- Cloud & AWS Fundamentals
- What is Cloud Computing
- Cloud Service Models: IaaS, PaaS, SaaS
- Deployment Models: Public, Private, Hybrid
- AWS Global Infrastructure (Regions, AZs, Edge Locations)
- IAM, Accounts, Billing
- Identity & Access Management (IAM)
- Amazon EC2 β Virtual Servers
- EC2 Instances
- AMI, Instance Types
- Security Groups, Key Pairs
- Elastic IP
- EC2 Pricing
- Auto Scaling
- Load Balancer (ALB, NLB, CLB)
- Hands-on Activities: Launch an EC2 instance, Host a website, Set up auto-scaling group
- Amazon S3 β Storage
- Buckets, Objects
- Versioning
- Lifecycle Policies
- S3 Storage Classes
- S3 Encryption
- Static Website Hosting
- Transfer Acceleration
- Object Lock
- Hands-on Activities: Host static website, Automate backup using lifecycle rules
- Databases
- RDS
- DynamoDB
- Aurora
- Networking & Security
- VPC (Virtual Private Cloud)
- Hands-on: Create custom VPC, Deploy public & private EC2
- Route 53
- Serverless Computing
- AWS Lambda
- API Gateway
- Step Functions
- Containers & Orchestration
- ECS
- EKS
- Docker Basics
- DevOps on AWS
- CI/CD pipelines
- CodeCommit
- CodeBuild
- CodeDeploy
- CodePipeline
- Infrastructure as Code β CloudFormation
- AWS Systems Manager
- Monitoring β CloudWatch
- Logging β CloudTrail
- AWS Cloud Security
- AWS WAF
- Shield
- KMS
- Secrets Manager
- Certificate Manager
- Best Security Practices
- Big Data & Analytics
- Amazon Redshift
- Kinesis
- EMR
- Athena
- Glue
- Data Lake concepts
- Machine Learning on AWS (Basics)
- Amazon SageMaker
- Rekognition
- Polly
- Textract
- Comprehend
- Automation & Infrastructure Tools
- Terraform
- CloudFormation
- CDK
- AWS Cost Management
- Cost Explorer
- Trusted Advisor
- Budgets
- Pricing Models
- Reserved Instances
- AWs - Conclusion
VPC (Virtual Private Cloud)
AWS VPC (Virtual Private Cloud)
A Virtual Private Cloud (VPC) is one of the most foundational and critical services in Amazon Web Services (AWS). It allows users to logically isolate a section of the AWS Cloud, create their own virtual network, define IP ranges, configure routing, set up subnets, attach gateways, and secure workloads using network ACLs, security groups, and advanced firewalling features. For anyone learning AWS, understanding VPC concepts is essential for mastering cloud architecture, cloud security, hybrid connectivity, and modern application deployments. This detailed guide explains VPC in a simple and comprehensive manner, suitable for beginners, students, and cloud professionals preparing for AWS certifications.
Introduction to AWS VPC
An AWS Virtual Private Cloud is a customizable networking environment inside AWS. Think of it as your own private data center inside the cloud. Everythingβfrom EC2 instances to RDS databases, Lambda functions with VPC access, to container applicationsβcan be hosted inside a VPC.
Why VPC is Important
Every AWS service that requires networking depends on VPC. It provides:
- Full control over IP addressing
- Security and access control
- Public and private network segmentation
- High-availability architecture
- Connectivity from on-premises to cloud
- Scalability and isolation
Components of VPC
1. VPC CIDR Block
The CIDR block defines the IP range of your Virtual Private Cloud. Most commonly used ranges include:
- 10.0.0.0/16
- 172.16.0.0/16
- 192.168.0.0/16
Example VPC creation using CLI:
aws ec2 create-vpc --cidr-block 10.0.0.0/16
2. Subnets
Subnets are subdivisions of a VPC. They help distribute workloads across multiple Availability Zones (AZs). Subnets are of two types:
- Public Subnets β connected to the Internet via Internet Gateway
- Private Subnets β isolated from the Internet, used for databases, internal apps
3. Route Tables
Route tables determine how traffic flows within the VPC. Each subnet must be associated with a route table.
