Skip to main content
HashnodeTECH SPOT

Command Palette

Search for a command to run...

VPC (Virtual Private Cloud)

Published
3 min read
B
bharath chandanala

What is a VPC in AWS?

A Virtual Private Cloud (VPC) is like a private, isolated network inside AWS where you can launch your resources (EC2, RDS, etc.) securely.

  • It gives you full control over networking (IP ranges, subnets, routing, firewalls).

  • By default, it is isolated from the internet unless you explicitly allow access.

Analogy: VPC as a Private Neighborhood

  • AWS Cloud = A big city.

  • VPC = Your gated community in that city.

  • Subnets = Individual streets or blocks inside your community.

  • Instances (EC2) = Houses in those streets.

  • Security Groups & NACLs = Security guards and boundary walls controlling entry/exit.

  • Internet Gateway = Main entrance to connect your community to the outside world (internet).

  • NAT Gateway = A side gate for internal people to go out but outsiders can’t come in.

  • Route Tables = Maps telling how to reach places.

Key Components of a VPC

Here are the main building blocks:

1. CIDR Block

  • A range of private IP addresses for your VPC (e.g., 10.0.0.0/16).

  • You choose this range when creating the VPC.

2. Subnets

  • Logical subdivisions of your VPC.

  • Two types:

    • Public Subnet → Accessible from the internet (has route to Internet Gateway).

    • Private Subnet → No direct internet access (used for databases, backend).

  • Example:

    • Public Subnet: EC2 instance with a public IP for a web server.

    • Private Subnet: RDS database instance.

3. Internet Gateway (IGW)

  • Connects your VPC to the internet.

  • Without IGW, your resources cannot talk to the internet.

4. Route Table

  • Controls traffic routing inside the VPC.

  • Example:

    • If 0.0.0.0/0 → Internet Gateway, then internet access is allowed.

5. NAT Gateway

  • Allows outbound traffic from private subnets to the internet (for updates, API calls).

  • But does not allow inbound traffic from the internet.

6. Security Groups (SG)

  • Like firewall for EC2 instances.

  • Stateful: If inbound traffic is allowed, outbound is automatically allowed.

  • Example: Allow inbound HTTP (port 80) and SSH (port 22).

7. Network ACLs (NACLs)

  • Stateless firewall for subnets (operates at subnet level).

  • You must explicitly allow both inbound and outbound traffic.

8. Elastic IP (EIP)

  • A static public IP that you can attach to an EC2 instance in a public subnet.

9. Endpoints

  • Allows private connection to AWS services (like S3, DynamoDB) without using the internet.

10. Peering & Transit Gateway

  • VPC Peering → Connect two VPCs.

  • Transit Gateway → Connect multiple VPCs and on-prem networks.

How Traffic Flows in VPC

  1. Your EC2 in a public subnet gets a public IP + route to IGW → Internet access.

  2. EC2 in a private subnet uses NAT Gateway → Internet.

  3. Without NAT or IGW → No internet.

Diagram (Mental Picture)

      +------------------- VPC (10.0.0.0/16) -------------------+
      |                                                         |
      |  Public Subnet (10.0.1.0/24)         Private Subnet    |
      |  [ EC2 Web Server ] -------- IGW      [ RDS DB ]       |
      |    Security Group                NAT GW                |
      |                                                         |
      +---------------------------------------------------------+

Benefits of VPC

  • Full control over IPs and networking.

  • Secure environment for your resources.

  • Customizable for public/private architectures.

  • Scales with your AWS setup.

✅ Common Use Cases

  • Hosting a web application with a public web server and private database.

  • Building a secure microservices architecture.

  • Hybrid cloud setups (connect on-prem to AWS via VPN or Direct Connect).

#aws#vpc#cloud

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

TECH SPOT

6 posts