Introduction to

Amazon VPC

Presented by Planet Web Channel

 What is Amazon VPC?

• Amazon Virtual Private Cloud (VPC) allows you to provision a

logically isolated section of the AWS cloud where you can launch
AWS resources in a virtual network that you define.

• Example: Think of a VPC as a house with rooms (subnets) where

you decide who enters each room and what they can do inside.
 Why Use an Amazon VPC?
1.Isolation and Security
• Your resources are isolated from other users.
• Customizable security settings for fine-grained control over
traffic.
2.Control
• Full control over your virtual networking environment, including
selection of IP address range, creation of subnets, and
configuration of route tables and network gateways.
3.Scalability and Flexibility
• Easily scale up or down based on demand.
• Flexible configuration options to meet your specific needs.
Amazon VPC Features

1.Dedicated AWS Account

• Each VPC is associated with a single AWS account.
2.Belongs to a Single AWS Region
• Each VPC resides within a single AWS Region but can span
multiple Availability Zones (AZs).
3.Multiple Availability Zones
• Increase availability and fault tolerance by distributing resources
across multiple AZs.
An Example
Logical Isolation
Each VPC is logically isolated from other VPCs.
Subnets
• Subnets are logical network segments within your VPC. They enable you to
subdivide your VPC network into smaller networks inside a single Availability Zone.
• Public Subnets:
• Subnets that have a route to the Internet Gateway, allowing resources within them
to communicate directly with the internet.
• Example: Think of a public subnet as a room with windows where people (internet
traffic) can see in and communicate.
• Private Subnets:
• Subnets without a direct route to the internet, typically used for resources that
don't need direct internet access, such as databases or application servers.
• Example: A private subnet is like a room without windows, providing additional
security and isolation.
• Use Cases:
• Public subnets are ideal for web servers that need to serve content to internet
users.
• Private subnets are ideal for backend servers or databases that only need to
communicate within the VPC.
• Best Practices:
• Use Network ACLs and Security Groups to control access to and from subnets.
• Distribute subnets across multiple Availability Zones for high availability.
Cont’d
2.Route Tables
• A route table contains a set of rules (routes) that determine
where network traffic is directed.
• Example: Think of a route table as someone in your house,
guiding visitors to the correct rooms.
3.Internet Gateway
• An Internet Gateway allows communication between instances
in your VPC and the internet.
• Example: It’s like the main door of your house that connects to
the outside world.
Cont’d
4.NAT Gateway
• A NAT Gateway allows instances in a private subnet to connect to
the internet or other AWS services but prevents the internet from
initiating a connection with those instances.
• Example: It’s like a mail forwarding service where your house
sends out mail (requests), but outsiders can't directly enter.
5.Primary network interface (elastic network interface)
• An elastic network interface is a virtual network interface (NIC)
that connects an instance to a network. Each instance in a VPC
has a default network interface, the primary network interface,
which cannot be detached from the instance.
Cont’d
6.Router
• A router is a component that routes traffic within the VPC.
7.Virtual private gateway
• A virtual private gateway is the component that is defined on the
AWS side of a virtual private network (VPN) connection. A VPN
connection provides a secure and encrypted tunnel between two
network endpoints.
8.Customer gateway
• A customer gateway is a physical device or software application
that is defined on the client side of a VPN connection
Security Groups and Network ACLs

1.Security Groups
• Act as a virtual firewall for instances.
• Example: Security guards for each room.
2.Network ACLs
• Additional layer of security at the subnet level.
• Example: Main gate security for your house.
VPC Endpoints
1.Definition
• Enable private connections between your VPC and supported
AWS services without using an Internet Gateway, NAT device,
VPN connection, or AWS Direct Connect.
2.Types
• Interface Endpoints
• Gateway Endpoints
• Example: Private path from your house to a nearby shop without
using the main street.
Common Ways to Access Amazon VPC

1.AWS Management Console

• User-friendly interface for managing your VPC.
2.AWS CLI (Command Line Interface)
• Script and automate VPC configurations.
3.AWS SDKs
• Programmatically manage VPCs using your preferred
programming language.
Example Services Used with Amazon VPC

1.EC2 (Elastic Compute Cloud)

• Run virtual servers.
2.RDS (Relational Database Service)
• Managed relational databases.
3.ElastiCache
• A fully managed, in-memory data store and cache service by AWS.
• It is designed to improve the performance of web applications by
allowing retrieval of data from fast, managed, in-memory caches
instead of relying entirely on slower disk-based databases.
4.Redshift
• A fully managed, petabyte-scale data warehouse service in the cloud.
5.Elastic Load Balancing (ELB)
• Automatically distributes incoming application traffic.
Best Practices

1.Security
• Implement least privilege, review security groups.
• Use Network ACLs for additional security.
2.Cost Management
• Monitor usage, optimize NAT Gateway usage.
• Analyze traffic with VPC Flow Logs.
3.Performance
• Distribute instances across subnets and AZs.
• Use Elastic Load Balancing for high availability
Amazon VPC configuration: IP addressing
Overview of IP Addressing in VPC
• In Amazon VPC, IP addressing is fundamental to setting up and managing
your network.
• An IP address is a unique identifier assigned to each device on a network.
• Proper IP address configuration ensures efficient communication within
your VPC and with external networks.
• CIDR Blocks
• A CIDR (Classless Inter-Domain Routing) block is used to define the range
of IP addresses available within your VPC.
• When you create a VPC, you must specify a CIDR block, such as
10.0.0.0/16.
• The CIDR notation includes an IP address and a prefix length (e.g., /16),
indicating the network portion of the address.
• Example: The CIDR block 10.0.0.0/16 provides up to 65,536 IP addresses
(10.0.0.0 to 10.0.255.255).
Subnets and IP Allocation

• Subnets are segments of your VPC's IP address range that you

can allocate to different Availability Zones.
• Each subnet must have a unique CIDR block within the VPC.
• Example: In a VPC with CIDR block 10.0.0.0/16, you can create
subnets like 10.0.1.0/24 and 10.0.2.0/24.
• Public Subnet: Allows direct access to the internet.
• Private Subnet: No direct access to the internet; used for backend
resources.
Understanding CIDR in Amazon VPC
What is CIDR?

• CIDR (Classless Inter-Domain Routing) is a method for

allocating IP addresses and IP routing.
• CIDR blocks specify IP address ranges using a combination of an
IP address and a prefix length.
• The prefix length indicates how many bits of the address are
used for the network portion and how many are used for hosts
within the network.
Components of CIDR

• Network Portion: Defines the fixed part of the IP address that

identifies the network.
• Host Portion: The variable part of the IP address that identifies
individual devices (hosts) on the network.
• Prefix Length: Specifies the number of bits in the network
portion of the address, written after a forward slash (e.g., /24).