A typical route table for a public subnet includes:
Destination: 0.0.0.0/0
Target: Internet Gateway
4. Internet Gateway (IGW)
An IGW enables communication between VPC resources and the Internet. Only subnets attached to a route pointing to IGW are considered public subnets.
5. NAT Gateway / NAT Instance
NAT (Network Address Translation) allows private subnet resources to access the Internet for updates or package downloads while keeping them inaccessible from outside.
- NAT Gateway β Fully managed, scalable, highly available
- NAT Instance β Older approach, requires manual management
6. VPC Peering
VPC Peering connects two VPCs so they can communicate. It supports cross-region and cross-account communication.
7. VPC Endpoints
VPC Endpoints allow private communication with AWS services without traversing the public Internet.
- Interface Endpoints β powered by ENI
- Gateway Endpoints β for S3 and DynamoDB
8. Security Groups
Security groups act as virtual firewalls for EC2 instances. They are stateful, meaning return traffic is automatically allowed.
9. Network ACLs (NACLs)
NACLs provide an additional layer of security at the subnet level. They are stateless.
10. Egress-Only Internet Gateway
Used for IPv6 outbound communication while preventing inbound traffic.
VPC Architecture
A standard multi-AZ, highly available VPC design includes:
- One VPC with a /16 CIDR block
- Two or more public subnets
- Two or more private subnets
- NAT Gateway in public subnet
- Internet Gateway attached to VPC
- Route table segregation
Example Architecture Code (Terraform Style)
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}
resource "aws_subnet" "public" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.1.0/24"
map_public_ip_on_launch = true
}
Security Layers Inside VPC
Security Groups
- Stateful firewalls
- Operate at instance-level
- Allow rules only
NACLs
- Stateless
- Subnet-level operation
- Support allow and deny rules
Public vs Private Subnets
Public Subnet Use Cases
- Web servers
- Load balancers
- Bastion hosts
Private Subnet Use Cases
- Databases
- Application servers
- Internal microservices
Hands-On: Creating a Basic VPC
1. Create VPC
aws ec2 create-vpc --cidr-block 10.0.0.0/16
2. Create Subnets
aws ec2 create-subnet --vpc-id vpc-12345 --cidr-block 10.0.1.0/24
aws ec2 create-subnet --vpc-id vpc-12345 --cidr-block 10.0.2.0/24
3. Create Internet Gateway
aws ec2 create-internet-gateway
aws ec2 attach-internet-gateway --vpc-id vpc-12345 --internet-gateway-id igw-12345
4. Route Table
aws ec2 create-route-table --vpc-id vpc-12345
aws ec2 create-route --route-table-id rtb-12345 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-12345
5. Associate Route Table with Subnet
aws ec2 associate-route-table --route-table-id rtb-12345 --subnet-id subnet-12345
Advanced VPC Concepts
1. VPC Flow Logs
VPC Flow Logs capture IP traffic going in and out of interfaces. Logs can be stored in S3 or CloudWatch.
2. Transit Gateway
Transit Gateway enables large-scale network connectivity between multiple VPCs and on-prem networks.
3. VPN and Direct Connect
These services allow hybrid cloud connectivity.
VPC
- Always create subnets across at least two Availability Zones
- Use private subnets for applications and databases
- Enable VPC Flow Logs for monitoring
- Use VPC Endpoints to securely access AWS services
- Restrict public access using Security Groups and NACLs
- Use NAT Gateway instead of NAT instance
- Implement least privilege access
VPC
- Difference between Security Group and NACL?
- What is the purpose of NAT Gateway?
- How does VPC Endpoint work?
- How to design a multi-AZ VPC?
AWS VPC is the backbone of cloud networking. It provides isolation, security, high availability, and full control over network topology. Whether you are building small applications or large enterprise systems, understanding VPC architecture and its components is crucial. This detailed guide covered VPC fundamentals, advanced features, security, best practices, and hands-on examples to help you gain clarity and confidence when working with cloud networks.
