Here are the key insights about VPC in AWS in a Q&A format:
What is a VPC in AWS?
A Virtual Private Cloud (VPC) is a virtual network dedicated to an AWS account. It allows launching AWS resources in a private virtual network.
What are the key components of a VPC?
- Subnets - Range of private IP addresses
- Route tables - Rules for network traffic routing
- Internet gateway - Attach to VPC for internet access
- VPC endpoints - Private connection to AWS services
- CIDR blocks - IP address allocation
Can a VPC span multiple regions?
No, a VPC is limited to a single region. To connect VPCs across regions, you need to use VPC peering.
What is a public subnet?
A subnet associated with a route table that directs internet traffic to an internet gateway is called a public subnet. Resources here get public IP addresses.
What is a private subnet?
A private subnet uses a NAT gateway to allow outbound internet access but does not assign public IPs to resources. Inbound internet access is not allowed.
How can resources in a private subnet access the internet?
Resources in a private subnet can access the internet by using a NAT Gateway. The route table directs internet traffic to the NAT gateway.
How can you connect a VPC to other AWS services?
You can create an VPC Endpoint to privately connect your VPC to supported AWS services like S3, SNS etc. Traffic stays within the AWS network.
What is a security group in AWS?
A security group acts as a virtual firewall to control inbound and outbound traffic for resources. It has rules to allow/deny traffic.
How can you test connectivity in a VPC?
Use the VPC Reachability Analyzer to test connectivity between resources and troubleshoot issues.
ref:
- https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
- https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario1.html
- https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html
internet_gateway <---> public_subnet
Nat gateway:
```mermaid
flowchart LR
internet <---> nat_gateway
nat_gateway <---> private_subnetrouting table: routing table is attached to subnet ![[Pasted image 20210702170207.png]]
aws regions:
In AWS a region is a separate geographical area where you might want to deploy your service. ==A region is split up into separate isolated physical datacentres called availability zones. Each region has at least two availability zones.==
- follow the tutorial to create stack
-
Configuring VPC Subnet Allocation of Public IP Addresses (AWS) | Iguazio
how to assign ==public ip== to a vpc subnet
![[Pasted image 20210702180209.png]]
vpc peering tutorial
vpc reachability analyzer
![[Pasted image 20210705141045.png]]
-
how to add a nat-gateway to a vpc ?
ref: Set up a NAT Gateway
- Create a public VPC subnet to host the NAT gateway. The route table for the subnet should contain a route to the Internet through an Internet gateway.
- Provision an unattached Elastic IP address (EIP) to your account. You’ll need to associate this IP address with the NAT gateway.
- Update the route table of the private subnet hosting the EC2 instances that need Internet access. The route table should be updated to direct Internet-bound traffic to the NAT gateway.
-
how can you connect a VPC to amazon services like sns/s3/aws ?
by creating an endpoint
Create Endpoint | VPC Management Console
- What is security group ? Security groups for your VPC - Amazon Virtual Private Cloud
![[Pasted image 20210630171546.png]]
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic.
Basically firewall?
- what is VPC ?
VPC tied everything together
![[Pasted image 20210630172047.png]]
This is the networking part, think virtual routers
What is Amazon VPC? - Amazon Virtual Private Cloud
The following are the key concepts for VPCs: Virtual private cloud (VPC) — A virtual network dedicated to your AWS account. Subnet — A range of IP addresses in your VPC. Route table — A set of rules, called routes, that are used to determine where network traffic is directed. Internet gateway — A gateway that you attach to your VPC to enable communication between resources in your VPC and the internet. VPC endpoint — Enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network. For more information, see AWS PrivateLink and VPC endpoints. CIDR block —Classless Inter-Domain Routing. An internet protocol address allocation and route aggregation methodology. For more information, see Classless Inter-Domain Routing in Wikipedia.
- can vpc cross region?
no
- what is target local ?
A gateway route table supports routes where the target is local (the default local route) ![[Pasted image 20210630174043.png]]
-
how to distinguish between public and private subnet( and assign IGW and nat gateway accordingly ?
vpc -> subnets-> auto -assign ip public ip v4 address
![[Pasted image 20210702181232.png]]
-
hohw to setup a public subnet in VPC ?
ref:VPC with a single public subnet - Amazon Virtual Private Cloud
- to rds
![[Pasted image 20210630174221.png]]
- How to test?
prompt:"""you are an expert technical writer, list out insights about the topic from above context in a form of Q/A list:
topic: things I learned for VPC
while doing so, please do:
- for the line with #card tag in context, turn it into a question and add it to the output Q/A List,
- turn the highlighted content in markdown( marked between ==) in context in to Q and A
- turn notes in context in to Q and A
- answer the questions in the context, add it to the output Q/A list
- the format for each insight should be like following:
## title of insight, should be a question
answer of the question, use markdown format, use table and lists to make it easier for reader to understand;
when generating code, add proper language code after ``` for proper syntax highlighting.
- at the bottom the whole article, create a references section
title: title for the article description: 1~2 sentence summary for the whole article, be as concise as possible, direct to the point ref: note down the urls referenced in the insights if there is any;
You are the master of brevity, be as concise and to the point possible. reply answers only. """