What is Amazon VPC?

Amazon Virtual Private Cloud (Amazon VPC) is a web service provided by Amazon Web Services (AWS) that allows you to create a logically isolated section of the AWS Cloud where you can launch and run AWS resources. In technical terms, Amazon VPC enables you to define a virtual network topology that closely resembles a traditional network infrastructure, such as a data center network, but with the benefits of AWS's scalable and flexible infrastructure.

Here are the key technical components and concepts associated with Amazon VPC:

  1. Subnets:
    • Within an Amazon VPC, you can create subnets, which are segmented IP address ranges within the VPC.
    • Each subnet must be associated with a specific availability zone in a chosen AWS region.
  2. Routing Tables:
    • Amazon VPC has routing tables that control the traffic between subnets.
    • You can customize these routing tables to define how traffic is directed within the VPC and to external networks.
  3. Internet Gateway:
    • An Internet Gateway (IGW) is a component that allows communication between instances in the VPC and the internet.
    • It is associated with a VPC and enables traffic to and from the internet.
  4. Virtual Private Gateway:
    • A Virtual Private Gateway (VGW) allows you to connect your VPC to your on-premises network through a Virtual Private Network (VPN) or Direct Connect.
  5. Elastic Network Interface (ENI):
    • ENIs are virtual network interfaces that can be attached to instances in a VPC.
    • They can have private and public IP addresses and can be moved between instances.
  6. Security Groups and Network Access Control Lists (ACLs):
    • Security Groups act as virtual firewalls for instances and control inbound and outbound traffic at the instance level.
    • Network ACLs are stateless and control traffic at the subnet level.
  7. Peering:
    • Amazon VPC peering allows you to connect one VPC with another VPC using private IP addresses.
    • Peering connections can be established within the same AWS region.
  8. Egress-Only Internet Gateway:
    • This is used for IPv6 traffic and allows outbound communication from instances in your VPC to the internet while preventing inbound traffic.
  9. NAT Gateway:
    • Network Address Translation (NAT) Gateway allows instances in a private subnet to initiate outbound traffic to the internet while preventing unsolicited inbound traffic.
  10. VPC Endpoints:
    • VPC endpoints allow you to privately connect your VPC to supported AWS services without requiring an internet gateway, VPN, or Direct Connect.
  11. VPC Flow Logs:
    • VPC Flow Logs capture information about IP traffic going to and from network interfaces in a VPC, helping with troubleshooting and security analysis.