Scribd
Upload
120 views

VPC Architecture

VPCs logically isolate sections of the AWS cloud where resources can be provisioned into a virtual network. When a VPC is created, default resources like a route table, network ACLs, and security groups are automatically set up. An internet gateway must also be created to connect the VPC to the outside world. Subnets, which are subsections of the network, must be created and cannot span availability zones. Security groups act as a firewall at the instance level, while network ACLs control traffic at the subnet level. NAT gateways allow private subnets to initiate outbound traffic while preventing inbound public access.

Uploaded by

Sam
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
120 views

VPC Architecture

VPCs logically isolate sections of the AWS cloud where resources can be provisioned into a virtual network. When a VPC is created, default resources like a route table, network ACLs, and security groups are automatically set up. An internet gateway must also be created to connect the VPC to the outside world. Subnets, which are subsections of the network, must be created and cannot span availability zones. Security groups act as a firewall at the instance level, while network ACLs control traffic at the subnet level. NAT gateways allow private subnets to initiate outbound traffic while preventing inbound public access.

Uploaded by

Sam
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 10

VPC:-

When a VPC is first created, then Route Table is automatically created, Network ACLs (Network Access Control List) and a default Security
Groups are also created by Default.

After that Internet gateway is created so that the VPC can be connected to the internet for outside world.

We have to create a subnet.

AWS reserves 5 IP address within any subnets.

Security Groups cannot span VPCs.


A VPC is a logically isolated section of the AWS Cloud where you can provision resources into a virtual network. The default VPC
already has subnets created for each AZ by default. Subnets cannot span AZs. We can add one or more subnets in each AZ. When
an AWS account is created, each region will get 1 VPC. Only one internet gateway can be attached to a VPC at a time. An EC2
instance can only be attached to 1 VPC at a time.

A subnet is a subsection of a network. Public subnets have a route table that points to an Internet Gateway. Private subnets have a
route table not pointed to an Internet Gateway. Subnets separate a network into subsections. Subnets currently do not have the
ability to span across Availability Zones, they can only exist in the AZ where they were created.

An Internet Gateway is a route to the internet for instances within a VPC.

A NACL allows or denies inbound/outbound traffic on the subnet level.

A route table directs traffic within a network with a set of rules.

A security group is not a firewall on the subnet level. A security group is a firewall on the instance level.

NAT gateways:-  a network address translation (NAT) instance in a public subnet in your VPC to enable instances in the private subnet
to initiate outbound IPv4 traffic to the internet or other AWS services, but prevent the instances from receiving inbound traffic initiated
by someone on the internet. Network ACLs:- A network access control list (ACL) is an optional layer of security for your VPC that
acts as a firewall for controlling traffic in and out of one or more subnets. Acts like a bouncer.

AWS Transit Gateway -- Easily connect Amazon VPCs, AWS accounts, and on-premises networks to a single gateway thru a
central hub.

AWS Private Link -- Establish private connectivity between VPCs and services hosted on AWS or on-premises, without exposing data
to the internet.

AWS Network Firewall -- Deploy network security across your Amazon VPCs with just a few clicks.
AWS VPN -- Extend your on-premises networks to the cloud and securely access them from anywhere.
Network address translation (NAT) gateway -- Allow your VPC private subnet workloads to access the internet while preventing the
internet from initiating a connection with those instances

You might also like