AWS VPC

Amazon Virtual Private Cloud (VPC) allows you to launch AWS resources in a logically isolated network. This cheat sheet provides an overview of VPC components and features, along with brief explanations.


Networking and IP Addressing


                                
  • CIDR Block: Defines the IP address range for your VPC (e.g., 10.0.0.0/16).
                     
  • Private IP: An internal IP assigned to instances within a VPC.
  • Public IP: An internet-routable IP assigned to instances in a public subnet.
  • Elastic Network Interface (ENI): A virtual network card attached to instances.
  • Elastic Load Balancer (ELB): Distributes incoming traffic across multiple instances in different subnets.
  • DNS Hostnames: AWS can assign domain names to instances for easier access.

Core Components

  • VPC: A logically isolated network in AWS where you can launch resources. Example: 10.0.0.0/16.
  • Subnet: A segment of a VPC's IP range where you place instances; can be public or private. Example: 10.0.1.0/24 (Public Subnet), 10.0.2.0/24 (Private Subnet).
  • Route Table: Defines the traffic routing rules within the VPC. Example: Destination: 0.0.0.0/0 -> Target: Internet Gateway (igw-12345678).
  • Internet Gateway (IGW): Allows communication between your VPC and the internet.
  • NAT Gateway / NAT Instance: Enables instances in a private subnet to access the internet while keeping them private.
  • Elastic IP (EIP): A static IPv4 address for use with AWS resources.
  • Security Group (SG): A virtual firewall controlling inbound and outbound traffic at the instance level.
  • Network ACL (NACL): An optional firewall that controls inbound and outbound traffic at the subnet level.
  • VPC Peering: Connects two VPCs privately, allowing traffic between them.
  • Transit Gateway: Connects multiple VPCs and on-premises networks through a central hub.
  • VPC Endpoints: Allows private access to AWS services without an internet connection.
  • DNS Resolution: Enables domain name resolution within a VPC.


Security & Connectivity

  • Security Groups (SG): Stateful firewall controlling traffic at the instance level.
  • Network ACLs (NACLs): Stateless firewall controlling subnet-level traffic.
  • AWS PrivateLink: Securely connects services across VPCs without exposing them to the internet.
  • Bastion Host: A secure instance used to connect to private instances via SSH or RDP.
  • VPN Connection: A secure link between AWS and on-premises networks.
  • Direct Connect: A dedicated network connection from your premises to AWS.

Traffic Routing & High Availability

  • Route Tables: Define how traffic is directed within the VPC. Example: Destination: 192.168.1.0/24 -> Target: VPC Peering Connection.
  • Multi-AZ Deployment: Distributes resources across different Availability Zones for redundancy.
  • Cross-Region Peering: Connects VPCs across different AWS regions.
  • Elastic Load Balancing (ELB): Enhances availability by distributing traffic among instances.
  • Auto Scaling Groups (ASG): Adjusts the number of instances based on demand.

Logging & Monitoring

  • VPC Flow Logs: Captures information about IP traffic in your VPC for analysis.
  • AWS CloudTrail: Records API calls made to VPC for security auditing.
  • Amazon CloudWatch: Monitors network performance and logs metrics.

Best Practices

  • Use least privilege for security groups and NACLs.
  • Keep private and public subnets separate for security.
  • Use VPC Endpoints to connect to AWS services securely.
  • Enable VPC Flow Logs to monitor network traffic.
  • Implement Multi-AZ deployments for high availability.



Comments

Popular posts from this blog

AWS Serverless Architecture