AWS VPC(Virtual Private Cloud), Does that sound scary?

Let me explain AWS VPC in 5 mins

What is AWS VPC?

· Amazon Virtual Private Cloud (Amazon VPC) is implicit networking technology that is a native fit for operating Microsoft program elements on AWS.

· Amazon VPC separates the network and permits you to build your private network subnets and separate application layers into interface subnets for a larger level of control.

· In addition, VPC enables you to define your private latent IP addresses or DHCP from a range of known IP addresses.

· In this above image, we utilize various subnets to separate various tiers of the infrastructure.

· We have one “public subnet” that is competent of getting Internet traffic, and that’s to place our AWS (ELB) Elastic Load Balancer.

· Then we utilize network routes to enable connection between subnets, but we do according to our principle of least privilege.

Guidelines for Creating a Virtual Private Cloud (VPC)

· A VPC is a logically isolated, virtual network mapped to your AWS account. You can launch EC2 instances into your VPC(s) and have full control over IP address range, subnets, route tables, gateways and network security settings.

When creating a VPC there are several items to consider:

· In typical three tier application architecture you’ll want to separate each of the tiers into separate security groups and potentially separate subnets.

Recommendations:

Create separate security groups for your web, application and database tiers to give you granular access control

Use a bastion host in a public subnet to act as a gateway to your non internet accessible instances in private subnets. Using multi-factor authentication adds an additional layer of security.

Place your application and database instances in a private subnet to make then inaccessible from the internet

Amazon VPC with Public and Private Subnets

· Amazon VPC provides clients with various options for inter relating their AWS implicit networks with other isolated networks.

· VPC combined with Public and Private Subnets, provide an extra layer of Security without sacrificing Internet access for the servers that need it. The diagram below illustrates this point.

· The above image is suggested that if you want to run a public-facing web application, while managing back-end servers which are not publicly obtainable.

· A common example is a multi-tier website, with web servers in a public subnet and the database servers in a private subnet.

· You can set up routing and security so that the web servers can interact with the database servers.

· The cases in the public subnet can get inbound traffic straight from the Internet, whereas the cases in the private subnet cannot.

· Instances in the private subnet can locate the Internet by using a (NAT) network address translation instance that you launch into the public subnet.

What is VPC Peering?

· This connection is a networking association between two VPCs that allows you to trace the traffic between them by using private IP addresses.

· Cases in either VPC can interact with each other, only if they are inside the similarly network.

· You can build a VPC peering connection within your individual VPCs, or with a VPC in different AWS account inside a single region.

· AWS utilizes the current base of a VPC to build VPC peering connection; it is not a VPN connection or a gateway, and does not rely on a different portion of physical hardware.

· There is no single point of failure for communication or a bandwidth bottleneck.

· A VPC peering connection can help you to facilitate the transfer of data; for example, if you have many AWS account, you can peer the VPCs over these accounts to create a file sharing network.

· You can also use a VPC peering connecting to enable other VPCs to locate resources which you have in your VPCs.

Access Control Lists

· Network access control lists (ACLs) can be connected to any network subnet in a VPC and produce a route for you to do stateless filtering of traffic.

· Network ACLs can be utilized for outbound or inbound traffic and produce an efficient way to blacklist an individual IP address or CIDR block.

· These ACLs can include ordered rules to accept or reject traffic, based upon service port, source/destination IP address or IP protocol.

· Illustrated here you could set a rule that would allow administrative traffic to come inbound on port 1433 from a specific set of IP addresses.

What is Elastic IP Address?

· An (EIP) Elastic IP address is a latent IP address created for effective cloud computing.

· With EIP, you can hide the crash of an instance or software by quickly remapping the position to another case in your account.

· Your EIP is associated with your AWS account, not a particular instance, and it remains associated with your account until you choose to explicitly release it.

Internet Gateways

· By default, cases that you drive into a (VPC) virtual private cloud can’t interact with the Internet.

· You can facilitate a path to the Internet from your VPC by adding an Internet gateway to the VPC, assuring that your cases have a public IP address, creating a custom route table, and updating your security group rules.

· Your default VPC comes with an Internet gateway, and instances launched into a default subnet receive a public IP address by default, unless you define otherwise through begin, or you change the subnet’s public IP address quality.

· Therefore, cases that you start into a default subnet can undoubtedly state with the internet.

What is AWS Direct Connect?

· AWS Direct Connect (DC) makes it simple to build a committed network link from your bases to AWS.

· Using AWS DC, you can set a separate connectivity b/w AWS and your colocation environment, office, or datacenter in which many problems can decrease your network prices, improve bandwidth, and gives a more constant network than Internet-based connections.

· It allows you build a constant network connection b/w your network and anyone of the AWS DC locations.

· Using industry pattern 802.1q VLANs, this constant connection can be divided into various virtual interfaces.

· This enables you to utilize the same connection to obtain public resources like objects saved in Amazon S3 using known IP address space, and private sources such as Amazon EC2 cases running within an Amazon (VPC) Virtual Private Cloud utilizing private IP space while managing network detachment between the public and private environments. At any time the Virtual interfaces can be reconfigured to fit your changing needs.

What is Amazon Route 53?

· Amazon Route 53 is extremely accessible and extensible cloud (DNS) Domain Name System web service.

· It is created to give businesses and developers an extremely secure and cost-efficient way to direct the users to Internet demands by changing URL’s/ links like www.example.com into the numerical IP address like 192.0.2.1 that networks use to relate to each other.

· Amazon Route 53 efficiently relates user applications to infrastructure operating in AWS — such as Elastic Load Balancing load balancers, Amazon EC2 instances, or Amazon S3 buckets — and can also be utilized to direct the users to infrastructure which is outside of AWS.

· You can also utilize Amazon Route 53 to build DNS health checks to track traffic to healthy endpoints or to individually observe the health of your application and its endpoints.

· For example, the endpoints shown here expand from one end of Globe to the other. Route 53 helps ensure the data is routed as expected.

What is VPC Endpoints?

· A VPC endpoint permits you to build a private connection between your VPC and other AWS service without any access over the Internet, through a VPN connection, AWS Direct Connect or NAT device.

· VPC Endpoints are horizontally balanced, repetitive, and highly usable VPC components that permit conversation between instances in your AWS services and VPC without forcing risks or bandwidth restrictions on your network traffic

--

--

--

So here I'm, a tech-savvy woman, navigating my way through this world, carving my niche.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

In-house vs outsourcing software development

Header showing a person choosing between in–house and outsourcing software development.

Reactive Extensions in .NET Core

Salesforce — Sr. Enterprise Architect — Data

What is Cloud-Oriented Architecture?

How to create a video-conferencing app like Zoom?

How to Build Your Own Tailor-made IoT Linux OS (Part 3)

Week 13 Retrospective

The Politics of Programming

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Senior Data scientist at IBM, Kristian Sawin

Senior Data scientist at IBM, Kristian Sawin

So here I'm, a tech-savvy woman, navigating my way through this world, carving my niche.

More from Medium

AWS (Amazon Web Services)

How to use AWS Instance Scheduler for RDS in multiple accounts

AWS Manager — Manage resources and services

The Amazon Cloudfront CDN within our AWS Manager