AWS - Virtual Private Cloud(VPC)
Demo on creating a VPC and launching an EC2 instance on AWS
Connectivity, Subnets, and Private Networking Solutions
VPC Fundamentals
An Amazon VPC is your own private network in the cloud. It allows you to define your IP address range, create subnets, and configure route tables and gateways to control the flow of traffic.
Public vs. Private Subnets
Subnets are used to isolate different tiers of an application within a VPC.
Public Subnet
A subnet that has a direct route to an Internet Gateway (IGW). Resources here, like web servers, can send and receive traffic directly from the public internet.
Private Subnet
A subnet that does not have a route to an IGW. Resources here, like databases, are protected from the public internet. They typically use a NAT Gateway to download updates securely.
Advanced Connectivity & Inter-Networking
AWS provides several methods to connect your VPC to other VPCs or to your on-premises data center.
VPC Peering (Peer-to-Peer)
VPC Peering is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 or IPv6 addresses. It is a "one-to-one" relationship.
- No Single Point of Failure: Traffic stays on the global AWS backbone and does not travel over the public internet.
- Use Case: Connecting a "Services VPC" (containing shared tools) to various "Application VPCs" across different AWS accounts.
AWS Site-to-Site VPN
AWS VPN creates a secure, encrypted tunnel between your on-premises network and your VPC over the public internet.
- Quick Setup: Can be established in minutes using standard IPsec protocols.
- Use Case: Providing a secure backup connection for high-priority traffic or a primary connection for smaller branch offices.
AWS Direct Connect (VPC Direct)
Direct Connect provides a dedicated, physical network connection from your on-premises data center to AWS. It bypasses the public internet entirely.
- Performance: Provides consistent bandwidth and lower latency than internet-based VPNs.
- Use Case: Large enterprises moving massive datasets or running real-time applications that require highly stable network speeds.
Comparison of Connectivity Options
| Feature | VPC Peering | AWS VPN | Direct Connect |
|---|---|---|---|
| Medium | AWS Backbone | Public Internet | Dedicated Physical Line |
| Security | High (Private) | Encrypted (IPsec) | Highest (Private Physical) |
| Cost | Standard Data Transfer | Low (Hourly + Data) | High (Port fee + Data) |
Strategic Integration
In a robust cloud architecture, these services are often used together. For example, a company might use Direct Connect for their primary high-speed traffic and a Site-to-Site VPN as a failover backup to ensure continuous connectivity to their VPC.