VPC with Public and Private Subnets . However , there are three other options i.e VPC with a Single Public Subnet, Public and Private Subnets and Hardware VPN Access , and Private Subnet only with Hardware VPN Access , that you can also choose.
Instead of choosing AWS Hardware VPN, you can opt for OPENVPN for Private Subnets .OpenVPN provides two users with free licenses.
Read About : How to setup OpenVPN server on AWS
Click on Select
Step 3 – Enter the Appropriate details for your Amazon Virtual Private Cloud.
Enter VPC Network in CIDR Notation
Enter the name of your new VPC
Enter the Subnet in CIDR Notation
Enter Availablity Zone
Enter Public Subnet in CIDR Notation
Enter Availability Zone for Private Subnet
Enter the name of Private Subnet
Enter Elastic IP Allocation ID ( Allocate a dedicated Elastic IP for NAT Gateway and enter Elastic IP allocation ID)
To know more about Elastic IP read How to allocate, attach and detach Elastic IP in EC2 Instance
Note : You can also use NAT instance instead of NAT Gateway for very small Network or have very less Inbound/ outbound traffic.
Click on Create VPC
The following screen will appear
And in few min , your VPC will be created.
More facts about VPC
Navigate to Subnet section Under VPC, and select Public and Private Subnet one by one.
You can see here, in the Route table of Private Subnet , NAT Gateway is attached.
While in Public Subnet ,Internet Gateway is attached in the route table.
Your VPC is created now and ready to use with Private and Public Subnet. Attach Public facing fronted instances like Web Server with Public Subnet and Backend Servers like Application Servers and Databases with Private Subnet.
I hope you enjoyed this tutorial and learned Everything about Amazon Virtual Private Cloud(VPC) . If you think this article is helpful, please do share this post with others as well. Please also share your valuable feedback, comment or any query in the comment box. I will really happy to resolve your queries.
If you want to learn more on AWS services , read – Important List of AWS Services
Thank You so much !
If you think we helped you or just want to support us, please consider these:-
Connect to us: Facebook | Twitter