Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
Features of VPC
- VPC is always created in region not in availability zone.
- It is logically isolated from other Virtual Networks in the AWS cloud.
- Max 5 VPC can be created and 200 subnets in the perrticular VPC.
- We can allocate a maximum of 5 Elastic IPs.
- Once VPC is created,DHCP, NACL and security groups will be automatically created.
- A VPC is confined to an AWS Region and does not extend between the regions.
- Once the VPC is created, You cannot change the CIDR Block Range.
- If you need a different CIDR, create a new VPC.
- The different subnets within a VPC can not be overlaped.
- You can however expand your VPC CIDR by adding new/extra IP address ranges( except GovCloud and AWS China).
Components of VPC
The following components helps in configuring a VPC:
Virtual private clouds (VPC): A virtual private cloud is Virtual Network that Closely Resembles a traditional Networking that you Operate in your own data centre, with the benefit of using scalable infrastructure of AWS.
Subnets: A subnet is a range of IP addresses in your VPC. A subnet must reside in a single Availability Zone. After you add subnets, you can deploy AWS resources in your VPC.
IP addressing: You can assign IPv4 addresses and IPv6 addresses to your VPCs and subnets. You can also bring your public IPv4 and IPv6 GUA addresses to AWS and allocate them to resources in your VPC, such as EC2 instances, NAT gateways, and Network Load Balancers.
Routing: Use route tables to determine where network traffic from your subnet or gateway is directed.
Gateways and endpoints: A gateway connects your VPC to another network. For example, use an internet gateway to connect your VPC to the internet. Use a VPC endpoint to connect to AWS services privately, without the use of an internet gateway or NAT device.
Peering connections: Use a VPC peering connection to route traffic between the resources in two VPCs.
Traffic Mirroring: Copy network traffic from network interfaces and send it to security and monitoring appliances for deep packet inspection.
Transit gateways: Use a transit gateway, which acts as a central hub, to route traffic between your VPCs, VPN connections, and AWS Direct Connect connections.
VPC Flow Logs: A flow log captures information about the IP traffic going to and from network interfaces in your VPC.
VPN connections: Connect your VPCs to your on-premises networks using AWS Virtual Private Network (AWS VPN).