Get started with AWS VPC

Kyle Howard Senoy - Nov 5 - - Dev Community

Overview

In AWS, you can configure and establish a virtual network dedicated to your AWS account. This private network is known as a VPC, or Virtual Private Cloud.

In this article, I will share my introductory insights with Amazon VPC. It is logically isolated from other virtual networks in the AWS Cloud. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.


AWS VPC Architecture

A VPC is created with a particular AWS Region. This means that when you create a VPC, you must specify the region you want to create it with. A VPC cannot span multiple Regions; it can only exist in a single Region.

Within each region, there are multiple Availability Zones (to know more about AZ's refer to this link). Inside the Availability Zones you can place subnets, this will allow your resources to be distributed across multiple Availability Zones.

By placing your subnets in multiple Availability Zones, you can launch AWS resources such as EC2 instances and RDS Databases. In this way, your AWS resources follows the best practices. Availability Zones are designed to be isolated from failures from other AZ's.

If you wish to achieve high availability, it is not advised to create more than one subnet in a single Availability Zone. It is crucial to remember that a subnet cannot cover more than one Availability Zone, just as a VPC cannot span more than one Region. You cannot construct subnets that span several Availability Zones because each subnet is dedicated to a single Availability Zone.


AWS Network Topology

Network Diagram in AWS
The network topology within a cloud infrastructure is clearly depicted in the diagram, which also shows how subnets are configured within a single VPC spanning several Availability Zones in a single region. It shows a standard configuration that includes both public and private subnets in every Availability Zone. The architecture of a highly available and secure cloud environment is based on this layout.


VPC Identifier and Tags

When you create a VPC, it will automatically have a unique ID attached to it. This ID is a string of alphanumeric characters that identifies the VPC within your AWS Region. The VPC ID is crucial because it is used to connect other VPC components, such as subnets, network gateways, and route tables.

Image description

Tags are very helpful especially when you have multiple VPC's running as this will differentiate and group the running resources, providing a great way to manage and organize them.

When tagging, the tag name shows in parenthesis after the VPC ID to help identify the VPC. Each component of the VPC can be given an identifying name. This not only aids in the identification of the relevant VPC, but also improves VPC management and organization.

VPC with tag:

Image description


Subnets

Subnets in the cloud function similarly to actual traditional networks, providing network segment where you can deploy AWS services and resources. Public subnets are those that are specifically designed to route traffic to and from the internet. Subnets that do not allow internet access are referred to as private subnets, and they can only be accessed within the VPC.

Public and private subnets have different purposes. For example, if you want your website to be accessible only by your employees and not to the public, you would use a private subnet. However, to access your private subnets over the internet, you need to use a Virtual Private Network (VPN).

Another popular use case is to keep the data and logic tiers private and the display tier public. This configuration allows you to restrict access to important data and processes while maintaining a public-facing interface. A VPC can have all public subnets, all private subnets, or a combination of the two, based on your individual use case and requirements.

It is also better to create larger subnets than smaller ones. Because each node on your network requires an IP address, this method makes workload placement easier. If you run out of accessible IP addresses, you will be unable to add new ones to that subnet.


Internet Gateway

Internet Gateway Diagram

Internet gateway will connect your public subnet to the internet, which will allow your resources in the VPC to communicate with the internet. An Internet Gateway is attached to your VPC ID and has a one-to-one relationship, therefore you cannot connect the same Internet Gateway to two VPCs. As a result, each virtual private network should have its own Internet gateway. Unlike subnets in a VPC, when you attach an Internet Gateway, it can be detached and associated with another VPC.


Route Tables

Route Table Diagram

Route Tables directs the traffic within the VPC. They function similarly to routers and include a set of rules known as routes that specify how network traffic should be routed from your subnet.

Each route in the table must have a specific destination and target. For example, you may want traffic from your subnet routed to a gateway or other network interfaces or connections. The target specifies where you want traffic for the destination to be sent.

It's important to note that each subnet in your VPC must be assigned a route table. You can design custom route tables and associate them with your subnets. You can also change the primary route table with a custom route table if desired. A VPC's route tables follow a many-to-one rule, which means that a single route table can be associated with multiple subnets. However, you cannot associate a single subnet with several route tables.


Summary

This article provides an introduction to Amazon VPC, with a focus on networking within AWS. It includes AWS VPC Architecture, AWS Network Topology, VPC Identifier and Tags, Subnets, Internet Gateway, and Route table.

This a compilation of my knowledge with AWS VPC, if you want to know more about VPC you can visit this article and if you want to know the basic fundamentals of networking refer to this link.


References

Marte, O. (2024, April 3). Networking 101 - Part 2. Amazon Web Services, Inc. https://repost.aws/articles/ARgs1iWM-ASlGSktYepaY68Q [diagrams and information]
AWS Cloud Networking. (n.d.). https://www.w3schools.com/aws/aws_cloudessentials_awsnetworking.php [information]

.