Amazon VPC
Amazon VPC Terminologies
By Abhinay Durishetty
6 mins read
VPC (Virtual Private Cloud)
What it is?
A virtual network within the AWS cloud.
Example:
Think of a VPC as a gated community. Inside this gated community, you have your own rules, access control, and security measures.
Why is it needed?
What it is?
A virtual network within the AWS cloud.
Example:
Think of a VPC as a gated community. Inside this gated community, you have your own rules, access control, and security measures.
Why is it needed?
- As open networks would expose resources to potential threats and unauthorised access, VPC provides a secure environment for your AWS resources.
- It isolates your AWS resources from the resources in other virtual networks.
Subnet
What it is?
A range of IP addresses in your VPC.
Example:
Within the gated community (VPC), there are different lanes or sectors. These are your subnets.
Why is it needed?
What it is?
A range of IP addresses in your VPC.
Example:
Within the gated community (VPC), there are different lanes or sectors. These are your subnets.
Why is it needed?
- As open networks would expose resources to potential threats and unauthorised access, VPC provides a secure environment for your AWS resources.
- It isolates your AWS resources from the resources in other virtual networks.
Route Table
What it is?
A set of rules that determine where network traffic is directed.
Example:
Think of the route table as road signs within your gated community directing traffic to different lanes or exits.
Why is it needed?
What it is?
A set of rules that determine where network traffic is directed.
Example:
Think of the route table as road signs within your gated community directing traffic to different lanes or exits.
Why is it needed?
- It helps in flow of data between the subnets and outside the VPC.
Internet Gateway
What it is?
A gateway allowing communication between resources in a VPC and the internet.
Example:
This is like the main gate of your gated community that connects you to the external world.
Why is it needed?
What it is?
A gateway allowing communication between resources in a VPC and the internet.
Example:
This is like the main gate of your gated community that connects you to the external world.
Why is it needed?
- It allows resources within your VPC to access the internet securely.
- Without an Internet Gateway, your VPC resources wouldn't be able to communicate with the outside world unless you set up a VPN or Direct Connect.
Network Address Translation (NAT) Gateway
What it is?
A managed service that enables instances in a private subnet to connect to the internet but prevents the internet from initiating a connection with those instances.
Example:
Imagine a one-way mirror at a security checkpoint within your gated community. People inside can look and go out, but those outside can't see or enter directly through it.
Why is it needed?
NAT Gateways are generally used in conjunction with private and public subnets. Instances in a private subnet that need to access the internet can have their traffic routed through a NAT Gateway residing in a public subnet.
What it is?
A managed service that enables instances in a private subnet to connect to the internet but prevents the internet from initiating a connection with those instances.
Example:
Imagine a one-way mirror at a security checkpoint within your gated community. People inside can look and go out, but those outside can't see or enter directly through it.
Why is it needed?
- Simply allowing direct two-way internet access to private resources would expose them to unnecessary risks.
- So, NAT Gateway allows outbound traffic (e.g., for updates, APIs) while maintaining the private nature of the subnet.
NAT Gateways are generally used in conjunction with private and public subnets. Instances in a private subnet that need to access the internet can have their traffic routed through a NAT Gateway residing in a public subnet.
Security Group
What it is?
A virtual firewall that controls inbound and outbound traffic for one or more instances.
Example:
Think of security groups as the security system installed in each house within the community.
Why is it needed?
What it is?
A virtual firewall that controls inbound and outbound traffic for one or more instances.
Example:
Think of security groups as the security system installed in each house within the community.
Why is it needed?
- Security groups are more instance-level security measures.
- Without security groups, you wouldn't have fine-grained control over the network traffic to and from your instances.
Elastic IP (EIP)
What it is?
A static, public IP address, that can be associated or dissociated to any of your AWS resources, on-the-fly.
Example:
Imagine having a reserved parking spot in a public area. You can use this spot whenever you want, and if you change cars, you can easily reassign the spot to the new car.
Why is it needed?
What it is?
A static, public IP address, that can be associated or dissociated to any of your AWS resources, on-the-fly.
Example:
Imagine having a reserved parking spot in a public area. You can use this spot whenever you want, and if you change cars, you can easily reassign the spot to the new car.
Why is it needed?
- The dynamic public IP address of a resource will change after restarting the resource/service. To avoid such a change in public IP, a fixed static public IP called Elastic IP can be associated to that resource.
Network Access Control (NAC) List
What it is?
As the name suggests, it is layer of security (acting as a firewall) for controlling network traffic in and out of a subnet.
Example:
These are like the security guards at each lane or sector within your gated community.
Why is it needed?
What it is?
As the name suggests, it is layer of security (acting as a firewall) for controlling network traffic in and out of a subnet.
Example:
These are like the security guards at each lane or sector within your gated community.
Why is it needed?
- They filter traffic based on IP protocol, port number, and source/destination IP address.
- Without NACLs, your subnets would be exposed to unauthorised or malicious traffic.