Amazon VPC Concepts
External
Internal
Overview
Amazon VPC provides a logically isolated section of the AWS Cloud where AWS resources run in a private virtual network.
Virtual Private Cloud (VPC)
A VPC is a virtual network dedicated to an AWS account and logically isolated from other virtual networks in the AWS Cloud. It can be thought of as an isolated portion of the AWS Cloud populated by AWS objects, such as Fargate tasks. The VPC has a primary IP address range, specified as a CIDR Block. A VPN uses subnets, security groups and route tables.
VPC ID
CIDR Block
- VPC_Subnets.html#VPC_Sizing
10.0.0.0/16
Block sizes must be between /16 netmask and /28 netmask.
VPC and Availability Zones
A VPC spans all the availability zones in the region. subnets can be added within an availability zone.
Availability Zone
An availability zone is a distinct location that is engineered to be isolated from failures in other availability zones.
Subnet
A subnet is a range of IP addresses in the Virtual Private Cloud (VPC) that can be used to isolate different EC2 resources or ECS services from each other, within the same VPC, or from the Internet. The range of IP addresses in the subnet must be a subset of the IP address in the VPC. Block sizes must be between /16 netmask and /28 netmask. The size of the subnet can equal the size of the VPC. Each subnet resides in one Availability Zone. Subnets enable you to group instances based on security and operational needs.
To enable instances in a subnet to reach the Internet and AWS services, you must add an Internet gateway to the VPC and a route table with a route to the Internet to the subnet.
Example:
subnet-53993c24: 172.31.16.0/20
Subnet ID
Each subnet has an unique ID.
Public Subnet
If a subnet's traffic is routed to an internet gateway, the subnet is known as a public subnet.
Private Subnet
If a subnet does not have a route to an internet gateway, it is known as a private subnet.
VPN-Only Subnet
If a subnet does not have a route to an internet gateway, but has its traffic routed to a virtual private gateway for a site-to-site VPN connection, it is known as a VPN-only subnet.
Route Table
Internet Gateway
An internet gateway enables communication over the internet.
Virtual Private Network (VPN) Connection
A VPN connection enables communication between cooperating networks, such as a VPC and a corporate network.