Understanding AWS – Virtual Private Cloud (VPC)

Virtual Private Cloud (VPC) is the networking construct for Elastic Cloud Compute (EC2).  With a VPC you can create a virtual network within AWS.  When creating a VPC you are able to configure certain elements such as routing tables, network gateways, subnets and controlling access using ACLS or Security groups.  It is possible to create many VPCs in a AWS region, as long as they will never need to communicate they can share IP address ranges as each VPC is logically isolated.  Once created you can launch resources in the VPC such as EC2 compute resources.

When creating a VPC it must be assigned a IPv4 address range, any CIDR range can be used but Amazon treats it as private and it will not be advertised to the internet.  If required a IPv6 address may also be assigned, Amazon will assign a /56 from their allocation of GUA addresses.  Unlike IPv4 addresses the IPv6 assignments are advertised to the internet and therefore if a internet gateway is attached to the VPC the resources are publicly available.  VPCs operate in dual-stack mode and therefore components for IPv4 and IPV6 need to be configured independently.

VPCs are made up of a number of components and will be described further in the Understanding AWS series.  The components a VPC can consist of are:

  • Subnets and IP addresses IPV4 and IPV6
  • Route Tables
  • Security Groups and Network Access Control Lists (ACLs) ​
  • VPC Flow Logs
  • Internet Gateways
  • Egress Only Internet Gateways (EIGWs) for IPv6
  • NAT Instances and NAT Gateways
  • Virtual Private Gateways (VGWs) and Virtual Private Networks (VPNs)
  • VPC Endpoints
  • VPC Peering
  • Placement Groups
  • Elastic Network Interfaces
  • Dynamic Host Configuration Protocol (DHCP) Option Sets
  • Amazon DNS Server