Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount
Categories

What is Amazon VPC? – Amazon Virtual Private Cloud

  1. Home
  3. AWS
  5. What is Amazon VPC? – Amazon Virtual Private Cloud
What is Amazon VPC? - Amazon Virtual Private Cloud

With so many services in the line, Amazon came up with Virtual Private Cloud (Amazon VPC) service for launching AWS resources in a defined logically isolated virtual network. This provides you complete control over your virtual networking environment, including,

  • the selection of IP address range
  • creating subnets
  • configuration of route tables and network gateways

Amazon VPC lets you use both IPv4 and IPv6 for most resources in your virtual private cloud in order to provide secure and easy access to resources and applications. However, to get to know more about Amazon VPC, in this blog we will be covering the major areas and details that will help you get started with it. Starting with an overview!

What is Amazon VPC?

Amazon VPC is an AWS foundational service for easily customizing your VPC’s network configuration. Using this, you can create a public-facing subnet for your web servers that have access to the internet. Moreover, this allows you to place your backend systems like databases or application servers, in a private-facing subnet with no internet access. Apart from this, it allows using multiple layers of security, including security groups and network access control lists for helping in controlling access to Amazon EC2 instances in each subnet.

amazon vpc

Further, in this, the AWS resources are automatically provisioned in a ready-to-use default VPC. And, you can configure this VPC by adding or removing subnets, attaching network gateways, changing the default route table, and modifying the network ACLs.

Amazon Virtual Private Cloud (Amazon VPC) Benefits
  • Firstly, Amazon VPC offers advanced security features for performing inbound and outbound filtering at the instance and subnet level. In addition, you can store data in Amazon S3 and restrict access for making it accessible from instances inside your VPC. Moreover, it includes monitoring features for performing functions like out-of-band monitoring and inline traffic inspection to screen and secure traffic.
  • Secondly, Amazon VPC helps you to spend less time setting up, managing, and validating. And, let you concentrate on building the applications that run in your VPCs. However, you can easily create a VPC using the AWS Management Console or Command Line Interface. After selecting from common network setups and find the best match for your needs, VPC automatically creates the subnets, IP ranges, route tables, and security groups you need. 
  • Lastly, Amazon VPC helps you in controlling your virtual networking environment by letting to,
    • Firstly, choose your own IP Address range
    • Secondly, create your own subnets
    • Lastly, configure route tables to any available gateways

If you are new to Amazon VPC then, these concepts can help you understand the key areas.

Amazon VPC concepts

Amazon VPC refers to the networking layer for Amazon EC2. However, the key concepts for VPCs are:

  • Firstly, Virtual private cloud (VPC). This refers to a virtual network assigned to your AWS account.
  • Secondly, Subnet. This defines a range of IP addresses in your VPC.
  • Thirdly, Route table. This refers to a set of rules, called routes for determining where network traffic is directed.
  • Then, Internet gateway.  Gateway attached to your VPC helps in enabling communication between resources in your VPC and the internet.
  • Next, VPC endpoint. This helps in privately connecting your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without any need for internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. 
  • Lastly, CIDR block. Classless Inter-Domain Routing (CIDR) provides an internet protocol address allocation and route aggregation methodology.

What are the features of Amazon VPC?

Amazon Virtual Private Cloud includes features for increasing and monitoring the security for your virtual private cloud (VPC):

1. Reachability Analyzer

Reachability Analyzer refers to a static configuration analysis tool used for analyzing and debugging network reachability between two resources in your VPC. After specifying the source and destination resources in your VPC, 

