Content ITV PRO
This is Itvedant Content department
Exploring Networking essentials in AWS
Understanding VPC Gateways
Learning Outcome
5
Compare different VPC connectivity options
4
Learn what Transit Gateway is
3
Learn what an Internet Gateway (IGW) and NAT Gateway is
2
Understand CIDR notation and IP ranges
1
Understand what a VPC Gateway is
Earlier, we learned that
Airport & Transportation System
Think of a city with airports and highways
Airport gates connect the city to the outside world
One-way exits allow people to leave safely
Security checkpoints control traffic
Highways connect multiple cities
AWS VPC uses gateways and connections to control how traffic enters, exits, and moves between networks
What is a VPC Gateway?
A VPC Gateway is a component that connects a VPC to
-
The internet
-
Other VPCs
-
On-premises networks
Gateways manage traffic entry and exit points
What is an Internet Gateway (IGW)?
An Internet Gateway:
- Connects a VPC to the public internet
- Enables inbound and outbound traffic
-
Is highly available and managed by AWS
-
Required for public subnets
How Internet Gateway Works
For internet access, the following are required
An attached Internet Gateway
Public IP or Elastic IP
Route table entry pointing to IGW
Used mainly for
Web servers
Public APIs
Load balancers
What is a NAT Gateway?
NAT (Network Address Translation) Gateway
-
Allows private subnet resources to access the internet
-
Blocks inbound internet traffic
- Improves security
-
Fully managed by AWS
Private resources stay hidden but can go out
NAT Gateway Use Case
Databases or app servers need updates
Private instances call external APIs
Security requires no inbound internet access
NAT Gateway is placed in a public subnet
Internet Gateway vs NAT Gateway
|
Feature |
|
Internet Gateway |
|
NAT Gateway |
Internet Access
Subnet Type
Security Level
Public IP Required
|
Inbound & Outbound |
Public
Lower
Yes
Outbound only
Private
Higher
No (for private resources)
What is a Network ACL (NACL)?
Acts as a firewall at subnet level
Controls inbound and outbound traffic
Stateless (rules must be defined both ways)
Evaluates rules in order
Provides an additional security layer
Steps to Create a VPC
Create VPC
Define VPC CIDR block
Create Subnets
Public and private subnets
Create Internet Gateway
Attach IGW to VPC
Configure Route Tables
Public route → IGW
Private route → NAT
Create NAT Gateway
Place in public subnet
Assign Elastic IP
Configure Security
Security Groups
Network ACLs
Launch Resources
EC2 instances
Databases
What is Transit Gateway?
Central hub for connecting multiple VPCs
Simplifies complex network architectures
Scales to thousands of connections
Used instead of many VPC peerings
What is VPC Peering?
Connects two VPCs privately
Traffic stays on AWS network
No internet required
One-to-one connection
Route Tables
Each subnet must be associated with a route table
Route tables define:
Where network traffic should go
Common routes
Local VPC traffic
Internet traffic
NAT traffic
Acts at instance level
Works at subnet level
Security Groups
(Stateful)
Network ACLs
(Stateless)
Primary security for EC2
Secondary layer of security
Return traffic must be explicitly allowed
Allow and deny rules
Return traffic is automatically allowed
Only allow rules
Security Group VS NACL
Summary
4
Security Groups and NACLs secure the network
3
VPC provides isolated cloud networking
2
CIDR defines IP ranges
1
Networking enables communication
Quiz
Which AWS component allows private subnet resources to access the internet without being exposed?
A. Internet Gateway
B. Security Group
C. NAT Gateway
D.Route Table
Quiz-Answer
Which AWS component allows private subnet resources to access the internet without being exposed?
A. Internet Gateway
B. Security Group
C. NAT Gateway
D.Route Table
understanding VPC
By Content ITV
