DevOps Training
  • DevOps
  • What is DevOps
    • What DevOps Look like
    • Why DevOps Needed
    • DevOps Automation Tools
    • DevOps Principles
  • cloud computing
    • How DevOps links with Cloud Computing
    • What is cloud computing?
      • Platform as a service (PaaS)
      • Infrastructure as a service (IaaS)
      • Software as a service (SaaS)
      • Function as a Service
      • SaaS, PaaS, IaaS
  • Version Control
    • Git as Version Control
      • Setting up Remote Repo
      • Git Hooks
      • github vs gitlab vs bitbucket
      • Quick Recap Git
  • DevOps #01 Continuous Integration
    • Continuous Integration & Continuous Delivery
      • Understanding CI Tools
      • Prerequisite
      • Continuous Integration
      • CI Tools
      • Travis-CI
        • Travis CI with S3
        • Static Site Build S3
        • Beanstalk with AWS CLI
          • Elastic Beanstalk with Travis CI
        • Travis using Code Deploy EC2
          • Github and Code Deploy
          • Travis CI with Code Deploy
      • Gitlab-CI
        • CI Setup for application
        • Gitlab Runners on EC2
        • CI Integration with AWS
          • Deploying App using Gitlab CI
          • Gitlab CI with AWS S3
          • Gitlab CI with ECS
          • CI Integration with EC2
            • Update and Clean Gitlab.yml
        • Install Gitlab on EC2
      • CI/CD using Jenkins CI
        • Jenkins Build on EC2
        • Jenkins Build EC2 Ubuntu
        • Jenkins CI/CD
          • Create a Build Item
          • Create a Build Pipleine
            • Pipeline Using Docker
            • Pipeline Examples
          • Jenkins CI with S3
            • Jenkins CI - S3
          • Jenkins CI with EC2
    • Jenkins CI Cluster Mode
    • AWS Code Pipeline CI/CD
      • AWS CI/CD Tools
        • AWS Code Build
        • AWS Code Deploy to Beanstalk
        • AWS Code Deploy to EC2
        • AWS Pipeline - Example CI/CD
  • Docker
    • Docker
      • Docker for Developers
        • Install and setup
        • Docker Commands
        • Docker Images Container
        • Docker Architecture
    • Docker Demos
      • Node JS Container
    • Docker-compose
      • Using Docker Compose
      • Docker Compose Demo
  • AWS Quick Refresh
    • AWS Quick Recap - Videos
    • AWS Quick Recap
  • AWS Architecture - Lab
    • Application Deployment - 01
    • Application Deployment - 02
    • Application 3 tier Architecture
  • Basic Networking
    • Computer Networking for Beginners
      • Basic of Networking
      • Networking Protocols
      • OSI Model
      • Network address and Host address
      • Subnetting Type
    • Network Architecture
    • Networking Layers OSI Model
    • Internet protocol
      • CIDR and subnetting
        • Examples
      • AWS VPC Subnets
  • VPC and Networking
    • AWS VPC
    • VPC Demo
      • Bastion Host | Jump Server
  • AWS Components
    • AWS Components In Depth
      • AWS Storage
        • AWS EBS
        • AWS Cloudfront
        • AWS S3
      • AWS Compute
        • ECS
        • AWS VPC
          • VPC Components
        • AWS EC2
        • AWS ELB
          • Application Load balancer
            • Example
        • AWS EC2 Auto Scaling
          • Demo
        • AWS Route 53
        • AWS Lambda Serverless
          • AWS Lambda Serverless Computing
  • Assignments
    • Assignment 01-Node JS app on EC2
    • Assignment 02-Node JS with Mysql
    • Assignment-03
  • Microservices
    • Microservices Architecture
      • Docker and Docker-Compose
      • Docker-Compose Example 01
      • Docker-Compose Example 02
      • Hand-on | Building Microservices
    • Architecture Components
  • AWS ECS
    • AWS ECS
      • Introduction of ECS
Powered by GitBook
On this page

Was this helpful?

  1. VPC and Networking

AWS VPC

PreviousAWS VPC SubnetsNextVPC Demo

Last updated 5 years ago

Was this helpful?

