AWS VPC - Essentials
Welcome to Cloud101
AWS VPC is the first thing you need to think about when you are moving your business applications to AWS cloud. In simple terms, VPC is an isolated network similar to a LAN that you operate in your home, school or office. It allows to put resources (servers or other managed AWS services) in a secure network. You can then plan your VPC by adding other components like subnets, gateways and routing tables. It is important to plan your VPC carefully to run your business-critical applications.
Subnets - Subnets allows your VPC to slice into multiple manageable small networks across an IP address range. Subnets can have other components attached to them to control access to outside internet for your resources. This is the second component you need to plan after creating your custom VPC.
Internet Gateways and NAT Gateways - These 2 components can play critical role in configuring subnets for internet access. IG (Internet Gateway) allows your resources to have internet access and also make your subnets public. NAT, on the other hand, makes resources to access outside internet and restrict the outside systems initiate internet access to your resources. You need to configure these after finishing the subnets for your VPC.
Routing Tables - Routing tables, as the name suggests, are tables that contains rows of mapping declarations for routing traffic. You must have properly configured routing table for your resources to receive and send traffic to other parts of the system or even outside networks.
Flow Logs (Monitoring) - If you want to look at what is happening in your network, you need to configure flow logs in your VPC. For most of the scenarios, your applications may already have their own logging mechanism, to makes your life easy. If you want to monitor the network traffic at the lowest level, you can configure flow logs and use other services like S3 to store and analyse the traffic. Think about adding flow logs when you are dealing network heavy applications that work on the lower networking protocols. For running web apps and databases, you are good with the logging configuration that usually comes with those.
Security Groups (Security) - Security groups are like firewalls among your resources within or out of your subnets. They are frequently modified and sometimes created in numbers upwards 100s in order to make your resources talk to each other. So, understanding them is essential to configure your apps with best possible security.
Conclusion.
Understanding the VPC is the most critical part of moving your business applications to cloud. Look at my DeepDive videos to get demo of creating and configuring a custom VPC.