- The VPC is automatically created in your account.
- New EC2 instances are launched into the default VPC if no subnet is specified.
- It has Internet connectivity and all EC2 instances within this will have public IPv4 addresses.
- We also get a public and private IPv4 DNS name.
- In the default subnet, it uses subnet mask /20 this can also give 4091 IPs addresses (2^(32-20) - 5 usable addresses)
- Stands for Virtual private cloud
- You can have multiple VPCs and an AWS region (max 5 per region - soft limit can request more by ticket)
- Max CIDR per VPC is 5, for each CIDR: Min size is /28 (16 IPs) Max size is /16 (65536 IPs)
- Because VPC is private, only Private IPv4 ranges are allowed.10.0.0.0/8172.16.0.0/12192.168/16
- Your VPC CIDR should not overlap with your other networks so that we can peer to other VPCs or on-premise networks in the future
- AWS reserves 5 IP addresses (the first 4 and the last) in each subnet.
- For example, if the CIDR block is 10.0.0.0/24 then reserved IP addresses are
- 10.0.0.0 for Network address
- 10.0.0.1 - VPC router
- 10.0.0.2 - for DNS
- 10.0.0.3 - for future use.
- 10.0.0.255 - Network Broadcast Address. AWS does not support broadcast in VPC, therefore the address is reserved
- There are two types of subnets: public subnet and private subnet
A public subnet is a subnet that has a route to an internet gateway, allowing resources?within?the subnet to communicate directly with the internet. Here are some key characteristics and use?cases for?public subnets:
- Internet Access: Instances in a?public subnet?can send?and?receive traffic from?the internet.
- Route Table: The?route table?associated with?a public?subnet must have?a?route that directs traffic?to?the internet gateway.
- Elastic IPs: Instances in?a public?subnet can?have?public IP addresses?or Elastic IPs assigned to?them.
- Web Servers: Hosting web?servers?that need to?be accessible from the internet.
- Bastion?Hosts: Setting?up bastion hosts?for secure?SSH/RDP?access to?instances?in private?subnets.
- Load Balancers: Deploying?internet-facing?load balancers to?distribute traffic?to?backend instances.
A private subnet?is?a subnet that?does not?have?a?route to an internet gateway, meaning?resources?within?the subnet cannot?communicate?directly with the?internet. Here are some key?characteristics and?use cases?for private subnets:
- No Direct Internet?Access: Instances?in?a?private subnet cannot?send?or receive traffic directly?from?the Internet.
- Route?Table: The?route table?associated with a?private?subnet does?not have a?route?to the internet?gateway.
- NAT Gateway/Bastion?Host: To?allow instances in a?private?subnet to access?the internet?(e.g., for software?updates), you?can use a?NAT gateway or?a bastion?host in a?public?subnet.
- Databases: Hosting?databases that should?not?be directly?accessible from the?internet.
- Application?Servers: Running application servers that?only need?to communicate with other?internal?resources.
- Backend Services: Deploy backend?services that process?data?and?do?not?require?direct internet access.
Project Team Leader @ CNV Loyalty | Database Administrator | Problem Solving
2 个月Love this