VPC — Virtual Private Cloud
Over the years, I have used cloud services on diffrent ocassions from most of the major vendors — Microsoft, Google and Amazon. I know what is public, private or hybrid cloud but never had a chance to setup one by myself in any of the cloud environments. Having the theoratical concept, it always intimidated to setup a VPC by myself. Recently, I had an opportunity to work on a project where I had to setup the infrastrucutre in AWS from the scratch including the VPC. So, today we are going to talk about the VPCs on AWS cloud.
As with all the cloud services, AWS manages with underlying infrastrucute and network components of the VPC. All the network hardware will be transparent from the end-users. Contrary to the traditional approach, where one had to initially genearate a request to purchase the hardware, get it installed and configure it, which took ages to have a VPC in place. Cloud VPC is can configured in few seconds and you can have your services ready to use in few mintues.
Most of the cloud providers have different availability zones to offer higher availability and reliability. So, a VPC has one or more subnets where each subnets exist in an availability zone. Then you can have multiple resources (ec2 instance) in a subnet. Having said that, if we have mutilple subnets in different availability zones, it will provide the redundacny for the infrastrucutre. Fig 1. shows that redundant architecture with instances in two different availability zones.
Let’s follow the wizard to create a new VPC as shown in the above diagram with a public and a private subnet. We will also need to configure the NAT gateway for our private subnet to have access to the internet. Public subnet will have both inbound and outbound access to the internet. On AWS console, go to VPC dasbhoard and select launch VPC.
You will see the view as in Fig 2. You can select the IP settings, no of availability zones, number of public and private subnets based on the availability zones and other settings. Once you clicke the create, it should create a VPC, 4 subnets, 3 route tables and 2 network connections as shown in the figure 2.
Each subnet will have an associated route table which shows that how the internet traffic will flow for that specific subnet e.g. only private network or traffic can be both public network as well as private network. You see all of the created resources from the left hand side navigation and change their settings accrodingly.
Next step is to launch the ec2 instances inside the already created subnets. There are twos ways to create the instance, either from the console or using the aws cli. Use the follow command to create an ec2 inside a specific subnet
aws ec2 run-instances --subnet-id subnet-xyz123dummyid --image-id ami-123randomid --instance-type t2.microSimilarly, once you go to the console and launch ec2 dashboard, select launch instance. You will be able to specify the name, application and OS image, specify the instance type and choose key pair as well.
Now, we can launch instances in the same way in the other subnets as well to complete our infrastrucutre settings as shown in Fig.1.
Once we have configuration complete, we need to make sure how our VPC is accessible and connected with other VPCs across the globe. AWS offers two ways, Direct connect — expensive but provides low latency, and VPN connection. VPN connection is encrypted connection over the internet and have two variations — virtual private gateway and transit gateway. Virtual private gateway enables you to establish a VPN tunnel with only one VPC. On the other hand, Transit gateway is much more robust and allows to connect multiple VPCs together. So, we will use the transit gateway to cofigure that connection.
So to summarize, VPCs enables you to build a virtual network in the cloud — no VPNs, hardware, or physical datacenters required. One can define their own network, and control how the network and the Amazon EC2 resources inside the network are exposed to the Internet. It is also easy to leverage the enhanced security options in Amazon VPC to provide more granular access to and from the Amazon EC2 instances in the virtual network.
