VPC
VPC (Virtual Private Cloud)
This is your private section of AWS, where you can place AWS resources, and allow/restrict access to them.
exists within a single AWS region
user defined IP address range
Internet gateway (IGW)
Provides your private network with a route to the world outside of VPC.
IGW <one-to-one> VPC
Route tables RTs
RTs contains rules (routes) that are used to determine where network traffic is directed.
172.31.0.0/16 local
if destination IP address falls in this range => communication is kept local inside VPC
0.0.0.0/0 igw-<some-id>
if destination IP is not in the range above (172.31...) => communication is directed through the IGW out to the internet
Network Access Control List (NACL)
It is a optional layer of security for VPC that acts like a firewall for controlling traffic in and out of one or more subnets.
Rules:
numbered (processed from lowest to highest)
The first rule evaluated that applies to the traffic type get immediately applied and executed regardless of the rules that come after (have a higher rule #)
"*" is a default (i.e. if you do not explicitly allow traffic => default rule will DENY it)
💡 Subnet <-1-1-> Network ACL (subnet can be in only one NACL)
⚠️ Whenever you have a problem with connectivity of services => check NACL
Subnet
💡 One subnet can not span more than one availability zone.
Subnet <=> Route table. So if Route table does not have a route to internet => Subnet is private.
Availability zone
When you create a VPC => it spans all of the Availability zones in the region. After creating a VPC, you can add one/more subnets in each Availability zone.
High availability
I can always access my data in the cloud
My website never crashes and it always available to customers
Fault tolerance
If web server failed => backup server immediately takes over
If something in the system fails => it can repair itself
Last updated
