VPC (Virtual Private Cloud)

First of all, it is better to clear the basic concepts about Internet Protocol.

An IP (Internet Protocol) address is a numerical label assigned to each device connected to a computer network using the Internet Protocol for communication. It serves two primary purposes: identifying the host or network interface and providing a location address for routing data packets across networks.

Types of IP addresses:

1. IPv4 (Internet Protocol version 4):

   • 32-bit numerical addresses written in the form of four decimal numbers separated by periods (e.g., 192.168.0.1).

   • Each octet (decimal number) represents 8 bits, allowing for approximately 4.3 billion unique addresses.

2. IPv6 (Internet Protocol version 6):

   • 128-bit numerical addresses written in hexadecimal format separated by colons (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334).

   • Developed to address the limitations of IPv4 and provide a vastly larger address space (approximately 340 undecillion unique addresses).

3. Public IP Address:

   • Assigned to devices directly accessible over the internet, unique globally.

   • Used by web servers, email servers, and other publicly accessible devices.

4. Private IP Address:

   • Used within a local area network (LAN) and not accessible directly from the internet.

   • Reserved for use within private networks.

   • Divided into three main classes:

     • Class A:

       • Range: 10.0.0.0 to 10.255.255.255

       • Allows for a large number of hosts in a single network.

       • Subnet mask: 255.0.0.0

     • Class B:

       • Range: 172.16.0.0 to 172.31.255.255

       • Designed for medium-sized networks.

       • Subnet mask: 255.255.0.0

     • Class C:

       • Range: 192.168.0.0 to 192.168.255.255

       • Intended for small networks.

       • Subnet mask: 255.255.255.0

5. Static IP Address:

   • Manually configured and remains fixed for a device.

   • Commonly used for servers, network devices, and services requiring consistent access.

Dynamic IP Address:

• Assigned automatically by a DHCP server and can change periodically as devices connect and disconnect.

• Typically used for client devices like computers, smartphones, and tablets.

---

Subnetting (Important to understand)

Subnetting is the process of dividing a larger network into smaller, manageable sub-networks called subnets. It allows for efficient utilization of IP addresses and better organization of network resources.

Let's consider a network with the IP address range 192.168.0.0/24. This means it's a Class C network (default subnet mask of 255.255.255.0) with 256 available IP addresses (from 192.168.0.0 to 192.168.0.255).

CIDR
CIDR (Classless Inter-Domain Routing) is a method used for IP address allocation and routing. It allows network administrators to allocate IP addresses more efficiently by specifying a subnet mask alongside an IP address. CIDR notation expresses the network portion of an IP address followed by a forward slash and the number of significant bits in the subnet mask (e.g., 192.168.1.0/24). This notation enables flexible and scalable IP address assignment and subnetting.

Scenario:

Suppose we need to divide this network into smaller subnets to accommodate different departments within an organization:

1. HR Department: Requires 50 hosts.

2. Finance Department: Requires 30 hosts.

3. IT Department: Requires 20 hosts.

4. Guest Network: Requires 10 hosts.

Solution:

To subnet the network efficiently, we can use Variable Length Subnet Masking (VLSM) or Fixed Length Subnet Masking (FLSM). Let's use FLSM for simplicity.

• HR Department:

  • Hosts: 50 (2^6 - 2 = 62, using 6 bits for hosts)

  • Subnet Mask: 255.255.255.192 (/26)

  • Subnet Range: 192.168.0.0/26 (62 hosts)

• Finance Department:

  • Hosts: 30 (2^5 - 2 = 30, using 5 bits for hosts)

  • Subnet Mask: 255.255.255.224 (/27)

  • Subnet Range: 192.168.0.64/27 (30 hosts)

• IT Department:

  • Hosts: 20 (2^5 - 2 = 30, using 5 bits for hosts)

  • Subnet Mask: 255.255.255.224 (/27)

  • Subnet Range: 192.168.0.96/27 (30 hosts)

• Guest Network:

  • Hosts: 10 (2^4 - 2 = 14, using 4 bits for hosts)

  • Subnet Mask: 255.255.255.240 (/28)

Subnet Range: 192.168.0.128/28 (14 hosts)

For more , search in other platform like youtube,etc.