Here is best description in this Video about VPC and we are going through this step by step here

These are my written notes on the lesson, so this may be a bit difficult to dissect at parts, but I certainly recommend exploring the video further for more in depth lessons on the subject matter. I left “bookmark” links below each of the snapshots to encourage further exploration.

Virtual Private Cloud

The default VPC contains over 65,000 private IPs… so why not use it? If you instead create a custom VPC, it is more secure and you can customize (define your own IP address range, create your own public and private subnets, tighten down security settings).

Can be between your VPCs or other VPCs. VPC A wouldn’t be able to communicate with VPC B or C without a peering connection. Transitive peering does not work, meaning that VPCs need to be directly peered in order to be connected.

If you delete the default VPC, you have to contact AWS support to get it back again!

“When you launch a new instance it’s given a private IP address and an internal DNS Hostname that resolves to the private IP address of the instance. But if you want to connect to this over the internet, it’s not going to work. So then you’d need a public IP address which is reachable from the internet. You can use public IP addresses for communication between your instances and the internet. Each instance that receives a public IP address is also given an external DNS hostname.

An elastic IP address is a static or persistent IP address that’s allocated to your account and can be associated to and from your instances as required.

Can now see the VPC has internet attached:

Before our instances can have access to the internet, we need to make sure that our subnet route tables point to the internet gateway.

Every VPC has a default route table. It’s good practice to create a new one to practice with customization.

Above, the main route table is for the locally connected private subnet, which is the default (not connected to the internet). Above, the custom route table is used for the public subnet, connected to the internet gateway, and therefore the internet.

This is where you edit/create a route table and connect it to an internet gateway:

Then, visit “subnet associations” and associate the Public subnet with the route table you just created.

A NAT device forwards traffic from your private subnet to the internet, or other AWS services, and then sends the response back to the instances. When traffic goes to the internet, the source IP address of your instance is replaced with the NAT device and when the internet traffic comes back again, then that device translates the address to your instance’s private IP address.

A NAT Instance is launched from a NAT AMI [Amazon Machine Image] and runs as an instance in your VPC, so it’s something else you have to look after. Whereas, in a NAT Gateway, a fully managed service, you can basically install it and forget about it.

NAT Gateway must be launched into a public subnet because it needs internet connectivity.

Our diagram with security groups:

Now, for Network ACLs

Our diagram with Network ACLs:

As always, thank you for reading! If you’d like to connect, I’ll leave my information below. I thrive in my work only by meeting and learning from new people.

“By default, instances you launch into a VPC can’t communicate with your own network.” So you can connect your VPC to your own data center using . “So that you can effectively extend your data center into the cloud and create a hybrid environment”

To do this, you need a . On the left side (labelled ‘virtual private gateway’) is the on the Amazon side. Then on your side, you need a customer gateway, which is either a physical device or a software applicate that sits on your side of the VPN connection. A VPN Tunnel comes up when traffic is generated from your side of the connection.

Also, VPCs with overlapping cannot be peered. These are fine because they have different domain ranges, but if they didn’t there would be a problem.

are IP Addresses not reachable over the internet. They are used for communications between instances in the same network.

are associated with your instances from the Amazon pool of public IP addresses. When you stop or terminate your instance, the public IP address is released, and a new one is associated when the instance starts. So if you want your instance to retain this public IP address, you need to use something called an .”

in 20 for Subnets. These preserve up to 4096 IP addresses per subnet. Subnets are always mapped to a single availability zone (see below)

It is good to spread VPCs over availability zones for and purposes. You use Public Subnets for things that must be connected to the internet, such as web servers. Private Subnets either don’t need the internet, or are things you want to protect from the internet, such as database instances.

To attach your VPC to the internet, you need to attach an , and you can only attach one internet gateway per VPC.

[network address translation devices] allow you to give a private subnet to the internet, without allowing the internet to access that subnet.

A is recommended by AWS because it is a provided service that gives more bandwidth than . Each NAT Gateway is created in a specific availability zone and is implemented with redundancy.

Hardware VPN Access
Virtual Private Gateway
VPN concentrator
CIDRS
Private IP Addresses
Public IP addresses
Elastic IP Address
Default Net Mask
redundancy
failover
Internet Gateway
NAT devices
NAT Gateway
NAT Instances