AWS - Virtual Private Cloud

Default Virtual Private Cloud

IPv4 CIDR -- Classless Inter-Domain Routing
- when we create an AWS account, a default VPC is created.
- IPv4 CIDR range /16 --- 172.31.0.0/16: 65,536 Private IPs

default Network ACL [Access Control Lists] - allows inbound/outbound traffic

IPv4 Subnet Mask Cheat Sheet

Create Subnet
aws ec2 create-subnet --vpc-id vpc-0d8353c51322e38e8 --cidr-block 192.168.2.0/23 --availability-zone us-east-2a --profile mamidi.dev.admin

aws ec2 create-tags --resources subnet-0bdfe2dbc391a3968 --tags Key=Name,Value=demo-priv-a --profile mamidi.dev.admin

Create Route table

aws ec2 create-route-table --vpc-id vpc-0d8353c51322e38e8 --profile mamidi.dev.admin

Associate RT with Subnet

aws ec2 associate-route-table --route-table-id rtb-0e0c8323e56b5f72a --subnet-id subnet-0bdfe2dbc391a3968 --profile mamidi.dev.admin

Name the RT

aws ec2 create-tags --resources rtb-0e0c8323e56b5f72a --tags Key=Name,Value=demo-priv-rt --profile mamidi.dev.admin

Adding IGW to public subnet

Create IGW

aws ec2 create-internet-gateway --profile mamidi.dev.admin

Add Name to IGW

aws ec2 create-tags --resources igw-0587198c8c30e54a7 --tags Key=Name,Value=demo-igw --profile mamidi.dev.admin

Attach IGW to VPC

aws ec2 attach-internet-gateway --internet-gateway-id igw-0587198c8c30e54a7 --vpc-id vpc-0d8353c51322e38e8 --profile mamidi.dev.admin

Create a new Route for pub route table, so that it points to IGW

aws ec2 create-route --route-table-id rtb-0b66f361a96dacc1c --destination-cidr-block 0.0.0.0/0 --gateway-id igw-0587198c8c30e54a7 --profile mamidi.dev.admin

Configure NAT Gateway Service for private subnets

NAT Options in AWS

Configure VPC Endpoint for S3

PrivateLink - Enables private access to AWS services

VPC Endpoint Benefits
- Private access
- Lower latency
- Simplified network configuration
- Improved security posture
- Available for growing list of services