Mastering AWS VPC: Cloud Networking

Mastering AWS VPC: Cloud Networking

In the dynamic landscape of modern computing, the need for a secure and scalable network infrastructure is paramount. Effectively managing connectivity and foreseeing the required network capacity presents a challenge, potentially leading to bottlenecks or unnecessary expenses. Addressing this challenge, AWS offers Amazon VPC, a groundbreaking service for creating a virtual network in the cloud.

This blog aims to provide a comprehensive understanding of AWS VPC, offering insights and examples to seamlessly navigate this versatile and resilient networking solution. Let's delve into AWS VPC, exploring how this service simplifies the intricacies of network management in today's digitally evolving era.

Introduction to AWS VPC

  • AWS VPC is a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS. VPC is nothing but it’s a virtual data center in the cloud.

  • You have complete control over the virtual networking environment, including selection of your IP address range, creation of subnets and configuration of your route tables and Internet and NAT gateways.

  • AWS VPC allows you to create a customized secure and isolated network for your resources, which provides a high level of security and control. This means that you can create your private network, which is not accessible from the internet or other networks.

  • AWS VPC also enables you to create a VPN connection between your on-premises infrastructure and your AWS VPC. This connection allows you to access resources in your VPC from your on-premises infrastructure.

VPC Concepts

  1. VPCs and Subnets - You can specify an IP address range for the VPC, add subnets, add gateways, and associated security groups.

    A subnet is a range of IP addresses in your VPC. You launch AWS resources, such as Amazon EC2 instances, into your subnets.

  2. Default and NonDefault VPCs (Custom) - Default VPC is created by AWS, but Custom VPC is majorly recommended for use, which gives us the flexibility to create customized networking architecture.

  3. Route tables - A route table contains a set of rules, called routes, that are used to determine where network traffic from your VPC is directed.

  4. Accessing the Internet - you control how the instances that you launch into a VPC, access resources outside the VPC.

  5. Access a corporate or home network - You can optionally connect your VPC to your own corporate data center using an IPsec AWS Site-to-Site VPN connection, making the AWS Cloud an extension of your data center.

  6. Connect VPCs and networks - You can create a VPC peering connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network.

    You can also create a transit gateway and use it to interconnect your VPCs and on-premises networks.

  7. AWS private global network - AWS provides a high-performance, and low-latency private global network that delivers a secure cloud computing environment to support your networking needs.

Types of AWS VPC

In AWS, we have two types of VPC:

  1. Default VPC

    The default VPC comes with every AWS account. When you create your AWS account, a default VPC is created with default subnets and other components and can be seen in the VPC Console. However, this is not a secure VPC, and this is where the second type of VPC comes in.

  2. Custom VPC

    A custom VPC is the more recommended type of VPC, as this gives you flexibility and customization to create the networking as per your requirement, just as the name suggests. While creating this VPC, you get to choose and define what you want in the components of your VPC, for example - the range of CIDR for VPC, and the subnet as required etc. This is the configurable option to create the VPC.

Types of Subnets

There are 2 types of subnets which are used while creating the networking architecture:

  1. Public Subnet: A public subnet is a subnet in your VPC that has a direct route to the internet via an Internet Gateway (IGW). Resources launched in a public subnet have a public IP address and can communicate with the internet directly. Public subnets are typically used for resources that need to be accessed from the internet, such as web servers or load balancers.

  2. Private Subnet: A private subnet is a subnet in your VPC that does not have a direct route to the Internet. Resources launched in a private subnet do not have a public IP address and cannot communicate with the internet directly. However, they can communicate with resources in other subnets within the same VPC using a Local Router or with other networks connected to your VPC using a VPN or AWS Direct Connect.

    Private subnets are typically used for resources that do not need to be accessed from the internet, such as databases or application servers, but we can send the outbound traffic via NAT Gateway, which we will be discussing in some time.

Components of AWS VPC

There are various components of AWS VPC through which we can create a secure networking architecture:

  1. Subnets: A subnet is a range of IP addresses in your VPC. You can launch resources, such as EC2 instances and RDS databases, in a subnet. You can also assign different subnets to different availability zones to achieve high availability and fault tolerance.

  2. Route Tables: A route table is a set of rules that determines how traffic is directed in your VPC. You can create multiple route tables and assign them to different subnets to control the flow of traffic.

  3. Internet Gateway: An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet.

  4. NAT Gateway: NAT gateway enables instances in a private subnet to connect to the internet or other AWS services while preventing the internet from initiating connections with the instances.

  5. Security Groups: Security groups act as a virtual firewall for your instances. You can create and use security groups to control inbound and outbound traffic at the instance level.

  6. Network Access Control Lists (NACLs): NACLs are another layer of security that act as a firewall for subnets. You can use NACLs to control inbound and outbound traffic at the subnet level.

VPC Creation and Tested Networking from a Private Instance (Using Bastion Host)

Here, we will walk through the process of setting up a VPC with public and private subnets, along with a bastion host i.e. instance created in the public subnet to test outbound internet connectivity from the private instance.

Let's look at this configuration in a bit of detail for more understanding:

  1. Creating the VPC and its components from the wizard is a quick method to configure all the VPC configurations in a matter of minutes.

  2. After creating VPC configurations, I have created 1 public instance (which acts as a bastion host) and 1 private instance. Later, I am going to connect to the private instance using the bastion host to test the outbound traffic in a private instance.

  3. After creating the 2 EC2 Instances, firstly, I needed to copy the .pem key pair file from the local to the bastion host using the scp command and then, I will be able to connect to the private instance from the bastion host and can check the outbound traffic connectivity by hitting Google DNS server which can be seen in the below screenshot.

     scp -i ~/Downloads/vpcprivatesubconnection.pem  vpcprivatesubconnection.pem ec2-user@<public-ip-of-bastion-host>:/home/ec2-user/
    

Conclusion

In conclusion, Amazon VPC stands as a cornerstone in the realm of cloud computing, offering a robust and flexible solution to meet the ever-expanding demands of modern networking. With AWS VPC, users gain not only the power to customize their network architecture but also the peace of mind that comes with AWS's commitment to reliability, security, and innovation. AWS VPC is a highly customizable networking service that provides a secure and isolated environment for your resources. By leveraging these components, you can build a highly available, fault-tolerant, and secure VPC that meets your organization’s networking needs.

Reference Links:

What is Amazon VPC -

https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html

Creating a VPC -

https://docs.aws.amazon.com/vpc/latest/userguide/create-vpc.html

NAT gateways -

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

VPC Examples -

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-examples-intro.html

Thank you so much for reading my blog! 😊 I hope you found it helpful and informative. If you did, please 👍 give it a like and 💌 subscribe to my newsletter for more of this type of content. 💌

I'm always looking for ways to improve my blog, so please feel free to leave me a comment or suggestion. 💬

Thanks again for your support!

Connect with me -

LinkedIn - https://www.linkedin.com/in/rachitmishra1997/

Twitter - https://twitter.com/racs1997

#aws #awscommunity #cloudcomputing #cloud

Did you find this article valuable?

Support Cloud & Devops with Rachit by becoming a sponsor. Any amount is appreciated!