Lets understand the networking capabilities in cloud platforms which we called VPC.
Many of you who are new to this term could find this topic difficult or someone who are planning to transition into a devops engineer role they could find it difficult to understand as many of us dont have work experience in network technologies through this article i have tried to explain basic foundational knowledge about what is VPC how it works what are the components how you can set up your private network to secure your resources in the cloud .
When you want to set up a private, secure and isolated area in cloud platform where you can run you applications that’s where VPC comes into the picture.
A VPC is a virtual network that you creates in the cloud. It allows you to have your private network within the large network like little internet inside bigger internet.
Within this VPC you can create and manage various resources such as servers, databases and storage. This network is completely isolated from others user networks which keeps your application secure and protected.
Just like any physical network VPC has its own set of rules and configurations like you can define IP address for your VPC and span your network into subnetworks called subnet. You can connect a subnet to the internet, other VPCs, and your own data centers, and route traffic to and from your subnets using route tables.
With a VPC, you have control over your network environment. You can define access rules, set up firewalls, and configure security groups to regulate who can access your resources and how they can communicate
By default when you create an account on any cloud platforms like AWS,Azure,GCP these platforms will create a default VPC for you so that you can start launching services like AWS EC2 instances .You can also use services such as Elastic Load Balancing, Amazon RDS, and Amazon EMR in your default VPC.
VPC Components
a) Virtual Private Cloud (VPC)
A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. After you create a VPC, you can add subnets.
b) Subnets:
A subnet is a range of IP addresses in your VPC. A subnet must reside in a single Availability Zone. After you add subnets, you can deploy AWS resources in your VPC.
c) IP Addressing:
You can assign IP addresses, both IPv4 and IPv6, to your VPCs and subnets. You can also bring your public IPv4 and IPv6 GUA addresses to AWS and allocate them to resources in your VPC, such as EC2 instances, NAT gateways, and Network Load Balancers.
d) NACL (Network Access Control List) :
A Network Access Control List is a stateless firewall that controls inbound and outbound traffic at the subnet level. It operates at the IP address level and can allow or deny traffic based on rules that you define. NACLs provide an additional layer of network security for your VPC.
e) Security Groups:
A security group acts as a virtual firewall for instances (EC2 instances or other resources) within a VPC. It controls inbound and outbound traffic at the instance level. Security groups allow you to define rules that permit or restrict traffic based on protocols, ports, and IP addresses.
f) Routing:
Use route tables to determine where network traffic from your subnet or gateway is directed.
g) Gateways and endpoints: A gateway connects your VPC to another network. For example, use an internet gateway to connect your VPC to the internet. Use a VPC endpoint to connect to AWS services privately, without the use of an internet gateway or NAT device.
h) VPN Connectivity:
Connect your VPCs to your on-premises networks using AWS Virtual Private Network (AWS VPN).
Through this a short article i have tried to describe the basic understanding about VPC and the components which plays the important role in your VPC configurations .
For more detailed information about VPC you can read documentation on this link:
https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html