AWS Virtual Private Cloud (VPC)
Amazon virtual private cloud allows you to launch AWS resource into a virtual network that is per-defined. It provides commercial cloud computing services where users can access amazon elastic compute cloud over an IP based virtual network. The main feature of this is the user chooses his unique IP address range, subnets, a configuration of network paths and route cables. It is designed to give much more granular security by providing public subnet for web servers with internet connections and make your backend database or application servers in private subnet with no internet connection.
Getting Started with Amazon VPC
Before starting with tasks, log in with amazon credentials or create a free AWS account. Users can connect amazon VPC through two ways IPv4 or IPv6
There are five major steps to start with amazon VPC:
- Create the VPC
- Create your security group
- Launch an instance into your created VPC
- Assign an elastic IP address to your created instance
- Clean up
Creating a Virtual Private Cloud
To create a VPC using the Amazon VPC wizard in the Amazon VPC console. Then create a VPC with a/16 IPv4 CIDR block. It is a network with 65,536 private IP addresses and attaches an internet gateway to the created VPC. Create a subnet with size in the range of 256 private IP address. Custom your route table and assign it to the subnet to control the traffic between subnet and internet gateway
To view any info about your VPC follows the below steps:
- Login to Amazon VPC console
- In the navigation panel, in your VPCs columns, take a note of your VPC name and VPC ID
- In the navigation panel, select subnets, it displays the name and date created and to which VPC it belongs. Internet Gateways column helps you to provide the way it is attached to a subnet
- the Route table is identified in the navigation panel, but you can find two rows in it.
- The first row in route table is the default and local route way and it cannot be changed, and it is the one that allows the instance to communicate with VPC
- The second row shows the route between subnet to the internet gateway. Here amazon VPC wizard is connected to ensure the traffic flow to IP address outside the VPC
Create a Security Group
Your VPC comes with default security groups, but you can add or delete some set of rules according to the behavior of instances. To control the incoming traffic add inbound rules and for outgoing traffic from instances add outbound rules. The security group acts as a virtual firewall and control the traffic between the related instances.
Set of rules:
Creating WebserverSG Security Group
- Log in to your Amazon VPC console.
- In the navigation panel, select security groups, then create security groups.
- In the Group Name field, provide name and description of webserverSG.
- On the inbound rules tab, edit as follows.
- Select HTTP from the Type list. In the source, field enter 0.0.0.0/0
- To add another rule repeat the same in the source field and select SSH if it is a Linux or RDP if it is Windows server.
- Another important point, in the production environment it is unsafe to use 0.0.0.0/0 the same for all IP address to control the instance. It is applicable only for smaller exercises.
- Click on Save.
Launch an Instance into your VPC
- Log in to your Amazon EC2 console.
- From the dashboard, launch instance. Based on your server you can choose amazon Linux AMI or Amazon Windows AMI.
- You can select default selection on choosing an instance type page.
- On configure instance details, select network and subnet list.
- Select WebServerSG in the configure security group and move on to review and launch.
- Choose the existing key pair or create a new one. Then download the file and save it in a secure location.
- Before selecting Launch instances to check on details and description of instances.
Assigning an Elastic IP Address to Instance
- Login to Amazon VPC console.
- Choose elastic IP in the navigation panel.
- Select allocate new address then allocate.
- Select an IP address from the list, select actions and then associate address.
- In Resource type, select the instance from Instance list and click associate.
In the navigation pane, choose Your VPCs, select actions and delete VPC.
Features of Amazon VPC
Following are the features of Amazon VPC.
- Create your version in IPv4 or IPV6 as per your reliability.
- Bridge your VPC to other SAAS or your on-site IT infrastructure.
- Enable VPC security groups and VPC flow to log information about the traffic.
- Provide services include DynamoDB, S3, EC2 system manager, service catalog, ELB API, EC2 API, and Amazon SNS plays an important role in disaster recovery by taking periodic backups. It has multiple connectivity actions.
Advantages of Amazon VPC
The advantages are explained below.
- Provide constant Scalability and reliability by making the resources up and down as per your requirement.
- Higher-level managed services.
- It provides advanced security option and also enables to store your data securely with inbound and outbound filtering, security groups and network access control list.
- You can pay for what you use. So it requires only a minimum operating cost.
- Simple and user-friendly.
VPC with the single public subnet. It is used to run a simple process.
VPC with public and private subnet: It created VPC which runs in the public-facing web page but in the backend, it cannot be accessed publicly
VPC with public and private subnet and AWS site to site VPN access: By creating VPC, it is used to extend and provide direct internet access to your data centers.
VPC with private subnet only and AWS site to site VPN access: By creating VPC, it is used to extend data center and leverage amazon infrastructure without exposing to your network to internet gateways.
It is affordable, reliable and provides us with a built-in security system. You can easily customize your configuration according to business needs. It ties hand with Big switch networks, Blue hexagon, Corelight, Extrahop, Fidelis, Fireeye, Flowmon, etc.
This is a guide to What is Amazon VPC?. Here we discuss how to get started with Amazon VPC along with features, advantages and use cases. You may also look at the following article to learn more –