Source By: <docs.aws.amazon.com>
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
Topics
- Amazon VPC Concepts
- How to Get Started with Amazon VPC
- Using Amazon VPC with Other AWS Services
- Accessing Amazon VPC
- Pricing for Amazon VPC
- Amazon VPC Limits
- PCI DSS Compliance
Amazon VPC Concepts
As you get started with Amazon VPC, you should understand the key concepts of this virtual network, and how it is similar to or different from your own networks. This section provides a brief description of the key concepts for Amazon VPC.
Amazon VPC is the networking layer for Amazon EC2. If you’re new to Amazon EC2, see What is Amazon EC2? in the Amazon EC2 User Guide for Linux Instances to get a brief overview.
VPCs and Subnets
A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC. You can configure your VPC; you can select its IP address range, create subnets, and configure route tables, network gateways, and security settings.
A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a subnet that you select. Use a public subnet for resources that must be connected to the Internet, and a private subnet for resources that won’t be connected to the Internet.
To protect the AWS resources in each subnet, you can use multiple layers of security, including security groups and network access control lists (ACL).
Supported Platforms
The original release of Amazon EC2 supported a single, flat network that’s shared with other customers called theEC2-Classic platform. Older AWS accounts still support this platform, and can launch instances into either EC2-Classic or a VPC. Accounts created after 2013-12-04 support EC2-VPC only.
By launching your instances into a VPC instead of EC2-Classic, you gain the ability to:
- Assign static private IP addresses to your instances that persist across starts and stops
- Assign multiple IP addresses to your instances
- Define network interfaces, and attach one or more network interfaces to your instances
- Change security group membership for your instances while they’re running
- Control the outbound traffic from your instances (egress filtering) in addition to controlling the inbound traffic to them (ingress filtering)
- Add an additional layer of access control to your instances in the form of network access control lists (ACL)
- Run your instances on single-tenant hardware
Default and Nondefault VPCs
If your account supports the EC2-VPC platform only, it comes with a default VPC that has a default subnet in each Availability Zone. A default VPC has the benefits of the advanced features provided by EC2-VPC, and is ready for you to use. If you have a default VPC and don’t specify a subnet when you launch an instance, the instance is launched into your default VPC. You can launch instances into your default VPC without needing to know anything about Amazon VPC.
Regardless of which platforms your account supports, you can create your own VPC, and configure it as you need. This is known as a nondefault VPC. Subnets that you create in your nondefault VPC and additional subnets that you create in your default VPC are called nondefault subnets.
Accessing the Internet
You control how the instances that you launch into a VPC access resources outside the VPC.
Your default VPC includes an Internet gateway, and each default subnet is a public subnet. Each instance that you launch into a default subnet has a private IP address and a public IP address. These instances can communicate with the Internet through the Internet gateway. An Internet gateway enables your instances to connect to the Internet through the Amazon EC2 network edge.
By default, each instance that you launch into a nondefault subnet has a private IP address, but no public IP address, unless you specifically assign one at launch, or you modify the subnet’s public IP address attribute. These instances can communicate with each other, but can’t access the Internet.
You can enable Internet access for an instance launched into a nondefault subnet by attaching an Internet gateway to its VPC (if its VPC is not a default VPC) and associating an Elastic IP address with the instance.
Alternatively, to allow an instance in your VPC to initiate outbound connections to the Internet but prevent unsolicited inbound connections from the Internet, you can use a network address translation (NAT) device. NAT maps multiple private IP addresses to a single public IP address. A NAT device has an Elastic IP address and is connected to the Internet through an Internet gateway. You can connect an instance in a private subnet to the Internet through the NAT device, which routes traffic from the instance to the Internet gateway, and routes any responses to the instance.
Accessing a Corporate or Home Network
You can optionally connect your VPC to your own corporate data center using an IPsec hardware VPN connection, making the AWS cloud an extension of your data center.
A VPN connection consists of a virtual private gateway attached to your VPC and a customer gateway located in your data center. A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. A customer gateway is a physical device or software appliance on your side of the VPN connection.
