AWS VPC (Virtual Private Cloud) and Its Key Components

1. What is an IP Address?

An IP (Internet Protocol) address is a numerical label assigned to each device connected to a network. It allows devices to communicate with each other over the internet or within a private network. There are two types of IP addresses:

• IPv4 (Internet Protocol version 4): A 32-bit address written in four decimal-separated octets (e.g., 192.168.1.1). It allows approximately 4.3 billion unique addresses.
• IPv6 (Internet Protocol version 6): A 128-bit address written in hexadecimal notation (e.g., 2001:db8::1). It supports a vast number of unique addresses to accommodate future internet expansion.

2. What is a Subnet Mask?

A subnet mask is used to divide an IP address into network and host portions. It helps define the number of devices that can exist within a subnet.

Example of IP Address Calculation Using Subnet Mask

Consider an IP address 192.168.1.10 with the subnet mask 255.255.255.0:

• Network Portion: 192.168.1.0
• Host Portion: 0.0.0.10
• Usable IPs: 192.168.1.1 to 192.168.1.254
• Broadcast Address: 192.168.1.255

If we change the subnet mask to 255.255.255.128, the network splits into two:

• First Subnet: 192.168.1.0/25 (Usable IPs: 192.168.1.1 – 192.168.1.126)
• Second Subnet: 192.168.1.128/25 (Usable IPs: 192.168.1.129 – 192.168.1.254)

Subnetting helps efficiently allocate IP addresses, reducing waste.

3. What is VPC?

A Virtual Private Cloud (VPC) is a logically isolated section within AWS, where users can define their own virtual network, control IP address ranges, create subnets, and configure security settings.

Features of VPC

• Complete control over networking (IP addressing, routing, internet access).
• Custom security settings via Security Groups and Network ACLs.
• Subnetting for segregating resources.
• Integration with AWS services like EC2, RDS, Lambda, etc.

4. How VPC Works in AWS?

When a VPC is created in AWS, it provides:

1. CIDR Block: Defines the IP range for the entire VPC.
2. Subnets: Public and private subnets divide the network.
3. Route Tables: Directs network traffic between subnets and the internet.
4. Security Groups & Network ACLs: Control inbound/outbound traffic.
5. Internet Gateway (IGW): Enables internet access for public subnets.
6. NAT Gateway: Allows private subnet instances to access the internet securely.

5. What is CIDR?

Classless Inter-Domain Routing (CIDR) is a method used for allocating IP addresses efficiently. It replaces the old Class A, B, and C addressing system.

CIDR Example

A CIDR block 10.0.0.0/16 means:

• Network ID: 10.0.0.0
• Total IPs: 65,536 (2^(32-16))
• Subnet Possibilities: /24 Subnets: 256 networks with 256 IPs each. /28 Subnets: 4096 networks with 16 IPs each.

How CIDR Works with VPC

• When you create a VPC, you define a CIDR block (e.g., 10.0.0.0/16).
• Inside the VPC, you create subnets with smaller CIDR blocks (e.g., 10.0.1.0/24).
• Subnets are assigned to different Availability Zones (AZs) for redundancy.

6. What is a Subnet in VPC?

A subnet is a smaller division within a VPC. It helps organize resources and optimize performance.

Types of Subnets

1. Public Subnet: Has direct internet access via an Internet Gateway.
2. Private Subnet: No direct internet access, but can communicate through a NAT Gateway.
3. Dedicated Subnet: Used for specific AWS services like RDS or ElastiCache.

7. How Subnets Work with AWS Regions?

AWS divides its global infrastructure into Regions and Availability Zones.

• A VPC exists within a Region.
• Subnets are created within Availability Zones (AZs) for fault tolerance.
• Resources are distributed across multiple AZs for high availability.

8. What is a Route Table?

A Route Table determines how traffic is routed within the VPC. Each subnet must be associated with a Route Table.

Example of Route Table Entries

Destination Target 10.0.0.0/16 Local 0.0.0.0/0 Internet Gateway (IGW)

9. What is a Security Group?

A Security Group is a stateful firewall that controls traffic to AWS resources.

Security Group Rules

• Inbound Rules: Define what traffic is allowed to enter.
• Outbound Rules: Define what traffic is allowed to leave.

Example:

• Allow HTTP (80) & HTTPS (443) from anywhere.
• Allow SSH (22) only from a specific IP range.

10. What is an Internet Gateway in VPC?

An Internet Gateway (IGW) allows public instances in a VPC to access the internet. Without an IGW, instances in a public subnet cannot reach the internet.

How IGW Works

• Attach an IGW to a VPC.
• Modify the Route Table to route internet traffic (0.0.0.0/0) through the IGW.

11. What is a NAT Gateway?

A NAT (Network Address Translation) Gateway allows instances in a private subnet to access the internet without exposing them.

How NAT Gateway Works

1. Deployed in a public subnet.
2. Assigned an Elastic IP.
3. Private subnet instances route outbound traffic through the NAT.
4. Response traffic is translated and returned securely.

12. How VPC Components Interact

Scenario: Hosting a Web & Database Application

A company wants to host a website with a backend database securely. They set up:

1. VPC (10.0.0.0/16)
2. Public Subnet (10.0.1.0/24) for web servers.
3. Private Subnet (10.0.2.0/24) for database servers.
4. Internet Gateway (IGW) for public access.
5. NAT Gateway for private subnet updates.
6. Security Groups: Web Servers: Allow HTTP, HTTPS, SSH. Database Servers: Allow only MySQL (3306) from the web servers.
7. Route Table: Public Subnet → Internet via IGW. Private Subnet → NAT for outgoing requests.

Final Interaction

• Users access the website via Internet Gateway.
• Web servers communicate with database servers in private subnet.
• Database remains secure with no direct internet access.