Amazon VPC is a commercial cloud service that helps you to launch AWS resources into a virtual network, defined by you. It offers advanced features for security such as security groups and network access control list, and you can also customize the network configuration by creating a public-facing subnet for your web server.
If you want to gain expertise in cloud, or upskill your cloud credentials- you definitely need to know about AWS.
What is AWS VPC?
AWS- Amazon Web Services is a leading cloud service provider. It is a subsidiary of Amazon, and it provides on-demand cloud computing platforms to individuals, companies and governments. It offers services like Amazon Virtual Private Cloud.
VPC provides a virtual network to your AWS resources. You will have full control over your virtual networking environment. You can select your IP address range, create subnets and configure the route tables and network gateways.
History of AWS VPC:
AWS started virtual networking by introducing “EC2-Classic”. Later, EC2-classic got discarded because the AWS network was being shared with other AWS tenants, that means the virtual network was not private for your account. Since it was not private, we needed a more secure network for the people who used to maintain their network. Therefore, AWS came up with a substitute of EC2- classic and introduced EC2-VPC, also known as Amazon VPC.
What is AWS VPC peering?
AWS VPC peering is a connection facility that helps to connect two VPCs. It enables you to route traffic between the two VPCs by using private IPv4 addresses or IPv6 addresses. The VPC peering allows you to communicate with your VPCs and with a VPC in another AWS account. In addition to that, It can also connect VPCs in different regions. It is known as the inter-region VPC peering Connection.
The VPC peering helps to transfer files. If you have two AWS accounts, you can quickly move the files across those accounts. In fact, there is an option that gives access to your VPC resources to any other VPC.
Inter region VPC enables VPC resources that run in different AWS regions to communicate. It does not require Gateways, VPN connections and separate network appliances. You can do inter region VPC by using only private IP addresses.
What are AWS VPC Flow Logs:
VPC flow log is a feature of VPC that allows you to capture the information about the IP traffic going to and from network interfaces in your VPC. Amazon CloudWatch Logs or Amazon S3 can publish it. After creating the flow log, you can retrieve the data in the destination you chose.
After creating the flow log, it takes a couple of minutes to publish the flow log on the chosen destination.
What are the flow log records?
Flow log record shows network flow in your VPC. By default, IP traffic flow is captured by each record that occurs within an aggregation interval which is also known as a capture window.
The record includes values for different components of the IP flow that consists of the source, destination, and protocol. This is done by default, but you can also use a custom format if you want to make any changes.
Flow Log limitations:
There are some limitations that you need to keep in mind while using Flow log:
- Flow logs do not work for network interfaces that are in EC2-classic platforms.
- If VPCs have peered with your VPC, but you don’t have access to them, the flow logs won’t work.
- You can’t change the configuration or the flow log record format after creating the flow log.
AWS VPC Architecture:
The AWS VPC architecture includes private and public subnets. The set of first private subnets share default network access control list (ACL) from Amazon VPC. The second set of private subnets is optional and includes dedicated custom network ACLs per subnet.
You can build a VPC environment with the following AWS features:
- There are four availability zones made for disaster recovery and high availability. They are geographically distributed within a region and provide stability at the time of natural disaster.
- There are separate subnets available for unique routing requirements. Public subnets are for external-facing resources, and private subnets for internal-facing resources are highly recommended.
- Use network access control list (ACLs) to control inbound and outbound traffic. It helps you to create a network that is ACL protected subnet and present in each availability zone.
- NAT gateways offer unique advantages in terms of deployment, maintenance, and availability. Therefore, always go for highly NAT gateways rather than NAT instances.
- The first step is that you need to open the Amazon VPC console.
- Go to the navigation pane and click ‘VPC dashboard’. Locate the ‘Your Virtual Private Cloud’ area of the dashboard (if you don’t have any VPC resources) and click on ‘Get started creating a VPC’. In case you have VPC resources, click on ‘Start VPC Wizard’.
- Select the ‘VPC with a Single Public Subnet’ option.
- Enter the information given below in the wizard and then click ‘Create VPC’.
What is AWS VPC Pricing:
Amazon does not charge you any additional amount to use AWS VPC service. You need to pay for the standard Amazon EC2 usage charges.
NAT Gateway Pricing:
(For China region)
If you want to create a NAT gateway in your VPC, it will charge you for each “NAT Gateway-hour” so that your NAT gateway is available. Furthermore, you will also incur standard AWS data transfer charges for all data transferred through the NAT gateway.
What is AWS VPC Endpoint:
A VPC endpoint helps to connect privately to your VPC to support AWS service and VPC endpoint services, which are powered by AWS PrivateLink. It does not require any internet gateway, VPN connection, NAT device, or AWS direct connect Connection for this. Your VPC instances don’t need public IP addresses to communicate with resources in the service.
