Intro
You cannot enjoy any associate level AWS certification exam and not be hammered with VPC questions. This makes it a very important topic for those interested in AWS certs. This post reviews key elements of these important constructs with you.
Key Points
- Think of a VPC as your own data center in the AWS cloud
- AWS provides you with a default VPC in the region you select; this is to lower the barrier to entry when it comes to providing cloud-based resources quickly
- When you create a VPC from scratch on your own, this is termed a Custom VPC
- The default VPC provides public Internet access to all subnets inside it by default; again, this is to lower barriers to entry
- Subnets in a VPC can be made publicly Internet accessible or private
- Your VPCs are logically isolated from other customers and resources within AWS
- You have high levels of control over the components in your VPC; in fact, it is your responsibility (in the shared responsibility model) to properly secure many of these components; for example, when you create a new Security Group for an EC2 instance you are provisioning, you must ensure the correct security rules exist for your appropriate usage
- An Internet Gateway exists (one per VPC) in order to provide Internet Access
- A Virtual Private Gateway can be used to provide VPN access
- You have virtual routers in your VPC that contain route tables that you can manipulate; one important use of this would be to provide routing functions between your VPC subnets
- Network Access Control Lists exist so you can enforce security rules within your VPC; these ACLs are stateless; one important aspect of this is the fact that if you permit traffic inbound, you must also permit this traffic outbound as this is not automatically provisioned
- Subnets exist in your VPC and use RFC 1918 private addressing; each subnet is contained in an Availability Zone (AZ)
- Security Groups can span multiple AZs, they permit you to define traffic rules for access to EC2 (and other) resources
- Since you can have multiple VPCs in your infrastructure, you can configure VPC peering to permit access between the clouds
- You can create direct routes using Private IPs to define connectivity
- You can even provide peering between VPCs of different AWS accounts
- There is no transitive peering with VPCs; so if VPC A peers with VPC B and VPC C, it does not mean that VPC B and VPC C are also peered; think of the peerings as hub and spoke