How to Get Started with Amazon VPC
To get a hands-on introduction to Amazon VPC, complete the exercise Getting Started with Amazon VPC. The exercise will guide you through the steps to create a nondefault VPC with a public subnet, and to launch an instance into your subnet.
If you have a default VPC, and you want to get started launching instances into your VPC without performing any additional configuration on your VPC, see Launching an EC2 Instance into Your Default VPC.
To learn about the basic scenarios for Amazon VPC, see VPC Wizard Scenarios for Amazon VPC. You can configure your VPC and subnets in other ways to suit your needs.
The following table lists related resources that you’ll find useful as you work with this service.
| Resource | Description |
|---|---|
| Amazon Virtual Private Cloud Connectivity Options | A whitepaper that provides an overview of the options for network connectivity. |
Amazon VPC forum | A community-based forum for discussing technical questions related to Amazon VPC. |
AWS Developer Resources | A central starting point to find documentation, code samples, release notes, and other information to help you create innovative applications with AWS. |
AWS Support Center | The home page for AWS Support. |
Contact Us | A central contact point for inquiries concerning AWS billing, accounts, and events. |
Using Amazon VPC with Other AWS Services
Amazon VPC integrates with many other AWS services; furthermore, some services require a VPC in your account to carry out certain functions. Below are examples of services that use Amazon VPC.
| Service | Relevant Topic |
|---|---|
| AWS Data Pipeline | Launching Resources for Your Pipeline into a VPC |
| Amazon EC2 | Amazon EC2 and Amazon VPC |
| Auto Scaling | Auto Scaling and Amazon VPC |
| Elastic Beanstalk | Using AWS Elastic Beanstalk with Amazon VPC |
| Elastic Load Balancing | Setting Up Elastic Load Balancing |
| Amazon ElastiCache | Using ElastiCache with Amazon VPC |
| Amazon EMR | Select a Subnet for the Cluster |
| AWS OpsWorks | Running a Stack in a VPC |
| Amazon RDS | Amazon RDS and Amazon VPC |
| Amazon Redshift | Managing Clusters in a VPC |
| Amazon Route 53 | Working with Private Hosted Zones |
| Amazon WorkSpaces | Create and Configure Your VPC |
To get a detailed view of the VPCs, subnets, and other VPC resources in your account and their relation to each other, you can use the AWS Config service.
Accessing Amazon VPC
Amazon VPC provides a web-based user interface, the Amazon VPC console. If you’ve signed up for an AWS account, you can access the Amazon VPC console by signing into the AWS Management Console and selecting VPCfrom the console home page.
If you prefer to use a command line interface, you have several options:
- AWS Command Line Interface (CLI)
- Provides commands for a broad set of AWS products, and is supported on Windows, Mac, and Linux/UNIX.
- Amazon EC2 Command Line Interface (CLI) Tools
- Provides commands for Amazon EC2, Amazon EBS, and Amazon VPC, and is supported on Windows, Mac, and Linux/UNIX.
- AWS Tools for Windows PowerShell
- Provides commands for a broad set of AWS products for those who script in the PowerShell environment.
Amazon VPC provides a Query API. These requests are HTTP or HTTPS requests that use the HTTP verbs GET or POST and a Query parameter named Action.
If you prefer to build applications using language-specific APIs instead of submitting a request over HTTP or HTTPS, AWS provides libraries, sample code, tutorials, and other resources for software developers. These libraries provide basic functions that automatically take care of tasks such as cryptographically signing your requests, retrying requests, and handling error responses, so that it is easier for you to get started.
Pricing for Amazon VPC
There’s no additional charge for using Amazon VPC. You pay the standard rates for the instances and other Amazon EC2 features that you use. If you choose to create a hardware VPN connection, you pay for each hour that the VPN is connected to your VPC.
Amazon VPC Limits
There are limits to the number of Amazon VPC components that you can provision. You can request an increase for some of these limits.
PCI DSS Compliance
Amazon VPC supports the processing, storage, and transmission of credit card data by a merchant or service provider, and has been validated as being compliant with Payment Card Industry (PCI) Data Security Standard (DSS).
Source By: <docs.aws.amazon.com>
To Become AWS Certified please Check out the Link;
Also published on Medium.
