Virtual Networks (VPC)
[!NOTE] This module explores the core principles of Virtual Networks (VPC), deriving solutions from first principles and hardware constraints to build world-class, production-ready expertise.
1. What is a VPC?
A Virtual Private Cloud (VPC) is a private, isolated section of a public cloud (like AWS, Azure, or Google Cloud) where you can launch resources in a virtual network that you define. It gives you the same control as a traditional data center but without the hardware management.
2. Components of a VPC
- Subnets: Dividing your VPC range (e.g.,
10.0.0.0/16) into smaller chunks. - Public Subnet: Has a route to an Internet Gateway (IGW).
- Private Subnet: No direct path from the Internet. Used for databases.
- Route Tables: A set of rules (routes) that determine where network traffic is directed.
- Security Groups: Virtual firewalls that control traffic at the Instance (VM) level.
- NACLS (Network ACLs): A second layer of security that controls traffic at the Subnet level.
3. VPC Peering
VPC Peering allows you to connect two VPCs (even in different accounts) so they can communicate using Private IP addresses as if they were on the same network.
- It does not travel over the public Internet.
- It is not transitive (If A peers with B, and B peers with C, A does not automatically see C).
4. Interactive: Public vs Private Routes
Route the traffic to the right gateway.
5. NAT Gateway
If a private subnet server (DB) needs to download an update from the Internet, how does it do it without being public?
- It sends traffic to a NAT Gateway in the public subnet.
- The NAT Gateway performs NAT and sends the request to the Internet.
- The Internet can never initiate a connection to the private server.