Discover what type of network a VPC actually is in this video. AWS doesn't follow the standard rules of networking that you use on-prem.
- [Instructor] The term VPC is something that you're going to come up against many times when looking at Amazon documentation, and starting to build things in the Amazon Cloud. It's essential you know all the components of the VPC, and we're going to start off by defining just exactly what this term means. So networking at AWS is defined with the VPC. It's a virtual private cloud. Obviously it's in the cloud. It's in Amazon's cloud. Maybe not so obvious, it starts off as being private. We don't want it to be public unless we want it to be public. And it's virtual because it is software. Amazon is working at a scale that's much larger than most cloud providers, and they had to come up with a different design to satisfy customers that come into the cloud and leave the cloud at any time. So just what's a VPC? Is it a VLAN? Nope. VLANs can't scale out to be large enough for Amazon to offer them to customers that need hundreds, if not thousands of networks. They just are limited in how large they can grow. Is it MPLS? Nope, it's not MPLS. It's used for external connections outside of Amazon to a VPC, but Amazon is not using that. Or, we're not using it on our networking at AWS. What about a Layer 2 network? No, it's not a Layer 2 network. We don't get down to that level. So the Virtual Private Cloud by simplest definition is a Layer 3 network. We're talking about a private network space that you order. It's dedicated to your account. It's not shared with anybody else. It's logically separated from any other virtual network at Amazon, whether it's other ones that you build, or from other customers. We're talking about a subnet, and it could be a public subnet. It could be a private subnet. That's what's hosted initially by a VPC. You could have public subnets for public facing infrastructure like a SAS application. You could have private subnets hosting your databases, and you don't want any direct access to those databases. So a public subnet is accessible across the Internet. A private subnet, it's always remaining private. When we use computers at AWS, we're actually ordering and using EC2 instances. And this compute power, this virtual machine, is placed on a subnet. The subnet could be public. It could be private. It depends on your network design. Now, we're going to take a look at the essential VPC components that you need to know for working with networking, and potentially if you want to get certified. There's a lot of terms that you have to know about. So it might look like a lot. You may recognize some of these terms, but in the Amazon Cloud, they're a little different in how they're deployed. So we're not going to spend a lot of time on these terms right now. We're just going to highlight a couple of essential ones and move forward. So subnets, as we know, an essential component for the VPC. I might want to connect to my VPC. I'll have to have some sort of gateway connection, whether it's a public or private connection. When you build a VPC, there is always options. And the options are typically a default setting, and Amazon expects you to change those settings. You also might want connectivity. You might want to connect from work with a private VPN connection. You might want a high speed private connection, such as a Direct Connect connection. So there's a lot of terms here that make up the essential pieces when you're actually working with VPCs at AWS. Now, behind all of these components, somebody has to be in charge. And they've designed something called a mapping service. And this mapping service is responsible for knowing about everything that's going on on your network. After all, if the packets have to go from source to destination, how do they get there if it's a customized software defined networking environment? So IP addresses. For instances, for databases, for load balancers, the mapping service needs to know about all IP addresses. Internet gateways. Connecting to a public location across the Internet. Your packet might need to go there. Maybe your IP addresses are IP version 6, and you're going to use the Egress Gateway path. Maybe you're going to connect to OnPrem, so you'll use a private gateway connection. Maybe, as mentioned, you'll use a faster private connection, the Direct Connect connection. The reality is your packet flow in the VPC is controlled by all the information held by this central mapping service.
- Creating a VPC
- Creating subnets
- Default and custom route tables
- IP addressing
- Creating security groups
- Configuring an internet gateway
- Peering VPCs together
- Sharing VPC resources
- Creating flow logs for monitoring
- Controlling access with IAM roles
- Dedicated tenancy
- Using automation for compliance