Amazon Virtual Private Cloud (Amazon VPC)
Amazon Virtual Private Cloud (Amazon VPC) allows a developer to create a virtual network for resources in an isolated section of the Amazon Web Services cloud.
AWS users can connect to Amazon VPC through an Internet gateway, an on-premises data center through the Hardware Virtual Private Network (VPN) Connection tool or through a variety of AWS tools and other vendor VPCs.
Amazon VPC allows for more granular control of the cloud network, which provides an extra layer of security for workloads and data. A user can define network configurations such as IP address range as well as route tables and manage network gateways and subnets; subnets are smaller separate parts of the overall network. Amazon VPC enables a developer to create security groups to set limits on inbound and outbound traffic to Amazon Elastic Compute Cloud (EC2) instances and network access control lists to allow or deny traffic to subnets.
When creating an EC2 instance, users can assign an IP address to the instance -- as long as it is within the IP address range of the associated subnet, not assigned to another interface and not reserved by Amazon. VPC routers enable communication between instances in different subnets. Routers also allow subnets, Internet gateways and virtual private gateways to communicate with each other. Internet gateways allow instances to communicate with EC2 resources that reside outside of a VPC and in other regions. AWS also offers several options to connect EC2 instances within a VPC to Amazon Simple Storage Service.
AWS provides a "Start VPC Wizard," which presents four basic network architecture options that dictate whether subnets are public or private and whether the user prefers to have access through the Hardware VPN. VPCs can span multiple Availability Zones (AZs), but subnets must reside within a single AZ. A user can also deploy Amazon CloudWatch and Auto Scaling within an Amazon VPC to monitor resources and allow them to meet spikes in workload demand.
When AWS users first provision EC2 resources, they are launched within a default VPC if the subnet ID is left unspecified. Default VPCs offer the same level of security and network control as regular Amazon VPCs, but they allow a user to create and manage resources using the AWS Management Console, EC2-Classic command line or API.
AWS limits the size of each VPC; a user cannot change the size once the VPC has been created. Amazon VPC also sets a limit of 200 subnets per VPC, each of which can support a minimum of 14 IP addresses. AWS places further limitations per account / per region, including limiting the number of VPCs to five, the number of Elastic IP addresses to five, the number of Internet gateways per VPC to one, the number of virtual private gateways to five and the number of customer gateways to 50.