This Total Seminars course covers the exam certification topics. For information on additional study resources—including practice tests, lab simulations, books, and discounted exam vouchers—visit totalsem.com/linkedin. LinkedIn Learning members receive special pricing.
This course was created by Total Seminars. We are pleased to offer this training in our library.
Skill Level Intermediate
- We're now ready to talk about one of the key logical constructional components in AWS, and that's called the virtual private cloud or VPC. Now the virtual private cloud is something that is very important to understand, because it can be confusing to people when they first begin to look at it. So the first thing we're going to do is kind of clear up some of those misconceptions that often come in when dealing with VPC in AWS. Oh my these acronyms, let's deal with that issue. First of all, this is not your momma's Microsoft VPC. So you may have heard of Microsoft VPC it stood for Microsoft virtual PC way back in the late 90s it first came out and it was available throughout the first part of the last decade of this millennium. And the reality is that it's not what we're talking about at all. So this is that problem you get into when you've learned one acronym and you have to find out later on it means something different. So we're not talking about a virtual PC. We're talking about a virtual private cloud. Now, I like to define that word virtual or virtually to me the word virtually and followed by private or anything else, means not really private or anything else. Think about it. You're on your way to grandma's house. You're five years old. The trip seems to be taking forever. And you say to your parents, are we there yet? And they say, well we're virtually there. And what that means is we're not really there. Or if someone says, this is virtually the only place in the country where you can buy this product, it means it's not the only place in the country where you can buy the product. Otherwise they would have said, this is the only place, right? So virtually replace it with not really, and you kind of get right to the core of the way things really are. So a virtual machine is not really a machine. It's a simulated or emulated machine within software. Virtual reality is not really reality. It's reality simulated in some way. And a virtual private cloud is not really a private cloud. It's the public cloud in AWS but with security around it, to give you virtual privacy. So that's the way to think about it. It is like a personal data center in the cloud. So it's like taking your data center with all your different servers, all your different storage units, everything that you would have in your data center, put that all up in the cloud as virtual things, and you have a virtual private cloud. You can have VPN connections to the VPC, so that you can access this VPC from within your own local data center, or from your local computers. So the VPC is a virtually private cloud stands for virtual private cloud, but just remember not really private it's on the internet, but it's protected with security. Now, what does it really provide to us? Well, applications run in the VPC or on-premises. So we can have applications that we run on our local servers or that we run on our local workstations or laptops that talk to the virtual private cloud. They talk to our application logic that's in the cloud, and utilize the application logic from there. We can create subnets within the VPC as well. So just like on your local network, you can have different subnets. So you can have 192.168.1.X, be one sub-net and 192.168.2.X be another sub net. You can do that same kind of thing within the VPC. You have both public subnets and private subnets. Public subnets are subnets that you might think of like your DMZ in the old days on your local network, where that demilitarized zone or DMZ had servers like web servers and email servers and things that needed to be public facing. And then you have your private subnet where it's just your internal stuff. The only things that are there are things that only people on the inside need access to or that you control access to from the public side. So that is to say maybe the web server on the public side needs access to a database server on the private side, but it's got to go through some secure channel in order to make that happen. So you have public subnets and you have private subnets. Now what you can do, is you can use Direct Connect to provide connections between VPCs or between your local network and a VPC. And those connections will be VPN connections. The concept of a VPN uses that word virtual again, right? Virtual private network. So it's not really a private network, It's a virtual private network. What that means is it's a public network connection that uses encryption. So we can use Direct Connect, that's the VPN technology to create those connections. And remember they can be between VPCs or they can be between your local network and a VPC. And multiple VPCs can be directly connected within the AWS cloud using something called VPC peering. So this allows us to connect them together in the cloud, so that resources from one VPC can be used in the other VPC and vice versa. Now in order to set that up, you have to have owners involved at both ends of this connection. And we'll talk more about that a little later on when we get into VPC peering in more detail. Now the other thing to keep in mind is that you can create endpoints within the VPC. I want to reiterate, VPC is a logical construct because this gets really confusing. We're not talking about a single machine or instance or anything like that now, we're talking about a logical construct that is the entire virtual private cloud network. And you can have endpoints in the VPC that are used to connect to Amazon resources. Those endpoints can be controlled by policies. So for example, one endpoint can connect to one resource like AWS Glacier, and another endpoint can connect to another resource like Amazon S3. So you have the option of interconnecting your VPCs with outside Amazon managed services that aren't technically in the VPC, because the VPC is about instances and it's about EBS volumes and things that are inside of the VPC. Whereas your S3 Buckets, they're really not technically in the VPC and your Glacier store is not technically in the VPC, but an endpoint can get you connection to those services. So here's yet another term in AWS that can be confusing. We're used to the term endpoint meaning some device on the network. I could say my laptop is an endpoint. We could also call it a node. Those were two common terms we use for that device. We could say that a server was an endpoint. Why? Because it was the endpoint of a connection chain through the network from a client to a server. So the old way of thinking of an endpoint is some device at the end of a link. But now an endpoint is instead an endpoint for the service, it's kind of like a jumping off point or a termination point, depending on the direction you're thinking of it, by which we connect to a service. So don't let the old use of the term endpoint confuse you about how AWS is using it now. Now it's very important to know there is a default virtual private cloud. Every time you create an AWS account, as soon as you've created it, even a free tier account, you have a default VPC. And each instance that you create, remember an instance is a virtual server. Each instance that you create is created by default in the default VPC. So there's one in each region that's built for you, that way as you deploy things in a region, you have a virtual private cloud in that region. And Amazon recommends never deleting it. Even if you decide not to use it, they recommend not deleting the default VPC. Because of some configuration elements that hook into it and so forth. So you might immediately start creating your own virtual private clouds that you're going to really use for everything you're building an AWS, but you still shouldn't delete the default VPC. Now there are features within the VPC that you need to know about, like dynamic private IPs and public IPs. So you have the ability to have dynamic IPs generated for all the instances within that VPC. You can have AWS-provisioned DNS names. So all of these instances will have a provided DNS name for those devices. So you don't have to remember their IP address. You also have private or public DNS names that can be used instead of AWS-provisioned, because the AWS-provisioned DNS names, honestly aren't very human friendly and they can be challenging to use. So sometimes you want to create your own DNS names that are more human friendly and easier to use. 'Cause it's a lot easier to get to myserver27-totalseminars.aws.amazon.com than it is to get to a long string of numbers and some other character and then some more numbers, and the same domain name. It's very cryptic and confusing. So using your own private and public DNS can really help to resolve a lot of that and give you an easier system to manage. As you can see, there's a lot to VPC and we've really just begun our exploration of it. We're going to look at some of the details of these different components that we've talked about, and see how you actually work with the virtual private cloud in later episodes.