βœ… Day 11 of My Cloud Journey ☁ – AWS VPC Basics: Subnets, IGW & NAT Gateway Explained πŸ›‘οΈπŸŒ

Pratik DasPratik Das
4 min read

Table of contents

Today I stepped into the networking side of AWS β€” learning about the backbone of secure and scalable cloud deployments: Amazon VPC (Virtual Private Cloud).

Mastering networking in the cloud is essential for building production-ready, secure, and scalable architectures. Whether it's hosting a secure app, launching a database, or creating a multi-tier application β€” it all starts with VPC!

πŸ” What is a VPC?

A Virtual Private Cloud (VPC) is a logically isolated network inside AWS that you define. You can control:

  • IP address ranges (CIDR blocks)

  • Subnets

  • Route tables

  • Internet access

  • Firewalls

  • Gateways

It’s like having your own virtual data center β€” where you can run resources (like EC2, RDS, Lambda) in a highly secure and customizable environment.

🧩 Core VPC Components I Explored Today:

πŸ”Έ 1. Subnets

A subnet is a segment of a VPC's IP address range where you can place AWS resources. There are two types:

  • Public Subnet – Connected to the internet via Internet Gateway.

  • Private Subnet – No direct access to the internet (great for databases, backend services).

You can split your application architecture:

  • Frontend in a public subnet

  • Backend or DB in a private subnet

πŸ”Έ 2. Internet Gateway (IGW)

An Internet Gateway enables instances in a public subnet to connect to the internet. Without it, your EC2 instances in public subnets cannot access or be accessed from the web.

βœ… I attached an IGW to my VPC
βœ… Updated route tables to allow 0.0.0.0/0 access through IGW

πŸ”Έ 3. NAT Gateway

A NAT (Network Address Translation) Gateway allows instances in private subnets to access the internet (for updates, packages) without being exposed to inbound internet traffic.

βœ… I placed the NAT Gateway in a public subnet
βœ… Added a route in private subnet’s route table to point 0.0.0.0/0 to the NAT Gateway
βœ… Tested internet access from EC2 in private subnet β†’ Worked perfectly!

πŸ’‘ Why Use Public & Private Subnets?

Separating your application tiers into public and private subnets boosts security. For example:

  • Web server (NGINX): Public subnet

  • Database (MySQL/PostgreSQL): Private subnet

  • Backend service: Private subnet

  • NAT Gateway: Public subnet

This setup is the backbone of multi-tier architecture, where each layer is isolated and follows the principle of least privilege.

πŸ›  Hands-on Tasks I Completed:

1️⃣ Created a custom VPC with custom CIDR block
2️⃣ Added 2 public and 2 private subnets across multiple availability zones
3️⃣ Attached and configured an Internet Gateway
4️⃣ Created a NAT Gateway in a public subnet
5️⃣ Set up custom route tables
6️⃣ Launched EC2 instances in both subnet types
7️⃣ Connected via SSH and tested access/connectivity
8️⃣ Verified internet access from private subnet via NAT

🧠 Key Learnings:

βœ… How routing works between private/public subnets
βœ… Why NAT Gateway is essential for secure outbound traffic
βœ… How Internet Gateway enables global access to cloud servers
βœ… How to isolate workloads and restrict public access
βœ… Difference between Security Groups and Route Tables

🌍 Real-World Use Cases of VPC:

πŸ”Ή Host static or dynamic web apps with secure backends
πŸ”Ή Run databases securely without internet exposure
πŸ”Ή Set up secure hybrid networks with VPN or Direct Connect
πŸ”Ή Create multi-tier application environments (frontend, backend, DB)
πŸ”Ή Build isolated test environments or dev/staging infrastructure

πŸ” Best Practices I Noted:

πŸ” Keep all critical services (e.g., DB, APIs) in private subnets
πŸ” Enable VPC Flow Logs for monitoring and troubleshooting
πŸ” Use IAM roles, not hardcoded credentials
πŸ” Use Security Groups for instance-level security and NACLs for subnet-level
πŸ” Avoid assigning public IPs unnecessarily
πŸ” Use multiple AZs for high availability

πŸ“Œ What’s Next?

πŸ”„ Tomorrow (Day 12):
I’ll dive deeper into:

  • Route Tables

  • Security Groups vs NACLs

  • VPC Peering β€” how to connect multiple VPCs together

πŸ“Έ Want Visuals?

πŸ–ΌοΈ I’m also creating a visual diagram of my VPC layout and subnet routing β€” stay tuned on my LinkedIn!

πŸ”— And here's a static portfolio site I hosted earlier on S3 + CloudFront from Day 9:
πŸ‘‰ View Project on LinkedIn

πŸš€ Final Thoughts:

AWS VPC is the network foundation for everything you build in the cloud. It connects, isolates, secures, and scales your infrastructure. Without a strong grasp on VPC fundamentals, real-world cloud deployments can become a tangled mess.

This hands-on practice was crucial in understanding how everything works under the hood in cloud networking.

🏷️ Hashtags:

#Day11 #30DaysOfCloud #AWS #VPC #Subnets #NATGateway #IGW #CloudNetworking #DevOps #LearnInPublic #Hashnode #TruptiMane #CloudSecurity #AWSBeginner #AmazonWebServices #CloudJourney

0
Subscribe to my newsletter

Read articles from Pratik Das directly inside your inbox. Subscribe to the newsletter, and don't miss out.

DevopsCloudCloud ComputingTerraformDockervpcAWSci-cdKubernetes#shubhamLondhe

Written by

Pratik Das
Pratik Das