Tag Archives: aws solutions architect

An Overview of VPCs (Virtual Private Clouds) in AWS

VPC

Intro

You cannot enjoy any associate level AWS certification exam and not be hammered with VPC questions. This makes it a very important topic for those interested in AWS certs. This post reviews key elements of these important constructs with you.

Key Points

  • Think of a VPC as your own data center in the AWS cloud
  • AWS provides you with a default VPC in the region you select; this is to lower the barrier to entry when it comes to providing cloud-based resources quickly
  • When you create a VPC from scratch on your own, this is termed a Custom VPC
  • The default VPC provides public Internet access to all subnets inside it by default; again, this is to lower barriers to entry
  • Subnets in a VPC can be made publicly Internet accessible or private
  • Your VPCs are logically isolated from other customers and resources within AWS
  • You have high levels of control over the components in your VPC; in fact, it is your responsibility (in the shared responsibility model) to properly secure many of these components; for example, when you create a new Security Group for an EC2 instance you are provisioning, you must ensure the correct security rules exist for your appropriate usage
  • An Internet Gateway exists (one per VPC) in order to provide Internet Access
  • A Virtual Private Gateway can be used to provide VPN access
  • You have virtual routers in your VPC that contain route tables that you can manipulate; one important use of this would be to provide routing functions between your VPC subnets
  • Network Access Control Lists exist so you can enforce security rules within your VPC; these ACLs are stateless; one important aspect of this is the fact that if you permit traffic inbound, you must also permit this traffic outbound as this is not automatically provisioned
  • Subnets exist in your VPC and use RFC 1918 private addressing; each subnet is contained in an Availability Zone (AZ)
  • Security Groups can span multiple AZs, they permit you to define traffic rules for access to EC2 (and other) resources
  • Since you can have multiple VPCs in your infrastructure, you can configure VPC peering to permit access between the clouds
    • You can create direct routes using Private IPs to define connectivity
    • You can even provide peering between VPCs of different AWS accounts
    • There is no transitive peering with VPCs; so if VPC A peers with VPC B and VPC C, it does not mean that VPC B and VPC C are also peered; think of the peerings as hub and spoke

Scripting S3 in AWS

S3

Here is a sample Nugget from the AWS Solutions Architect – Storage Services course at CBT Nuggets! This Nugget demonstrates how easy it is to script against the S3 storage service.