VPC (Virtual Private Cloud)
💡 Definition
Amazon VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.
🔑 Key Concepts
- Subnet: A range of IP addresses in your VPC.
- Public Subnet: Has a route to the Internet Gateway.
- Private Subnet: No direct route to the Internet.
- Route Table: Contains rules (routes) that determine where network traffic is directed.
- Internet Gateway (IGW): Connects the VPC to the Internet.
- NAT Gateway: Allows private subnets to access the internet (outbound only) but prevents internet from initiating connections.
- Security Group: Stateful firewall at the instance level.
- NACL (Network Access Control List): Stateless firewall at the subnet level.
⚙️ How it Works
- Define CIDR Block: Choose IP range (e.g.,
10.0.0.0/16). - Create Subnets: Divide the VPC into smaller networks (across Availability Zones).
- Configure Routing: Set up Route Tables to direct traffic.
- Launch Resources: Deploy EC2 instances or RDS databases into subnets.
🎯 Use Cases
- Hosting Multi-tier Web Apps: Web servers in public subnets, App/DB servers in private subnets.
- Hybrid Cloud: Connect VPC to on-premises data center via VPN or Direct Connect.
- Isolation: Secure sensitive workloads from the public internet.
💰 Pricing Model
- VPC Itself: Free to create.
- Connectivity: Pay for NAT Gateways, VPN Connections, and PrivateLink.
- Data Transfer: Charges apply for data transfer across Regions or Availability Zones.
📝 Exam Tips (CLF-C02)
- Region-specific: A VPC spans a Region, but Subnets reside in a single Availability Zone.
- Peering: Connect two VPCs to route traffic privately.
- Security Group vs NACL:
- SG: Stateful (Return traffic automatically allowed).
- NACL: Stateless (Must explicitly allow return traffic).
See Also: * Route 53 * CloudFront