VPC

WTF is a VPC

A virtual network dedicated to your AWS account.

 

 

It resembles a traditional network that you’d run in our own data center, with the benefits of using the AWS infrastructure.

 

 

Bare metal VPC 👉

10.0.0.0/16 | 10.0.0.0 to 10.0.255.255

Availability Zones

Distinct locations that are engineered to be isolated from failures in other Availability Zones.

 

 

A VPC spans all of the Availability Zones in the Region. We are in US East 1 N. Virginia

Subnets

A sub network of our virtual network. Essentially a range of IP addresses in your VPC. The range will be a CIDR range that is a subset of the VPC CIDR in each availability zone.

 

Subnets

3 Types of Subnets:

  • Public - traffic is routed to an internet gateway

 

  • Private - doesn’t have a route to the internet gateway

 

  • VPN Only - traffic routed to a virtual private gateway for a Site-to-Site VPN connection

Route Tables

Route tables are the rules that  determine where network traffic is directed, and are applied by the the implicit router that each VPC possesses. 

Each subnet in your VPC must be associated with a route table, which controls the routing for the subnet.

Each rule defines a destination, where the traffic is going, and a target, which is the means to get to the provided destination. 

This rule sends all traffic to an internet gateway

Internet gateways

A gateway that enables internet access to and from instances in subnet of the VPC

This gateway provides a target in your VPC route tables for internet-routable traffic

Additionally these gateways perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.

 

NAt Gateway 

Enables instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances

Nat Gateways must live in a public subnet

Security Groups

Are essentially firewalls

Unlike traditional firewalls they are less rigid and only allow us to specify permissive rules.

If a data packet has no particular rule that permits it to go through, it will be dropped instantly.

By default all traffic is denied.

deck

By Damien Russell

Made with Slides.com

deck

  • 175

More from Damien Russell