Swiftorial Logo
Home
Swift Lessons
Tutorials
Learn More
Career
Resources

AWS VPC Basics

What is Amazon VPC?

Amazon Virtual Private Cloud (VPC) allows you to provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.

Key VPC Concepts

  • Subnets: Segments of a VPC’s IP address range where you can place groups of isolated resources.
  • Route Tables: Rules that determine the direction of network traffic in your VPC.
  • Internet Gateway: A horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet.
  • NAT Gateway: A highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the internet.
  • Security Groups: Virtual firewalls that control inbound and outbound traffic to AWS resources.
  • Network ACLs: Optional layer of security for your VPC that acts as a stateless firewall for controlling traffic in and out of subnets.

Creating a VPC

To create a VPC:

  1. Sign in to the AWS Management Console.
  2. Navigate to the VPC Dashboard.
  3. Click "Start VPC Wizard".
  4. Select the "VPC with a Single Public Subnet" option and click "Select".
  5. Configure the VPC settings:
    • IPv4 CIDR block: Enter a CIDR block, such as 10.0.0.0/16.
    • VPC name: Enter a name for your VPC.
    • Public subnet: Enter a CIDR block for the subnet, such as 10.0.0.0/24.
    • Subnet name: Enter a name for your subnet.
  6. Click "Create VPC".

Creating Subnets

To create additional subnets:

  1. Sign in to the AWS Management Console.
  2. Navigate to the VPC Dashboard.
  3. In the left navigation pane, click "Subnets".
  4. Click "Create subnet".
  5. Configure the subnet settings:
    • VPC: Select the VPC you created.
    • Subnet name: Enter a name for your subnet.
    • Availability Zone: Select an Availability Zone.
    • IPv4 CIDR block: Enter a CIDR block, such as 10.0.1.0/24.
  6. Click "Create subnet".

Example: Creating a VPC with Public and Private Subnets

Let's create a VPC with both public and private subnets:

Step-by-Step Example:

  1. Sign in to the AWS Management Console.
  2. Navigate to the VPC Dashboard and click "Start VPC Wizard".
  3. Select the "VPC with Public and Private Subnets" option and click "Select".
  4. Configure the VPC settings:
    • IPv4 CIDR block: Enter 10.0.0.0/16.
    • VPC name: Enter "MyVPC".
    • Public subnet: Enter 10.0.1.0/24 and name it "PublicSubnet".
    • Private subnet: Enter 10.0.2.0/24 and name it "PrivateSubnet".
  5. Click "Create VPC".
  6. Once the VPC is created, go to "Subnets" in the VPC Dashboard.
  7. Select the "PublicSubnet" and click "Actions" > "Modify auto-assign IP settings". Enable auto-assign public IPv4 address.
  8. Go to "Route Tables" in the VPC Dashboard, select the main route table, and add a route to the internet gateway for 0.0.0.0/0.
  9. Go to "NAT Gateways" in the VPC Dashboard and create a NAT gateway in the "PublicSubnet". Allocate an Elastic IP for the NAT gateway.
  10. Go back to "Route Tables" and create a new route table for the "PrivateSubnet". Add a route to the NAT gateway for 0.0.0.0/0 and associate it with the "PrivateSubnet".

Security Groups and Network ACLs

Security groups and network ACLs provide security at the instance and subnet level:

  • Security Groups: Control inbound and outbound traffic to instances. They are stateful, meaning that return traffic is automatically allowed, regardless of any rules.
  • Network ACLs: Control inbound and outbound traffic at the subnet level. They are stateless, meaning that return traffic must be explicitly allowed by rules.

Example: Creating a Security Group

Let's create a security group to allow HTTP and SSH traffic:

Step-by-Step Example:

  1. Sign in to the AWS Management Console.
  2. Navigate to the EC2 Dashboard.
  3. In the left navigation pane, click "Security Groups".
  4. Click "Create Security Group".
  5. Configure the security group settings:
    • Security group name: Enter "MySecurityGroup".
    • Description: Enter "Security group for HTTP and SSH access".
    • VPC: Select your VPC.
  6. Under "Inbound rules", click "Add rule".
  7. Set the following rules:
    • Type: HTTP, Protocol: TCP, Port range: 80, Source: Anywhere (0.0.0.0/0)
    • Type: SSH, Protocol: TCP, Port range: 22, Source: Anywhere (0.0.0.0/0)
  8. Click "Create security group".

Conclusion

Amazon VPC allows you to create and control a virtual networking environment in the AWS cloud. By understanding the basics of VPC, including how to create VPCs, subnets, and configure security, you can effectively manage your AWS resources in a secure and isolated network.