DEV Community

Budiono Santoso for AWS Community Builders

Posted on • Edited on

Networking on AWS — Amazon Virtual Private Cloud (VPC)

Amazon VPC

Hello everyone. I am Budi want to write about networking on AWS. AWS has a networking service — Amazon VPC. Amazon VPC are secure, less time setting network and can manage control in your virtual private cloud. Amazon VPC is integrated with other AWS services like Amazon EC2, Amazon RDS and many more.

Go to Networking & Content Delivery section and click VPC. My VPC journey is beginning. Click Create VPC. My VPC is located in North Carolina (us-west-1). One region has a maximal 5 VPC only.

VPC only means creating VPC only without creating subnet, internet gateway and route table. While VPC and more are created VPC with create subnet, internet gateway and route table by automatic create. Choose to create VPC and more.

About IPv4 CIDR block and IPv6 CIDR block, you can read this link. Availability Zones (AZ) are several zones in one region. For example, North Carolina (us-west-1) has 2 AZ and North Virginia (us-east-1) has 6 AZ. If you curious about AZ, you can read this link.

If you want to create a web application, you can use a public subnet for EC2 and a private subnet for RDS. You can read about the public subnet and private subnet on this link.

This is VPC visualization for creating VPC and more. VPC are connected to subnet, route table and internet gateway (network connections).

VPC visualization

Then, NAT gateway is Network Address Translation service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC, but external services cannot initiate a connection with those instances. You can read about NAT Gateway on this link.

While VPC endpoint is connected to services powered by AWS PrivateLink, including many AWS services. Click Create VPC.

VPC

After clicking View VPC, click the Subnet section. The subnet in VPC means the range of IP addresses in VPC. Subnets have three types:

  1. Public subnet — can connect to the internet with an internet gateway or egress-only internet gateway.

  2. Private subnet — cannot connect to the internet, but if you want can connect to the internet, must have a NAT gateway.

  3. VPN-only subnet — needs a Site-to-Site VPN connection with a virtual private gateway. VPN = Virtual Private Network.

Click filter subnets based on VPC values. You can see how to filter subnets based on VPC. You also can create a subnet if you want to add another subnet.

Subnets

Click subnet ID budionosan-vpc-subnet-public1-us-west-1a.

The public subnet has 2 routes — local and internet gateway because public subnet need internet gateway for can connect to internet.

Click subnet ID budionosan-vpc-subnet-private1-us-west-1a.

The private subnet has one route because private subnet cannot connect internet. Private subnet recommended for databases. But still can connect to internet and need NAT gateway.

Then click the Route Tables section. Route table means to determine where network traffic from the subnet or is directed. For example, one route table has several routes like local target or internet gateway or many more.

Click filter route tables based on VPC values. You also can create route tables if you want to add other route tables.

Route tables

Then click the Internet gateway section. Internet gateway means can connect VPC to internet. Click filter internet gateway based on VPC values. You also can create internet gateway if you want to add other internet gateway.

Then go to the Security section. Click security group. Security group means controls the traffic that is allowed to reach and leave the resources in VPC. If you want to know about security group, you can read this link.

Click filter security group based on VPC values. You also can create security group if you want to add another security group. Click security group ID sg-066…

This security group connected with VPC (name budionosan-vpc), has one inbound rule and one outbound rule. Scroll down to see inbound rules and click edit inbound rules.

If you want to add a rule, can click Add rule. Choose a type like All traffic, TCP, UDP, IPv4, IPv6, SSH, DNS, HTTP, HTTPS, MySQL, Redshift, PostgreSQL and many more. Input source address. If done, click save rules. Outbound rules are also the same way as inbound rules.

If need security group again, can click create security group for AWS services. Fill in the security group name and description. Choose VPC with click X then choose VPC for this security group.

When create security group, inbound rules are not available. But can create inbound rule with click Add rule.

Choose all traffic and choose source 0.0.0.0/0 and ::/0 but this step is not best practice/recommended. This step is for learning only and can edit again to match needs. For example, Amazon RDS MySQL can choose MySQL/Aurora type and Amazon Redshift can choose Redshift.

After setting the security group, click create security group.

Source/reference you can read about Amazon VPC:

  1. Amazon VPChttps://aws.amazon.com/vpc

  2. Amazon VPC docsWhat is Amazon VPC? — Amazon Virtual Private Cloud

Thank you for reading this article :)

Top comments (0)