What is VPC, Subnet in AWS

Question

What are AWS VPCs (virtual private clouds)? What practical purposes do they serve? Is it mandatory to launch instances within a VPC?

What are the subnets and why are they necessary? Do subnets correspond to a particular region?

Answer 1

At a high level, you can think of a VPC in AWS as a logical container that separates resources you create from other customers within the Amazon Cloud. It is you defining a network of your own within Amazon. You can think of a VPC like an apartment where your furniture and items are analogous to databases and instances. The walls of your apartment isolate and protect your things from being accessible to other tenants of the apartment complex.

Subnets would then be analogous to the different rooms in your apartment. They are containers within your VPC that segment off a slice of the CIDR block you define in your VPC. Subnets allow you to give different access rules and place resources in different containers where those rules should apply. You wouldn't have a big open window in your bathroom on the shower wall so people can see you naked, much like you wouldn't put a database with secretive information in a public subnet allowing any and all network traffic. You might put that database in a private subnet (i.e. a locked closet).

Answer 2

Amazon Virtual Private Cloud (VPC) is a logical data center or virtual data center in Cloud. Its provide an isolated section to host your machine.VPC is a collection of the region, Internet Gateway(IG), Route table, ACL, Security group, Subnet, Instances.VPC provides us a completely separate environment where we can place our machine in our own way. only one internet gateway per VPC.

As you can see VPC is a collection of the internet gateway, Router, Network ACL, EC2, Subnet, route table, etc. Let's have a quick look at the individual.

Region: Amazon EC2 is hosted in multiple locations worldwide. These locations are composed of Regions and Availability Zones. Each Region is a separate geographic area. Each Region has multiple, isolated locations known as Availability Zones. Amazon EC2 provides you the ability to place resources, such as instances, and data in multiple locations.

Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses. Route tables contain a set of rules, called routes, that are used to determine where network traffic is directed. Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table.

Network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.VPC automatically comes with a modifiable default network ACL. By default, it allows all inbound and outbound IPv4 traffic and, if applicable, IPv6 traffic. One subnet can only connect with a single ACL but a single ACL can have multiple subnets.

Subnetwork or subnet is a logical subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting.AWS provides two types of subnetting one is Public which allow the internet to access the machine and another is private which is hidden from the internet.

Instance is a virtual server in the AWS cloud. With Amazon EC2, you can set up and configure the operating system and applications that run on your instance.

For more details please refer my medium post https://medium.com/@das.ranbir/create-a-secure-aws-vpc-architecture-fd4aeb0f0b25