Loading...
 
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.

Amazon Virtual Private Cloud (VPC)

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.1

References

Advantages

By launching your instances into a VPC instead of EC2-Classic, you gain the ability to:2

  • Assign static private IPv4 addresses to your instances that persist across starts and stops
  • Optionally associate an IPv6 CIDR block to your VPC and assign IPv6 addresses to your instances
  • Assign multiple IP addresses to your instances
  • Define network interfaces, and attach one or more network interfaces to your instances
  • Change security group membership for your instances while they're running
  • Control the outbound traffic from your instances (egress filtering) in addition to controlling the inbound traffic to them (ingress filtering)
  • Add an additional layer of access control to your instances in the form of network access control lists (ACL)
  • Run your instances on single-tenant hardware

NAT Device

You can use a NAT device to enable instances in a private subnet to connect to the internet (for example,
for software updates) or other AWS services, but prevent the internet from initiating connections with
the instances. A NAT device forwards traffic from the instances in the private subnet to the internet or
other AWS services, and then sends the response back to the instances. When traffic goes to the internet,
the source IPv4 address is replaced with the NAT device’s address and similarly, when the response traffic
goes to those instances, the NAT device translates the address back to those instances’ private IPv4
addresses.3

AWS offers two kinds of NAT devices—a NAT gateway or a NAT instance. We recommend NAT gateways,
as they provide better availability and bandwidth over NAT instances. The NAT Gateway service is also
a managed service that does not require your administration efforts. A NAT instance is launched from a
NAT AMI. You can choose to use a NAT instance for special purposes.4

Accessing a Corporate or Home Network

You can optionally connect your VPC to your own corporate data center using an IPsec AWS Site-to-Site
VPN connection, making the AWS Cloud an extension of your data center.5

A Site-to-Site VPN connection consists of a virtual private gateway attached to your VPC and a customer
gateway located in your data center. A virtual private gateway is the VPN concentrator on the Amazon
side of the Site-to-Site VPN connection. A customer gateway is a physical device or software appliance
on your side of the Site-to-Site VPN connection.6

2 Amazon Virtual Private Cloud - User Guide
3 Amazon Virtual Private Cloud - User Guide
4 Amazon Virtual Private Cloud - User Guide
5 Amazon Virtual Private Cloud - User Guide
6 Amazon Virtual Private Cloud - User Guide
Last edited by MichaelAlber .
Page last modified on Wednesday May 1, 2019 17:03:35 UTC.