AWS Virtual Private Cloud (VPC)
The following article provides an outline for What is Amazon VPC? Amazon virtual private cloud allows you to launch AWS resources into a virtual network that is per-defined. It provides commercial cloud computing services where users can access amazon elastic compute cloud over an IP-based virtual network. The main feature of this is the user chooses his unique IP address range, subnets, a configuration of network paths, and route cables. It is designed to give much more granular security by providing a public subnet for web servers with internet connections and make your backend database or application servers in a private subnet with no internet connection.
Getting Started with Amazon VPC
Before starting with tasks, log in with amazon credentials or create a free AWS account. Users can connect to Amazon VPC through two ways IPv4 or IPv6.
There are five major steps to start with amazon VPC:
- Create the VPC
- Create your security group
- Launch an instance into your created VPC
- Assign an elastic IP address to your created instance
- Clean up
1. Creating a Virtual Private Cloud
To create a VPC using the Amazon VPC wizard in the Amazon VPC console. Then create a VPC with a/16 IPv4 CIDR block. It is a network with 65,536 private IP addresses and attaches an internet gateway to the created VPC. Create a subnet with a size in the range of 256 private IP address. Custom your route table and assign it to the subnet to control the traffic between the subnet and internet gateway
To view any info about your VPC, follows the below steps:
- Login to Amazon VPC console.
- In the navigation panel, in your VPCs columns, take a note of your VPC name and VPC ID.
- In the navigation panel, select subnets; it displays the name and date created and to which VPC it belongs. Internet Gateways column helps you to provide the way it is attached to a subnet.
- The Route table is identified in the navigation panel, but you can find two rows in it.
- The first row in the route table is the default and local route way, and it cannot be changed, and it is the one that allows the instance to communicate with VPC.
- The second row shows the route between the subnet to the internet gateway. Here amazon VPC wizard is connected to ensure the traffic flow to IP address outside the VPC.
2. Create a Security Group
Your VPC comes with default security groups, but you can add or delete some set of rules according to the behavior of instances. To control the incoming traffic, add inbound rules and outgoing traffic from instances and add outbound rules. The security group acts as a virtual firewall and control the traffic between the related instances.
Set of rules:
Creating WebserverSG Security Group:
- Log in to your Amazon VPC console.
- In the navigation panel, select security groups, then create security groups.
- In the Group Name field, provide the name and description of webserverSG.
- On the inbound rules tab, edit as follows.
- Select HTTP from the Type list. In the source, field enter 0.0.0.0/0.
- To add another rule repeat the same in the source field and select SSH if it is a Linux or RDP if it is a Windows server.
- Another important point is that in the production environment, it is unsafe to use 0.0.0.0/0 the same for all IP addresses to control the instance. It is applicable only for smaller exercises.
- Click on Save.
3. Launch an Instance into your VPC
- Log in to your Amazon EC2 console.
- From the dashboard, launch instance. Based on your server, you can choose amazon Linux AMI or Amazon Windows AMI.
- You can select the default selection on choosing an instance type page.
- To configure instance details, select network and subnet list.
- Select WebServerSG in the configure security group and move on to review and launch.
- Choose the existing key pair or create a new one. Then download the file and save it in a secure location.
- Before selecting Launch instances to check on details and description of instances.
4. Assigning an Elastic IP Address to Instance
- Login to Amazon VPC console.
- Choose elastic IP in the navigation panel.
- Select allocate new address then allocate.
- Select an IP address from the list, select actions and then associate address.
- In Resource type, select the instance from the Instance list and click associate.
5. Clean Up
In the navigation pane, choose Your VPCs, select actions and delete VPC.
Features of Amazon VPC
Following are the features of Amazon VPC:
- Create your version in IPv4 or IPV6 as per your reliability.
- Bridge your VPC to other SAAS or your on-site IT infrastructure.
- Enable VPC security groups and VPC flow to log information about the traffic.
- Provide services include DynamoDB, S3, EC2 system manager, service catalog, ELB API, EC2 API, and Amazon SNS plays an important role in disaster recovery by taking periodic backups. It has multiple connectivity actions.
Advantages of Amazon VPC
Given below are the advantages mentioned:
- Provide constant scalability and reliability by making the resources up and down as per your requirement.
- Higher-level managed services.
- It provides advanced security options and enables storing your data securely with inbound and outbound filtering, security groups, and a network access control list.
- You can pay for what you use. So it requires only a minimum operating cost.
- Simple and user-friendly.
VPC with the single public subnet. It is used to run a simple process.
- VPC with public and private subnet: It created VPC which runs in the public-facing web page, but in the backend, it cannot be accessed publicly
- VPC with public and private subnet and AWS site-to-site VPN access: By creating VPC, it is used to extend and provide direct internet access to your data centers.
- VPC with private subnet only and AWS site-to-site VPN access: By creating VPC, it is used to extend the data center and leverage amazon infrastructure without exposing your network to internet gateways.
It is affordable, reliable, and provides us with a built-in security system. You can easily customize your configuration according to business needs. It ties hand with Big switch networks, Blue hexagon, Corelight, Extrahop, Fidelis, Fireeye, Flowmon, etc.
This is a guide to What is Amazon VPC? Here we discuss how to get started with Amazon VPC along with features, advantages, and use cases. You may also look at the following article to learn more –