2. Agenda
• VPC Fundamentals
• Key Terms and Components
• VPC IP Addressing
• VPC Security
• VPC Limits
• VPC Peering
• Use cases and Troubleshooting
• Resources
3. VPC Fundamentals
• A virtual private network over the AWS cloud, that closely resembles
a traditional network
• Enables you to launch AWS resources into a virtual network over the
cloud
• Dedicated to your AWS account, logically isolated to other virtual
networks in AWS cloud
4. VPC Components
• Subnet:
• A segment of a VPC’s IP address range where you can place groups of isolated
resources.
• Internet Gateway:
• The Amazon VPC side of a connection to the public Internet.
• NAT Gateway:
• A highly available, managed Network Address Translation (NAT) service for your
resources in a private subnet to access the Internet.
• Routing Table:
• Set of rules to determine where the network traffic is redirected.
• ACL:
• Its an additional security layer to VPC, acts as a firewall for controlling traffic In/Out of
subnets.
5. VPC IP Addressing
• IP addresses enable resources within VPC, to communicate with each
other and with resources over the internet
• By default, Amazon VPC use the IPv4 addressing protocol
• To ensure that your instances can communicate with the Internet, you
must also attach an Internet gateway to your VPC.
6. VPC Security
Amazon VPC provides features that you can use to increase and monitor the
security for your VPC:
• Security groups:
• Act as a firewall for associated Amazon EC2 instances, controlling both inbound and
outbound traffic at the instance level
• When you launch an instance in a VPC, you can associate one or more security groups that
you've created.
• Network access control lists (ACLs):
• Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the
subnet level
• Flow logs:
• Capture information about the IP traffic going to and from network interfaces in your VPC
7. VPC Limits
• VPC per region = 5
• Subnets per VPC = 200
• EIP Per region = 5
• Internet gateway per region = 5
• N/W ACL per VPC = 200
• Rules per ACL = 20
• Security Groups per VPC = 500
• Rule per Security Group = 50
• Security Group per Network Interface = 5
• VPN Connections per Region = 50
8. VPC Peering
• A networking connection between two VPCs that enables you to
route traffic between them privately.
• Instances in either VPC can communicate with each other as if they
are within the same network.
• VPC peering connection can be set up between VPCs in same
account, with a VPC in another AWS account, or with a VPC in a
different AWS Region.