The critical concepts of VPC endpoints are:
The VPC endpoint is the entry point in your VPC. It helps you to connect to service privately. Some VPC endpoints are- Gateway endpoint, Interface endpoint, and Gateway load balancer endpoint.
Endpoint service provides its service in your VPC. Other AWS principles can create the endpoint from another VPC to your endpoint service.
AWS PrivateLink is a technology that provides private connectivity between services and VPCs.
How to create VPC in AWS?
Let us look at the formula of creating a new VPC:
IP CIDR block
ADS Subnet 1
Enable DNS hostnames
Leave default selection
After some time, your VPC will be created. And once you create it you need to follow the instructions given below to add a second subnet.
AWS service requires two subnets in your VPC. Both subnets must have different availability zones. By using the VPC wizard, you can only create one subnet, the other one you need to create manually. Follow the steps mentioned below to create the second subnet.
First, you need to open the Amazon VPC console.
Click on the navigation pane and select ‘Subnets’. Select the subnet with the name ‘ADS Subnet 1’, and then click on the ‘Summary’ tab located at the bottom of the page. Check the availability zone of this subnet.
Click on ‘Create Subnet’ and enter the information given below:
ADS Subnet 2
Select your VPC. This is the VPC with the name ADS VPC.
Select any Availability Zone other than the one noted in step 2. The two subnets used by AWS Directory Service must reside in different Availability Zones.
AWS VPC Interview Questions:
Some commonly asked questions on an Interview are:
What are the components of Amazon VPC?
- VPC itself is the major element in Amazon VPC. It is a separate part of the AWS Cloud.
- Internet Gateway is the second element. It is the connecting point between the public Internet and your VPC.
- The third element of Amazon VPC is the NAT Gateway. NAT stands for Network Address Translation. NAT Gateway is a highly available NAT service for your resources in a private subnet to access the Internet.
- The fourth element is the Hardware VPN connection. It is a hardware-based VPN connection that connects a data centre, home network or co-location facility to your Amazon VPC.
- Private Gateway is the fifth element of Amazon VPC. It is the Amazon VPC side of a VPN connection.
- Peering Connection is the sixth element of Amazon VPC. It enables you to route traffic via private IP addresses between two peered VPCs.
- VPC Endpoint is the last element of Amazon VPC. It allows you to control the access of Amazon S3 using VPC endpoint policies.
What is a NAT device?
A NAT device enables instances to trigger outbound IPv4 traffic to other AWS services while hindering inbound traffic started on the Internet. Moreover, the IP address gets replaced by the NAT device’s address when the traffic goes to the Internet. When the response comes back to the instances, the device translates the address back to the private IP addresses. There are two types of NAT devices- NAT instances and NAT gateway.
What is the default VPC? Explain its advantages.
Default VPC is a virtual network. It gets created automatically in the AWS cloud when the user makes use of Amazon EC2 resources for the first time.
You can alter the components of default VPC according to your need. One of the advantages of default VPC is that through this, a user can access high-level features such as different IPs network interfaces without even creating a separate VPC.
What is VPS?
VPS stands for Virtual Private Server. It is a host server offered by web hosting companies like GoDaddy. A single host is divided into multiple virtual units, and each has an independent feature. Each of these units can work independently, without depending on each other.
AWS certification course will help you to become a cloud professional. It will help you to build credibility and confidence. If you want to do this course, enroll with us now!
We provide the best AWS training under Industry experts. If you want to make your career in AWS, join our top class AWS training.
AWS VPC FAQs
You will be charged for Amazon web services like Amazon EC2. But there are no additional charges for using VPC. Other than that, if you connect your VPC to a corporate data centre using the optional hardware VPN connection. It will charge you on a per hour basis. Data transferred over actions is charged at standard AWS data transfer rates.
No, the same CIDR blocks in the same VPC cannot have multiple subnets because AWS treats it as one continuous network. There is a default VPC CIDR, that is 172.31. 0.0/16. AWS only lets you use one of these in your VPC: 10.0.0.0/8 , 192.168.0.0/16 or 172.16.0.0/12.
AWS free tier has a limit of 62 budget days per month. Therefore, creating a single budget falls within the AWS free tier limit. The AWS free tier eligible service usage is free.
A VPC peering is a way to connect two VPCs that helps to route traffic between them. It uses IPv4 and IPv6 addresses. Instances in these VPC can connect with each other as if they are within the same network.
AWS VPC tutorial is given below;
- First, click on the VPC dashboard in the navigation pane.
- Select the second option-VPC with a single Public subnet.
- Enter the required information into the wizard and click on ‘Create VPC’.
- After some time, your VPC will be created.
VPC helps to build a virtual network in AWS cloud. It does not require VPN, hardware or any physical data centers. It helps you to create your own network space. A VPC in your AWS makes your work easier by providing you your own data center with the benefits of using the scalable infrastructure of AWS.