Chiranthan Sridhar

February 3, 2021

AWS VPC

AWS VPC fundamentals

Overview

VPC, Virutal private cloud is a private network to deploy our resources
Through subnets we can partition our network inside a VPC
public subnet is one which is accessible from the internet and private subnet is not accessible
Route tables are used to define access from internet and between subnets

Architecture of a VPC

VPC is at region level - having multiple AZs
An AZ has public and private subnets

More on VPC

Internet gateway helps VPC instances to connect to the internet
Public subnet through internet gateway connects to internet

Public subnet has route to IGW, private subnet has route to NAT gateway and instance

Network ACL

Acts as a firewall controlling traffic from and to subnet
It can have allow or deny rules
Attached at subnet level
Rules can have only IP addresses

Security groups

Firewall controlling traffic to and from ENI or EC2 instance
It can only have allow rules
Rules can have IP addressed or other security groups

VPC flow logs

Captures information from VPC flow logs, subnet flow logs, ENI flow logs
Helps to monitor and trouble shoot network issues
Captures network information from managed services like RDS, Aurora and so on too
Can store the logs to an S3 of be sent to cloudwatch logs

VPC peering

Connection two VPCs through AWS network
For this IP address range on two VPCs should not be overlapping
VPC connection is not transitive, it’ll only between two VPCs

VPC endpoints

Allows VPC to connect to AWS services using private network instead of public network
They have advantage of low latency and secure connection
VPC endpoint gateway for DynamoDB and S3
VPC endpoint interface for other services

Site to site VPN and Direct connection

We can connect our on-prem VPN to AWS using public encrypted network - Site to site VPN. This can be setup quickly
We can also physically connect them through private, secured network - Direct connection. This can take over a month to establish

Table of Contents