  • Firstly, Reachability Analyzer produces hop-by-hop details of the virtual path between them when they are reachable. 
  • Secondly,  it identifies the blocking component when they are unreachable. 
2. VPC Flow Logs
  • You can monitor your VPC flow logs delivered to Amazon S3 or Amazon CloudWatch for gaining operational visibility into your,
    • network dependencies and traffic patterns
    • detect anomalies and prevent data leakage
    • troubleshoot network connectivity and configuration issues. 
  • Secondly, the enriched metadata in flow logs helps in gaining additional insights into who initiated your TCP connections and the actual packet-level source and destination for traffic flowing through intermediate layers such as the NAT Gateway. 
3. VPC Traffic Mirroring
  • VPC traffic mirroring allows you to copy network traffic from an elastic network interface of Amazon EC2 instances. After that, it sends the traffic to out-of-band security and monitoring appliances for deep packet inspection.
  • Secondly, using VPC traffic mirroring, you can: 
    • detect network and security anomalies
    • gain operational insights
    • implement compliance and security controls
    • troubleshoot issues
  • Lastly, this feature provides direct access to the network packets flowing through your VPC. 
4. Ingress Routing
  • This is for routing all incoming and outgoing traffic flowing to/from an Internet Gateway (IGW) or Virtual Private Gateway (VGW) to a specific EC2 instance’s Elastic Network Interface. 
  • Secondly, using this feature, you can configure your virtual private cloud for sending all traffic to an IGW, VGW, or EC2 instance before the traffic reaches your business workloads. 
5. Security Groups

Security groups act as a firewall for linked Amazon EC2 instances. This has handles and controls both inbound and outbound traffic at the instance level. After launching an instance, you can link it with one or more security groups that you have created. You must know that each instance in your VPC can belong to a separate set of security groups. So, the instance will automatically be linked with the default security group for the VPC if you don’t specify a security group while launching an instance.

6. Network Access Control List

A network access control list (ACL) refers to an optional layer of security for your VPC. ACL behaves like a firewall for controlling traffic in and out of one or more subnets. However, you might set up network ACLs with rules similar to your security groups for adding an additional layer of security to your VPC. 

VPC Use cases:
1. Hosting a simple, public-facing website
  • Firstly, you can perform hosting a basic web application in a VPC and gaining the additional layers of privacy and security afforded by Amazon VPC. 
  • Secondly, you can help in securing the website by creating security group rules for allowing the webserver to respond to inbound HTTP and SSL requests from the internet. Further, you can create a VPC supporting this use case by selecting “VPC with a Single Public Subnet Only” from the Amazon VPC console wizard.
2. Hosting multi-tier web applications
  • Firstly, hosting multi-tier web applications and strictly enforce access and security restrictions between your web servers, application servers, and databases. 
  • Secondly, Launching web servers in a publicly accessible subnet while running your application servers and databases in private subnets. However, this will ensure that application servers and databases cannot be directly accessed from the internet. 
    • Further, you control access between the servers and subnets using inbound and outbound packet filtering provided by network access control lists and security groups. For creating a VPC supporting this use case, just select “VPC with Public and Private Subnets” in the Amazon VPC console wizard.
3. Backing up and recovering data after a disaster
  • You will receive all the benefits of a disaster recovery site at a fraction of the cost by using Amazon VPC for disaster recovery. Moreover, you can periodically back up critical data from your data center to a small number of Amazon EC2 instances using Amazon Elastic Block Store (EBS) volumes. Or you can further import your virtual machine images to Amazon EC2. 
    • However, for ensuring business continuity, Amazon VPC allows you to quickly launch replacement compute capacity in AWS. After the disaster is over, you can send your mission-critical data back to your data center and terminate the Amazon EC2 instances that you no longer need.
4. Extending your corporate network into the cloud
  • By connecting your VPC to the corporate network you can,
    • Firstly, moving corporate applications to the cloud
    • Secondly, launch additional web servers
    • Lastly, add more compute capacity to your network
  • Secondly, you can seamlessly move your IT resources into the cloud without changing how your users access these applications. This is because VPC can be hosted behind your corporate firewall. 
  • Thirdly, you can host your VPC subnets in AWS Outposts, a service that brings,
    • native AWS services
    • infrastructure
    • operating models to virtually any data center
    • co-location space
    • on-premises facility. 
      • For this use case, select “VPC with a Private Subnet Only and Hardware VPN Access” from the Amazon VPC console wizard for creating a VPC that supports this use case.
5. Securely connecting cloud applications to your datacenter
  • For encrypting all communication between the application servers in the cloud and databases in your data center an IPsec VPN connection between your Amazon VPC and your corporate network is used.
    • However, web servers and application servers in your VPC can support Amazon EC2 elasticity and Auto Scaling features for growing and shrinking as required. For creating a VPC supporting this use case. Just select “VPC with Public and Private Subnets and Hardware VPN Access” in the Amazon VPC console wizard.

