Paul Ligocki

AWS VPC Essentials

AWS Logo

AWS Essentials

AWS Logo

VPC

Virtual Private Cloud. Holds an IP Address space. It is a logical data center
VPCs consist of Internet Gateways, Virtual Private Gateways, Route Tales, Network Access Control Lists, Subnets and Security Groups.

Default VPCs come configured with

  • All subnets having a route to the internet
  • EC2 Instances getting assigned both a private and a public IP address

Route Table and Network ACL will automatically be created

New

Your VPCs > Create VPC

Internet Gateway

Allows resources inside the VPC to traverse onto the internet
You can only have one Internet Gateway per VPC

New

Virtual Private Cloud > Internet Gateway > Create Internet Gateway
Will be created in a detached state

Actions > Attach To PVC > Available VPCs > Attach Internet Gateway
To attach it to a VPC

Route Table

Rout Table is automatically created when you create a VPC. By default only a rule for local traffic exists.
In order to be able to reach the internet you need to add a route to the Internet Gateway

Virtual Private Cloud > Route Tables > Edit > Routes > Edit Routes > Add Route 
Target: 0.0.0.0/0
Destination: Internet Gateway

Edit

Virtual Private Cloud > Route Tables > Edit

Network Access Control List

NACLs are stateless.
Controls traffic between subnets and traffic between the internet
Default Network ALC is created at time of VPC creation

New

Virtual Private Clouds > Security > Network ACLs > Create Network ACL

Unlike the default NACL that is created at VPC creation time. Subsequent NACLs do not contain any default allow rules, so you need to create them. Remember they are stateless so need to create Inbound and Outbound

Subnets

Subnets are always in one availability Zones. Associate them with a NACL
AWS Reserves 5 IP addresses in every subnet

  • X.X.X.0: Network address.
  • X.X.X.1: Reserved by AWS for the VPC router.
  • X.X.X.2: Reserved by AWS. The IP address of the DNS server is the base of the VPC network range plus two. For VPCs with multiple CIDR blocks, the IP address of the DNS server is located in the primary CIDR. AWS also reserve the base of each subnet range plus two for all CIDR blocks in the VPC.
  • X.X.X.3: Reserved by AWS for future use.
  • X.X.X.255: Network broadcast address. AWS not support broadcast in a VPC, therefore AWS reserve this address.

New

Virtual Private Cloud > Subnets > Create Subnet
  • https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html

paulligocki