Introduction to AWS VPC (Virtual Private cloud)
Today we are going to talk about one of the most important topic in the AWS (Amazon Web Services) named as VPC which is generally called as Virtual Private cloud.
VPC (Virtual Private cloud)
VPC is a logical/virtual datacenter inside the amazon cloud. Various AWS resources can be launched inside this virtual network we define. We can define a range of IP addresses, create subnets, Network Gateways, route tables, and implement security to VPC.
 |
| Fig 1.1- VPC in AWS |
VPC can be default or customized.
- Default VPC: It is automatically created by the AWS system when EC2 resources are provisioned, and the Customer needn't create their VPC.
- Customized VPC: AWS does not automatically create it; Customers need to make their VPC.
Servers can be placed in private or public subnets. For instance, web servers can be placed in the public subnet (total exposure to the internet). Application and database servers can be placed in private subnets to prevent their disclosure to the internet as they contain sensitive data.
 |
| Fig 1.2- AWS VPC with Public and private Subnet |
Multiple layers of security can be imposed on these servers in EC2 instances. The first layer of defense is the Security group and the second layer is ACL.
Now let's talk about Security Groups, ACLs, Jump Boxes and NAT Gateway
Security Groups: SGs are stateless means either we can deny rules or allow rules. If we open an inbound port, an outbound port is automatically opened.
ACL(Access control list): ACLs are stateful means we can deny and allow rules simultaneously. If we open an inbound port, an outbound port is not opened automatically unless we specifically open it.
Bastion Host/Jump Boxes: It is a way of SSH/RDP into private subnets through the public subnet. It is a special purpose computer(server)made to withstand attacks. So, the minimum number of applications are installed on this computer.
NAT Gateway: NAT Gateway and NAT instances are used to provide internet traffic to instances in the private subnet.