After understanding the features and use cases for Amazon VPC. Now, it is time to get started with VPC.

Getting started with Amazon VPC

For getting started using Amazon VPC, you can create a nondefault VPC. But, before that, you must sign up for the AWS Account. Doing so will help you get instant access to the AWS Free Tier. Moreover, you will be able to explore and learn with simple tutorials. And, then, you can begin building with step-by-step guides to help you launch your AWS project.

1. Create the VPC

In this step, we will use the Amazon VPC wizard in the Amazon VPC console for creating a VPC. Steps for creating a VPC using the Amazon VPC Wizard include:

  • Firstly, open the Amazon VPC console at https://console.amazonaws.cn/vpc/.
  • Secondly, in the navigation bar, take note of the AWS Region in which you’ll be creating the VPC. However, make sure that you continue working in the same Region for the rest of this exercise. This is because you cannot launch an instance into your VPC from a different Region.
  • Thirdly, choose the VPC dashboard in the navigation pan. And then, from the dashboard, choose Launch VPC Wizard.
  • Now, choose VPC with a Single Public Subnet, and then choose Select.
  • Then, enter a name for your VPC in the VPC name field on the configuration page. For example, enter the name my-vpc, and enter a name for your subnet in the Subnet name field. This is for identifying the VPC and subnet in the Amazon VPC console after you’ve created them. Then, choose to Create VPC.
  • After that, a status window displays the work in progress. After completing the work, choose OK for closing the status window.
  • Lastly, the VPCs page displays both your default VPC and the VPC you just created.
Viewing your VPC information

You can view information about the subnet, the internet gateway, and the route tables after creating the VPC. The VPC has two route tables:

  • Firstly, the main route table that all VPCs have by default
  • Secondly, a custom route table was created by the wizard. However, the custom route table is linked with your subnet, which means that the routes in that table explain how the traffic for the subnet flows. So, if you add a new subnet to your VPC, it uses the main route table by default.

For viewing information about your VPC:

  • Firstly, open the Amazon VPC console.
  • Secondly, choose Your VPCs from the navigation pane. Here, write down the name and the ID of the VPC you created for identifying the components that are linked with your VPC.
  • Thirdly, choose Subnets from the navigation pane. However, you can identify the subnet by its name in the Name column, or you can use the VPC information.
  • Fourthly, choose Internet Gateways from the navigation pane. You can find the internet gateway that’s attached to your VPC by looking at the VPC column displaying the ID and the name of the VPC.
  • After that, choose Route Tables from the navigation pane. Then, select the custom route table and choose the Routes tab. This is for showing the route information in the details pane:
    • In which, the first row in the table is the local route. This will enable instances within the VPC to communicate. 
    • And, the second row displays the route that the Amazon VPC wizard added for enabling traffic. This traffic is destined for the internet (0.0.0.0/0) for flowing from the subnet to the internet gateway.
  • Lastly, select the main route table. However, the main route table only has a local route.
2. Launching an instance into your VPC

You must specify the subnet in which to launch the instance while launching an EC2 instance into a VPC.

For launching an EC2 instance into a VPC:

  • Firstly, open the Amazon EC2 console.
  • Secondly, in the navigation bar, ensure that you select the same region in which you created your VPC.
  • Then, choose Launch Instance from the dashboard.
  • Fourthly, on the first page of the wizard, choose the AMI. You can choose an Amazon Linux AMI or a Windows AMI for this operation.
  • Then, the Choose an Instance Type page will appear. There you can select the hardware configuration and size of the instance to launch. However, by default, the wizard selects the first available instance type based on the AMI you selected. Then choose Next: Configure Instance Details.
  • After that, on the Configure Instance Details page, select the VPC that you created from the Network list, and the subnet from the Subnet list. Then, leave the settings default and wait until you get to the Add Tags page.
  • Next, on the Add Tags page, you can tag your instance with a Name tag. For example, sett Name=MyWebServer. Now, choose Next: Configure Security Group.
  • Then, on the Configure Security Group page, the wizard automatically defines the launch-wizard-x security group for allowing you to connect to your instance. Choose Review and Launch.
  • After that, on the Review Instance Launch page, select Launch.
  • Next, in the Select an existing key pair or for creating a new key pair dialog box, you can choose an existing key pair, or create a new one. 
  • Lastly, on the confirmation page, choose View Instances to view your instance. After that, select your instance, and check for the details in the Description tab. 
AWS solution architect associate
3. Assigning an Elastic IP address to your instance

