Virtual Private Cloud

Virtual Private Cloud (VPC) allows you to create a private, isolated network within AWS. It enables you to deploy resources in a secure environment, control networking configurations, and define access rules. A VPC is similar to having your own section of the internet within AWS, where you can launch AWS resources in a logically isolated network.

Imagine you want to set up a private, secure, and isolated area in the cloud where you can run your applications and store your data. This is where a VPC comes into play.

Just like a physical network, a VPC has its own set of rules and configurations.
You can define the IP address range for your VPC and create smaller subnetworks within it called subnets. These subnets help you organize your resources and control how they communicate with each other.

Default VPC Automatically created when an AWS account is set up. Includes subnets, an internet gateway, and default security settings.

Custom VPC Manually created VPCs with user-defined subnets, route tables, and security configurations. for application or poject

To connect your VPC to the internet or other networks, you can set up gateways or routers. These act as entry and exit points for traffic going in and out of your VPC. You can control the flow of traffic and set up security measures to protect your resources from unauthorized access.

With a VPC, you have control over your network environment. You can define access rules, set up firewalls, and configure security groups to regulate who can access your resources and how they can communicate.

Key Components of a VPC

A subnet must reside in a single Availability Zone. After you add subnets, you can deploy AWS resources in your VPC. | | IP Addressing | You can assign IP addresses, both IPv4 and IPv6, to your VPCs and subnets. You can also bring your public IPv4 and IPv6 GUA addresses to AWS and allocate them to resources in your VPC, such as EC2 instances, NAT gateways, and Network Load Balancers. | | Route Tables | To determine where network traffic from your subnet or gateway is directed. | | Security Groups | Acts as a virtual firewall for instances (EC2 instances or other resources) within a VPC. It controls inbound and outbound traffic at the instance level. Security groups allow you to define rules that permit or restrict traffic based on protocols, ports, and IP addresses. | | Network ACLs (NACLs) | Stateless firewall that controls inbound and outbound traffic at the subnet level. It operates at the IP address level and can allow or deny traffic based on rules that you define. NACLs provide an additional layer of network security for your VPC. | | Gateways and endpoints | A gateway connects your VPC to another network. For example, use an internet gateway to connect your VPC to the internet. Use a VPC endpoint to connect to AWS services privately, without the use of an internet gateway or NAT device. | | Peering Connections | Enable communication between different VPCs. | | Transit Gateways | Act as a hub for routing traffic between multiple VPCs,
VPN connections, and AWS Direct Connect connections. | | VPC Flow Logs | A flow log captures information about the IP traffic going to and from network interfaces in your VPC. | | VPN Connections | Securely connect an on-premises network to a VPC. | | Traffic Mirroring | Copy network traffic from network interfaces and send it to security and monitoring appliances for deep packet inspection. |

Security Features

Connecting a VPC to the Internet

Regions and Availability Zones

AWS VPCs are region-specific but can span multiple Availability Zones (AZs). An AZ is a physically separate data center with independent power, cooling, and networking. Subnets are confined to a single AZ, but a VPC can contain subnets across multiple AZs to enhance redundancy and availability.

For additional details and best practices, refer to : AWS VPC Documentation