AWS Virtual Private Cloud (VPC) – Anatomy

Hi ! Folks today we will be touching one of core and important concept in AWS infrastructure named Virtual Private Cloud.
VPC is the tech which helped in wide spread AWS cloud adoption. In layman terms VPC is like having your own data centre, but in cloud.

Let’s talk about important constituent of a VPC.

  • Subnets – which houses compute resources, could be public/private.
  • Internet Gateways (IG) – helps connecting to the internet
  • Route Table – routing config for the traffic.
  • Security Groups – attaches to resources allows/denies traffic inside
  • NACL – attaches to subnets, restricts traffic inside/outside.

We also have other resources in VPC which are used in particular scenarios

  • NAT Instances – provides access to internet for the instances in private subnet.
  • NAT Gateway – scaled version of NAT instances can handle more traffic (45Gbps).
  • VPC Endpoints – can be used to connect to AWS services without using internet. Of two types – Interface/Gateway.
  • Bastion Host – a hardened EC2 instance used to connect to private subnet resources.

For logging purpose we have

  • VPC Flow logs – logs entire VPC activity covers subnet and network interface flow logs as well.
  • Subnet Flow logs – logs entire subnet level covers network interface.
  • Elastic Network Interface Flow logs – most granular level.