VPC — Virtual Private Cloud

VPC is your own isolated network in the cloud. Before we understand, VPC in detail let’s look at region & availability zones first.

• Regions: VPC belongs to a region(only one region). For eg. us-east-1, us-west-2 etc..
• Availability zones: Region can be subdivided into different zones. Availability Zones are distinct locations that are engineered to be isolated from failures in other Availability Zones. By launching instances in separate Availability Zones, you can protect your applications from the failure of a single location. By launching instances in separate Availability Zones, you can protect your applications from the failure of a single location.

A VPC spans all of the Availability Zones in the Region. The following diagram shows a new VPC. After you create a VPC, you can add one or more subnets in each Availability Zone. A VPC itself is assigned range of IP address when you create it.

Subnets: A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a specified subnet. Use a public subnet for resources that must be connected to the internet, and a private subnet for resources that won’t be connected to the internet.

Internet Gateway: Internet Gateway allows the access of resources from the VPC to the internet and vice versa.

An internet gateway enables resources in your public subnets (such as EC2 instances) to connect to the internet if the resource has a public IPv4 address or an IPv6 address. Similarly, resources on the internet can initiate a connection to resources in your subnet using the public IPv4 address or IPv6 address. For example, an internet gateway enables you to connect to an EC2 instance in AWS using your local computer.

Public vs private subnets

If a subnet is associated with a route table that has a route to an internet gateway, it’s known as a public subnet. If a subnet is associated with a route table that does not have a route to an internet gateway, it’s known as a private subnet.

Router : A subnet can be associated with a router. Router determines how routing will be done inside the VPC. If route to internet gateway is present in the router, then it can also route to the internet gateway.

The VPC implicitly comes with a router, and we use route tables to control where network traffic is directed. Each subnet in your VPC must be associated with a route table, which controls the routing for the subnet (subnet route table). You can explicitly associate a subnet with a particular route table. Otherwise, the subnet is implicitly associated with the main route table. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same subnet route table.

Each route in a table has two fields destination and a target. For example, consider the below route table,

The destination for the route is 0.0.0.0/0, which represents all IPv4 addresses. The target is the internet gateway that’s attached to your VPC.
Every route table contains a local route for communication within the VPC. This route is added by default to all route tables. If your VPC has more than one IPv4 CIDR block, your route tables contain a local route for each IPv4 CIDR block. If you’ve associated an IPv6 CIDR block with your VPC, your route tables contain a local route for the IPv6 CIDR block. You cannot modify or delete these routes.