VPC
Virtual Private Cloud
Used to control and secure access to EC2 instances. VPCs secure groups of instances.
VPC also provides control over routing tables. Configuring NAT gateways for outbound traffic and internal ip address allocation.
A VPC is made up of one or more subnets. You can have both private and public subnets. Typically you could have a private and public subnet. Where the private subnet has no access to the internet at all.
VPCs provide security by configuring Routing Tables and Network ACLs (Access Control List).
ACLs act as subnet level firewalls.
VPC is free to use, but there is a limit of 5 VPCs per account.
Structure
VPC
Subnet 1
Routing Table
NACL
Subnet 2..*
Routing Table
NACL
Creating a VPC
Load VPC service
Launch VPC wizard
Select type (single public, private public, with vpn, private with vpn)
Select CIDR block (Classless inter-domain routing, used to assign ip addresses)
Enter vpc and subnet names
Create
Create internet gateway
Select VPC in list -> Click on ID
Main route table
Routes
Edit routes
Add route
Destination: 0.0.0.0/0 (anywhere)
Target: Internet Gateway
Save
Creating a second subnet for auto-scaling
Select Subnets -> Add new
Choose existing VPC
Give name and choose availability zone
Set different CIDR block, e.g. 10.0.1.0/24
Create
Assigning public IPs to subnets
By default there are no public IPs assigned. This is more secure. In order to access the internet one would use a NAT gateway. However NAT gateways are quite expensive so the tradeoff to assign public IPs regardless can be made.
Select subnet
Actions -> Modify auto-assign IP settings
Enable auto-assign public IPv4 address
Last updated