For allocating and assigning an Elastic IP address:

  • Firstly, open the Amazon VPC console.
  • Secondly, choose Elastic IPs from the navigation pane.
  • Thirdly, select Allocate new address, and then Allocate.
  • After that, select the Elastic IP address from the list. Then, choose Actions. After that select Associate Address.
  • Lastly, for a Resource type, ensure that Instance is selected. Choose your instance from the Instance list. After completing, choose Associate.
    • Now, your instance is accessible from the internet. Moreover, you can connect to your instance through its Elastic IP address using SSH or Remote Desktop from your home network. 
4. Cleaning up

Before deleting a VPC, you must terminate any instances that are running in the VPC. After that, you can delete the VPC and its components using the VPC console.

For terminating your instance, releasing your Elastic IP address, and deleting your VPC:

  • Firstly, open the Amazon EC2 console.
  • Secondly, in the navigation pane, choose Instances.
  • Thirdly, select your instance and choose Actions. After that, choose Instance State, and then select Terminate.
  • Now, in the dialog box, expand the Release attached Elastic IPs section, and select the check box next to the Elastic IP address. Choose Yes, Terminate.
  • After that, open the Amazon VPC console.
  • Then, in the navigation pane, choose Your VPCs.
  • Next, select the VPC. Then, choose Actions, and after that, choose Delete VPC.
  • Lastly, when prompted for confirmation, choose Delete VPC.

Amazon VPC pricing

In this, you can easily perform the network configuration customization for your Amazon Virtual Private Cloud. Moreover, you can support multiple layers of security, including security groups and network access control lists for helping control access to Amazon EC2 instances in each subnet. However, the pricing for VPC comes in various forms, let’s understand about them.

Amazon VPC pricing

1. Amazon VPC Reachability Analyzer Pricing

  • There will be charges for every time you analyze connectivity between a given source and destination.

2. Amazon VPC Traffic Mirroring Pricing

  • You will be charged hourly for each ENI enabled after selecting traffic mirroring on Elastic Network Interface (ENI) of Amazon EC2 instances. However, if you no longer want to be charged for traffic mirroring, then, simply disable traffic mirroring on EC2 instance ENIs. This can be done using the AWS Management Console, CLI, or API.

3. NAT Gateway Pricing

  • If you select to create a NAT gateway in your VPC, then, you are charged for each “NAT Gateway-hour” that your NAT gateway is provisioned and available. Further, for each Gigabyte processed through the NAT gateway regardless of the traffic’s source or destination the data processing charges apply. However, if you no longer wish to be charged for a NAT gateway, just delete your NAT gateway using the AWS Management Console, command-line interface, or API.
Aws certified professional

Final Words

After reading the article, you must be able to get familiarity with Amazon Virtual Private Cloud (Amazon VPC). Where Amazon VPC provisions a logically isolated section of the AWS cloud for launching AWS resources in a defined virtual network. Using this, you can take over control of the virtual networking environment, including a selection of your own IP address range, the creation of subnets, and the configuration of route tables. However, there is so much that you can do using the VPC provided by Amazon. So, go through the article and use the references provided to start your journey with AWS and its services.

Pulkit Dheer
With a background in Engineering and a great enthusiasm for writing, Pulkit focuses on intensive research to create targeted content. He brings his years of learning and experience to his current role. With a zeal towards technological research and powerful use of words dedicated to inspire and help professionals onset their career.
Menu