AWS VPC

A VPC (Virtual Private Cloud) is a logically isolated network within a cloud provider (like AWS) where you can launch and manage your resources (EC2 instances, RDS, EKS, etc.) securely.

Key Components of an AWS VPC

• Subnets: Logical divisions of a VPC IP range that map to specific Availability Zones, used to organize and isolate resources (by route table and NACL).

• IP Addressing: Supports IPv4 & IPv6; you can assign AWS-provided or bring-your-own IPs to resources like EC2, NAT, or Load Balancers. (mechanism to uniquely identify resources)

• Routing: Route tables define how traffic flows within the VPC and to external networks.

• Gateways & Endpoints:

  • Internet Gateway → connect VPC to the internet for public subnets.

  • NAT Gateway → Allows resources in private subnets to access the internet. (NAT must sit in Public subnet)

  • VPC Endpoints → private access to AWS services without internet exposure. (Secure communication between VPC resources and AWS services.)

• VPC Peering: Direct communication between two VPCs without using the internet. (VPC A and VPC C can't communicate to solve this use TRANSIT GATEWAY)

• Transit Gateway: Central hub to connect multiple VPCs, VPNs, and Direct Connect links. replacing multiple peering connections with a single point.

• Traffic Mirroring: Duplicate traffic from network interfaces for monitoring & security analysis.

• VPC Flow Logs: Capture IP traffic details for auditing, troubleshooting, and monitoring.

• VPN Connections: Secure tunnels to connect on-premises networks with your AWS VPC.

• Security Groups & NACLs: Act as virtual firewalls to control inbound and outbound traffic.