Saturday, June 24, 2017

AWS : VPC : Types

When creating a VPC from wizard there are 4 types
  1. VPC with a single public subnet
  2. VPC with Public and Private Subnet
  3. VPC with Public and Private Subnet & Hardware VPN Access
  4. VPC with Private subnet only & Hardware VPN Access
Please note
  1. VPC is one per region.
  2. One subnet is for One availability zone. 
  3. Default VPC : is one per region
  4. If you accidentally delete default VPC , you can raise request to create it.
There are ways to connect Multiple VPCs in multiple Regions 
  1. https://aws.amazon.com/answers/networking/aws-multiple-region-multi-vpc-connectivity
  2. https://blog.rackspace.com/part-3-how-to-build-fault-tolerant-cross-region-aws-virtual-private-cloud-communication
Let's see at difference

First : VPC with a single public subnet
Your instances run in a private, isolated section of the AWS cloud with direct access to the Internet. Network access control lists and security groups can be used to provide strict control over inbound and outbound network traffic to your instances



Second : VPC with Public & Pvt Subnet
In addition to containing a public subnet, this configuration adds a private subnet whose instances are not addressable from the Internet. Instances in the private subnet can establish outbound connections to the Internet via the public subnet using Network Address Translation (NAT).



We create a route in our VPC , that says … hey if any packet you don’t know where to send , then send it to NAT address.













Third : VPC with Public and Private Subnet & Hardware VPN Access
This configuration adds an IPsec Virtual Private Network (VPN) connection between your Amazon VPC and your data center - effectively extending your data center to the cloud while also providing direct access to the Internet for public subnet instances in your Amazon VPC


Fourth : VPC with Private Subnet only & Hardware VPN access


Your instances run in a private, isolated section of the AWS cloud with a private subnet whose instances are not addressable from the Internet. You can connect this private subnet to your corporate data center via an IPsec Virtual Private Network (VPN) tunnel.

 



No comments: