Navigating Your Private Cloud: A Beginner's Guide to Amazon VPC

What is Amazon VPC?

Imagine you have your own little town. This town is special because it’s just for you and the things you want to keep safe, like your toys or your secret hideouts. Amazon VPC (Virtual Private Cloud) is like having a town on the internet where you can keep all your computer programs and data safe and secure. You can decide who is allowed to come into your town and who can see or use your stuff.

Main Parts of Amazon VPC

Let’s look at the parts of your town (Amazon VPC) and what they do:

1. Subnets:

   • What It Is: Think of your town having different neighborhoods. One neighborhood might be for homes, another for schools, and another for parks.

   • What It Does: Subnets determine where in your VPC certain resources (like computers and databases) will live. You can have some subnets connected to the internet, and others that are not, based on what needs more security.

   • Subnets reside with in a single availability zone.

2. Route Tables:

   • What It Is: Consider how you know the way to school or the park. Route tables are like maps that show the roads and paths in your town.

   • What It Does: Route tables direct traffic within your VPC. They can tell data how to move between subnets or how to leave the VPC to reach the internet.

   • Multiple subnets can be associated with one route table.

3. Internet Gateways:

   • What It Is: Imagine your town has a main gate. If you want to go out to the city or let visitors in, they have to pass through this gate.

   • What It Does: Internet gateways allow communication between resources in your VPC and the internet. This lets you send and receive data from outside your VPC.

   • A VPC can have 1 Internet Gateway and Internet Gateway should be attached to one VPC at a time and this are region resilient.

4. Security Groups and Network ACLs:

   • What They Are: These are like the rules for who can come into your house or your town. Security groups are rules for each house or place in town, like saying, “Only my family and my best friend can come in.” Network ACLs are rules for the whole town, like saying, “Only people from these places can come into our town.”

   • What They Do: Security Groups act as virtual firewalls for your servers, controlling inbound and outbound traffic at the instance level. Network ACLs act as a firewall for controlling traffic at the subnet level, offering an additional layer of defense.

   • Every subnet with in the VPC must be associated with a NACL

   • You can associate a NACL with multiple subnets but a subnet can be associated with only one NACL at a time.

5. VPC Endpoints:

   • What It Is: Sometimes, you might want to send a message directly to your grandma’s house without going through the main town gate. A VPC endpoint is like a secret path that goes straight from your house to grandma’s house.

   • What It Does: VPC Endpoints allow private connections between your VPC and other AWS services without traffic traveling over the internet. This makes interactions with other services more secure and faster.

6. NAT Devices:

   • What It Is: Imagine if you could send a robot outside the town to pick up pizza and groceries and bring them back without anyone knowing where it came from. A NAT device is like that robot.

   • What It Does: NAT devices enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.