VPC (Virtual Private Cloud)

  • This of VPC as a data center as a data center
  • They do not span regions, but they spans availabilitiy zone
  • VPC is isolated network in a region.
    • A VPC spans across multiple availability zone in a region

Subnet

We also have subnets

  • Sub-networks in the VPC
  • Each subnet can be linked to only one availability zone
  • Kind of a network in a network
  • What can you do with those subnets?
    • We set up our own ip range within those PC, the internal IP.
    • The instances receive both, the internal ip, from which can be reached in the internal network, and a public ip, which can be reached outside
    • Each subnet, takes a subset of the VPC IP range.
    • We can control access to our resources

Security Group

We assign Security Group to VPCs, so every instance running in a VPC can be attached to a SG. So SG controls witch access is allow to leave/receive the instances. So acts like a firewall

Network Access Control List

Applies at a subnet network, which traffic may enter this subnet.

Routing

We can also control routing. So even if the firewall is broken, the traffic would be routed differently. We do this using the Route Table.

Route Table

  • Controls Routing of Outgoing Network Request
  • To specify if traffic is allowed to reach other instances, is it allowed to leave the VPC
  • Routing is setup on the VPC, but specificly on the subnet
    • You can say, each packet that want to leave the subnet, is not allowed to leave

Assignment of Public IPs

We can also control assignment of Public Ips

  • If the instances which we launch in the subnet, actually receive a public ip.
  • If we turn it off, we can't access it from the internet.

Public and Private Subnets

A subnet is a subnet,you can't create a public or private, but you can change the characteris

We can start with the routing:

  • Route table - Block outgoing (to internet) to deny a subnet or allow outgoing
  • We can also make sure this subnet, does not received/assigned a public ip for the instances

NAT(Network Address Translation)

Sometimes we want to make sure our private instances can reach out to the internet, eg: install update

We can do this by redirecting it to a NAT Gateway, it translates those internal IPs into public ones and forward it to the internet gateway.

But the instances still do not have a public ip

results matching ""

    No results matching ""