Skip to content

Virtual Private Cloud

cidr.xyz

Consists Of...

  • Internet Gateway
  • Virtual Private Gateway
  • Route Tables
  • Network Access Control Lists
  • Subnets
  • Security Groups

CIDR Blocks

  • "A block of IP addresses for resources inside of a VPC."
  • AWS recommends following RFC 1918 (which assigns private IP ranges and ensures that addresses in the VPC won't conflict with those on the Internet)
  • Note that AWS reserves the first 4 and last one address in the CIDR address range.

Subnets

  • For resources like an EC2 instance to reside in a VPC, it needs to be within a subnet.
  • This is how IP addresses are assigned (amongst other things).

Internet Gateway

  • Simply routes traffic from within the VPC to the internet (and vice versa).
  • When you create one, they're detached by default. Attaching one to a VPC is a separate step.
  • Just because an IGW is attached to a VPC, doesn't mean the traffic will be routed to it (you'll need to configure the subnet to achieve this).

Routing Tables

  • You'll want to make a newly created one, the default for the public subset.
  • You'll also need to add one for the internet gateway.
  • This means all traffic inside the VPC will get routed internally. Conversely, all other traffic will be routed to / from the internet (via the IGW).

Enables What?

  • Allows you to create virtual networks in the AWS "cloud"
  • Allows complete control over network configuration
  • Offers several layers of security controls
  • Other AWS services deploy into the VPC
  • Lives in a specific region
  • Can span multiple Availability Zones

Default VPC

aws ec2 create-default-vpc

Always check the security group inbound / outbound rules.

VPC Flow Logs

  • Enables you to capture information about the IP traffic going to and from network interfaces in your VPC.
  • Note that there are things it doesn't capture.
  • VPC flow logs can be created at how many levels? 1) VPC 2) Subnet 3) Network interface