(Day 03) Task : VPC Explained :-

Aditya SharmaAditya Sharma
3 min read

What is a VPC?

A Virtual Private Cloud (VPC) is a logically isolated section of AWS Cloud where you can launch AWS resources (like EC2, RDS, etc.) in a virtual network that you define.

Think of a VPC as your own private data center on the cloud. You decide its size, subnets, routing, security, and control how resources connect internally and with the internet.

In DevOps and production systems, VPC ensures secure, scalable, and controlled networking.

Company Use Case: Why We Use VPC?

Let’s imagine a gaming company — "CloudGaming Ltd." — wants to host their online multiplayer game on AWS. They want it to be fast, secure, scalable, and globally accessible.

Without VPC:

  • All services would be deployed in a shared, public environment.

  • Security breaches are more likely.

  • No granular control over who accesses what and how.

With VPC:

  • The company gets a custom private network in AWS.

  • Resources are isolated and controlled via firewalls, routing, and access controls.

  • Even if a hacker compromises one part, the rest stays protected using layered security like NACLs and Security Groups.

Components of a VPC

Below are the key building blocks of a VPC, and how we use them in the real-world project setup:

  1. CIDR Block (IP Range) :

  • Defines the IP address range of your VPC.

  • Example: 10.0.0.0/16 gives you 65,536 IP addresses.

  • You split this into smaller subnets

  1. Subnets :

  • Sub-networks inside your VPC.

  • Two types:

    • Public Subnet — for internet-facing services (e.g., Load Balancers, Bastion Hosts).

    • Private Subnet — for internal services (e.g., Databases, App Servers).

  1. Internet Gateway (IGW) :

  • Allows internet access for resources in public subnet.

  • Must be attached to the VPC and associated via Route Table.

  1. Route Table :

  • Controls how traffic flows within subnets and to the internet.

  • Public subnet route table:

    • Routes to Internet Gateway
  • Private subnet route table:

    • Routes through NAT Gateway
  1. NAT Gateway :

  • Allows private subnet resources to access the internet without exposing them.

  • Example: App server downloads software updates from internet without being public.

  1. Security Group :

  • Acts as a virtual firewall for your EC2 instances.

  • Stateful: If you allow inbound, the corresponding outbound is allowed automatically.

  1. Network ACL (NACL) :

  • An optional stateless firewall for subnets.

  • You define inbound and outbound rules separately.

  • Useful for additional subnet-level security.

  1. Elastic Load Balancer (ELB) :

  • Distributes traffic across multiple instances.

  • Deployed in public subnet.

  • Sends traffic to app servers in private subnet.

Coming Up Next :-

Stay tuned for Day 4, where we’ll dive into Security Groups vs NACLs with practical comparisons and case-based configuration.

0
Subscribe to my newsletter

Read articles from Aditya Sharma directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Aditya Sharma
Aditya Sharma

DevOps Enthusiast | Python | Chef | Docker | GitHub | Linux | Shell Scripting | CI/CD & Cloud Learner | AWS