Amazon VPC

Amazon Virtual Private Cloud (VPC) is a commercial cloud computing service that provides users a virtual private cloud, by “provision[ing] a logically isolated section of (Amazon Web Services)AWS Cloud Migration”.Enterprise customers are able to access the Amazon Elastic Compute Cloud (EC2) over an IPsec based virtual private network. Unlike traditional EC2 instances that are allocated internal and external IP numbers by Amazon, the customer can assign IP numbers of their choosing from one or more subnets. By giving the user the option of selecting which AWS resources are public-facing and which are not, VPC provides much more granular control over security. For Amazon, it is “an endorsement of the hybrid approach, but it’s also meant to combat the growing interest in private clouds”.

AWS Cloud Migration

There would be one default VPC provided by AWS, which cannot be deleted. Default one can have 5 VPCs per region. One point to be remembered that VPC is an entire Region wise.

When you create a VPC it creates Routing Table by default and that routing table is for internal communication of all instances in all subnets under that VPC.

One VPC can have more than 1 subnet based on the Availability Zones.

1 Availability Zone = 1 subnet

You can configure only one internet gateway per VPC to communicate with the internet.

Scenario:

If some user has deployed an instance, and he is not able to communicate with the internet.

How Amazon VPC works?

Let’s take an example of a VPC which was created on a Region with two Availability Zone(AZ_1, AZ_2)

• Create a VPC
• Navigation : Under Networking Section > Select VPC > Select Your VPCs > Create VPC
• Give a CIDR (Classless Inter-Domain Routing) Generally give something with /16 networks so that you can get a broad network range.

How to Create Subnets :

• Click on “Subnets”
• Click on “Create Subnet”

There are 3 very important things to keep in mind while creating Subnets.

1. You need to select the VPC that you created (from the drop-down)
2. Make sure you are selecting the appropriate Availability Zone.
3. CIDR — Choose a subnet where your instance would be.

Points to remember for NAT:

1. Create an SG with inbound with custom IP as CIDR for “Subnet_b”

2. You need to launch a NAT (Go to community AMI and select NAT AMI only) instance only on the Public subnet (Subnet_a)

3. Don’t give it any Public IP, It needs to have an Elastic IP Associated with it.

4. Most Important — Disable Source / Destination check for NAT instance (Action > Networking >Check Source/Destination)

5. Create a routing table with the target as NAT Instance and destination as 0.0.0.0/0

Know More https://www.liainfraservices.com/blog/what-is-amazon-vpc/