VPC
VPC simply stands for virtual private network. A VPC provides network level isolations to resources launched within it, which means all our resources will be located in our own network.
By deafult AWS will provide a default VPC for our use, but for small and medium use cases we can create our own VPC per region. Resources located in two VPCs can't communicate with each other using their private IP addresses. But it is possible to connect two VPCs and make that happen, which is referred as VPC peering.
In above example, I have created a single VPC with mutliple subnets spreaded accross 3 avaialability zones in one region. This VPC uses the 10.0.0.0/16 address space, allowing us to use the address space starting like 10.0.x.x. The IP addresses we are going to use within the VPC are all private. These private IP addresses are in different private subnets. These cannot be used in internet publically.
For example,
Range | From | To |
10.0.0.0/8 | 10.0.0.0 | 10.255.255.255 |
172.16.0.0/12 | 172.16.0.0 | 172.32.255.255 |
192.168.0.0/16 | 192.168.0.0 | 192.168.255.255 |
Above table shows some of the IP address ranges that can possibly use in both VPC and other subnets. How does these vailes are deterimed? This is determined using the subnet mask. This is further explained in the below table.
Range | Network mask | Total addresses | Description | Examples |
10.0.0.0/8 | 255.0.0.0 | 16,777,214 | Full 10.x.x.x range | 10.0.0.1, 10.100.200.21 |
10.0.0.0/16 | 255.255.0.0 | 65538 | Ideal for small and medium VPCs | 10.0.5.1, 10.0.20.1, 10.0.200.5 |
10.1.0.0/16 | 255.255.0.0 | 65538 | Ideal for small and medium VPCs | 10.1.4.3, 10.1.40,200, 10.1.211.1 |
10.0.0.0/24 | 255.255.255.0 | 256 | All addresses within from 10.0.0.0 - 10.0.0.255 | 10.0.0.1, 10.0.0.20, 10.0.0.200 |
10.0.1.0/24 | 255.255.255.0 | 256 | All addresses within from 10.0.1.0 - 10.0.1.255 | 10.0.1.1, 10.0.1.20, 10.0.1.200 |
10.0.0.5/32 | 255.255.255.255 | 1 | Single host | 10.0.0.5 |
Again, if we look at the diagram above, we can notice that out VPC is covering 3 availability zones. These availability zones has 2 subnets in each, one public and one private. Subnet main-public-2 has the address space 10.0.2.0/24, wich means it has 256 public IP addresses (- the IP addresses reserved by AWS) ranging from 10.0.2.0 to 10.0.2.255. Subnet main-private-1 has the address space 10.0.4.0/24, wich means it has 256 public IP addresses (- the IP addresses reserved by AWS) ranging from 10.0.4.0 to 10.0.4.255.
Public subnets are connected to the internet gateway and theose will get assigned public IP addresses. Resources within the private subnetes are not accessible from the internet. But, resources within the public subnets can access the resources within private subnets because these are in the same VPC, given that the firewall rules are allowed this.
Typically, public subnet can be used to place internet facing resources such as load balancers and application servers. Private subnets are more suitable for databases and other backend services that does not have any purpose on enabling public access.
Last updated
