From the course: VPC Networking on AWS: Configuration, Security, and Connectivity

What is a VPC? - Amazon Web Services (AWS) Tutorial

From the course: VPC Networking on AWS: Configuration, Security, and Connectivity

Start my 1-month free trial Buy for my team

What is a VPC?

- [Instructor] In this lesson, we're going to look at the concept of a virtual private cloud and describe, just what is A VPC? It's pretty essential at AWS because it's your network, the isolated network for you, the customer, a virtual network, virtual resources, supporting your application stacks. And the only component you're going to find in the virtual private cloud is an EC2 instance. Well, what type of instances? They could be Windows, Linux, or Mac servers, i.e. the web servers or application servers, or potentially appliances. Maybe you've got your Cisco appliances that you're using to protect your application. Everything runs on an EC2 instance, including your databases. Perhaps you have a SQL or NoSQL or it's a custom deployment. The database has compute. Therefore, the compute is an EC2 instance. It's hosted in the virtual private cloud. Containers? You may not think of containers of running on EC2 instances, but Docker, Kubernetes, OpenShift, anything supported by AWS is going to be running on an EC2 instance. That's the term to get used to. The features of the virtual private cloud include subnets, IP addresses and route tables. Subnets are important because some resources you want to make available to the end user, such as maybe access to your application. But maybe your application, you want it to be hidden in private subnets accessible from the internet, but not directly accessible. So subnets are important, and we have to look at how many subnets we need. If I have an EC2 instance, I have to talk to it, I have to communicate with it. Therefore, there's an IP address that I communicate with. As the end user, I don't think of it that way, but every EC2 instance has to be identified, therefore, it can be protected or access can be granted. And finally, route tables giving me the paths of where am I allowed to go? Am I allowed to, as an EC2 instance, go to the internet or talk from one EC2 instance to another EC2 instance? So these components are going to be threaded throughout many lessons in this course. If we look at the architecture of our network, our virtual private cloud, we're going to pick an area of the world where we're operating in. Our use case is operating in California, so they're going to be looking for a region pretty close to California, and there is a region in Northern California. They create their virtual private cloud. Remember from the use case, we wanted this to have high availability, be always available. Therefore, their network is going to be hosted across what's called an availability zone. Two physical locations. If one physical location goes down, the other one will remain up. Maybe I want three availability zones. That's a possibility, as well. My application, I want it to be secure. It's going to be hosted using private subnets, and there are my EC2 instances complete with elastic network adapters. How to communicate with those instances? Well, I need an IP address, either IP version 4 or IP version 6. The logos, the graphics that you're seeing on screen, are the official AWS graphics, and you can use these to design your architecture and understand where everything fits together. This is bedrock architecture at a minimum for running an application at AWS. Other features to consider are gateways. Perhaps you need internet access to the application, or maybe your administrators or your customers on-prem need access to the resources privately, using a VPN connection. Perhaps you need access to the AWS services from within AWS. Perhaps you want to create endpoints that securely allow you to access different Amazon services across the AWS network. The use case that we're using for this class might expand outside of California. They might, over time, have multiple VPCs in different parts of the world, and maybe they have to connect them together so they would have to peer their networks together. Another major feature that might be useful over time as a network expands. Other features that will be used in any network are the analysis of the network traffic, creating a flow log to capture that network traffic, both incoming and outgoing, egress ingress, and see whether or not there's a potential problem. You also might be using connections from your on-premises resources to the AWS Cloud, creating VPN connections. These are bedrock or basic features that every network is going to utilize that's hosted at AWS.

Contents