VPC:-
| VPC | A Virtual Private Cloud is a Virtual Network that closely resembles traditional Networking that you Operate in your Own Data Centre, with the Benefits of Using the Scalable Infra- Structure of Aws.
OR UPC is a Virtual Network or Data Centre inside AWS for One Client. → You Can however expand your VPC CIDR By adding New / Extra IP address ranges (Except Gor Cloud & Aws China). Step to create VPC: – Components of VPC: – |
VPC Type:-
| Default VPC | Default VPC: –
→ Created in Each AwS Region when an AWS Account is Created. |
| Custom VPC | Custom VPC: –
Is a VPC an AWS account Owner Creates. |
Subnet: –
| Public Subnet | → If a Subnet’s traffic is Routed to an Internet Gateway, the Subnet: is known as a Public Subnet! If you want Your instance in a Public Subnet to Communicate with the internet Over IPv4, it must have a public IPv4 address or an Elastic IP address. |
| Private Subnet | → If a Subnet does not have a route to the internet gateway, the Subnet is known as a Private Subnet.
→ When you Create a VPC, you must specify an IPv4 CIOR Block for the VPC. The allowed blockSize is Between /16 to /28 netmask. for eg – |
Route & Route table: –
| Route & Route table | → It is the Central Routing function. → It Connects the different AZ together and Connects the VPC to the Internet Gateway. → You Can have up to 200 Route tables per VPC. → You Can have up to 50 Routes Entries per Route Table. → Each Subnet must be associated with Only One Route table at any given time. → If you do not Specify a Subnet to Route table association, the Subnet will be associated with the default VPC Route table. → You Can also edit the Main Route table if you need, but you cannot delete the main Route Table. → However you Can make a Custom Route table manually become the main Route Table then delete the former main, as it is no longer the main Route table. → You can associate multiple Subnets with the same Route table. |
Internet Gateway: –
| Internet Gateway | → An Internet Gateway is a Virtual Router that connects a VPC’ to the internet. → Default VPC is already attached with – an Internet Gateway. → If you Create a new VPC then you must attach the Internet Gateway in order to access the Internet. → Ensure that your subnet’s Route table points to the Internet Gateway. → It performs NAT Between your private and Public IPv4 address. → Its Supports both IPv4 and IPv6. |
Net Gateway:-
| Net Gateway | You Can Use a Network address translation Gateway to enable instances in a private Subnet to Connect to the internet or Other AWS Services, but prevent the internet from initiating a Connection with those instances. → You are charged for Creating and Using a NAT Gateway in your account NAT Gateway hourly Usage and data processing rates apply Amazon EC2 Charges for data transfer also apply. → To Create a NAT Gateway, you must Specify the public Subnet in which the NAT Gateway should Reside. → You must also specify an Elastic IP address to associate with NAT Gateway When you create it → No need to assign a public IP address to your Private instance. → Net Gateway is always present in public Networks not in private networks. But it works for private networks to access the internet. → After you have created a NAT Gateway You must update the Route Table associated with one or more of your Private Subnets to point Bound Internet traffic to the NAT Gateway. This enables instances in your private Subnet to Communicate with the internet. → Deleting a NAT Gateway, disassociates its Elastic IP address but does not release the address from your account. |
Security Groups:-
| Security Groups | → It is a Virtual Firewall Works at ENI Level. → Upto 5 Security Groups per EC2 instance interface can be applied. → Can Only have permit Rules, Cannot have denied Rules. → Stateful, Return traffic, of allowed inbound traffic is allowed, even if there are no rules to allow it. → Security Groups work with Ec2 instance but NACL works with VPC. |
Network ACL:-
| Network ACL | → It is a function performed on the Implied Router. → NACL is an optional Layer of Security for your VPC that acts as a ? firewall for Controlling traffic in and Out of One or more Subnets. → Your VPC automatically Comes with a modifiable default Network ACL By default, it allows all inbound and Outbound IPv4 traffic and if applicable, IPv6 traffic. → You Can Create a Custom network ACL and associate it with a Subnet By default, Each Custom Network ACL denies all inbound and Outbound traffic until you add rules. → Each subnet in your VPC must be associated with a Network ACL of you don’t explicitly associate the Subnet with a Network ACL, the Subnet is automatically associated with the default Network ACL. → You Can associate a Network ACL with multiple Subnets, however, a Subnet Can be associated with Only One network ACL at a time. When you associate a Network ACL with a Subnet, the previous association is Removed. → A network ACL Contains a Numbered list of Rules that we evaluate in order, starting with the lowest numbered Rule. → The highest number that you can use for a Rule is 32766 Recommended that you start by Creating Rules with Rule Numbers that have a multiple of 100 so that you can insert new Rules where you need them later. → It functions at the Subnet Level. → ANACL is stateless, Outbound traffic for allowed inbound traffic must be explicitly allowed too. → You Can have the permit and deny Rules in an NACL. |
Diff SG&NACL:-
| Security Group
→ Operate at the Instance level. → Applies to an instance only. |
NACL
→ Operate at the subnet level. →It permits allow as deny rule. |
VPC Peering:-
| VPC Peering | → A VPC Peering Connection is a Networking Connection between two VPCs that enables you to route traffic between them Using Private IPv4 addresses or IPv6 addresses.
→ Instances in either VPC Can Communicate with Each Other as if they are within the same Network. → You Can Create a UPC Peering Connection Between your Own VPC, or with a VPC in another Aws Account. The VPC Can be in different Regions. |