---

Basic Terminologies

VPC (Virtual Private Cloud):

• Definition: Virtual network environment in AWS for launching instances and other resources.

• Features: Isolation, control over IP ranges, connectivity options.

Subnets:

• Definition: Segments of IP address ranges within a VPC, tied to availability zones.

• Features: Isolation, routing, tied to specific availability zones.

Elastic IP (EIP):

• Definition: Static IPv4 address for dynamic cloud computing, remappable to instances.

• Features: Static IP, elasticity, persistence.

Route Table:

• Definition: Contains rules (routes) for directing network traffic within a VPC.

• Features: Routing definitions, subnet association.

NAT Gateway:

• Definition: Allows instances in private subnets to access the internet while preventing inbound traffic.

• Features: Outbound internet traffic facilitation, security enhancement.

EC2 Instance:

• Definition: Virtual server instances in AWS, scalable and configurable.

• Features: Scalability, variety of instance types, integration with AWS services.

Security Groups:

• Definition: Virtual firewalls for EC2 instances, controlling inbound and outbound traffic.

• Features: Stateful, granular control, dynamic updates.

Internet Gateway:

• Definition: Enables communication between instances in a VPC and the internet.

• Features: Internet connectivity facilitation, routing.

Public and Private Subnets:

• Definition: Subnets categorized based on internet accessibility.

• Features: Public subnets have internet gateway routes, while private subnets don't.

---

A Virtual Private Cloud (VPC) in AWS is a virtual network environment that enables users to launch AWS resources in a logically isolated section of the cloud. With VPC, users have control over IP address ranges, subnets, routing tables, and network gateways, providing a customizable and secure network infrastructure.

---

Steps

1. First create the IAM user and provide the full acces permission of VPC from root user.

   

   1. Create the vpc

      

      1. create the sub nets like provide name like public and private under the main VPC.

      2. Create the Internet gateway and attach it to the main VPC to access the Internet

      3. Inside the public sub-net, edit routes and then add the gateway to it. so that the public subnet and it's attached resouce can access the internet through internet gateway. If we try to access internet in subnet or vpc in the absence of the internet gateway then we cannot.

      4. Launch the ec2 instance named public (Optional) under the VPC and public subnet enabling auto assign public ip address.

         1. Edit Inbound rule as well

            

            1. Then we can connect and access the internet in the public instance.

               

               1. Now create the another ec2 instance under vpc and private sub-nets without assigning the public ip.

               2. Then here we cannot connec or access the internet in the private IP.

               3. For this, we create the NAT gateway and attach to the private sub net to send the packets to internet. It is one way.

                  

Now, the question is that how can we access the internet in the private instance. For this, we access the internet through the public ec2 instance. So that it is very ecure.

---

Private subnets within a VPC offer several advantages:

1. Enhanced Security: By not having direct access to the internet, instances in private subnets are shielded from unauthorized access and potential security threats originating from the internet.

2. Reduced Attack Surface: With limited exposure to external networks, the attack surface for instances in private subnets is significantly reduced, minimizing the risk of cyberattacks.

3. Protection of Sensitive Data: Private subnets are ideal for hosting sensitive or confidential data, as they provide an additional layer of isolation and security from external entities.

4. Compliance Requirements: Private subnets help meet regulatory compliance requirements by ensuring that sensitive data remains within a controlled environment, accessible only to authorized users and applications.

5. Cost Savings: Since instances in private subnets do not require public IP addresses or incur data transfer costs associated with internet traffic, they can help optimize costs for workloads that do not need internet access.

6. Flexibility in Architecture: Private subnets allow for a more modular and flexible architecture, enabling organizations to design complex network topologies with segmented and isolated components for improved manageability and scalability.

7. Highly Available Services: Private subnets can host backend services and databases that do not need direct internet access, ensuring high availability and reliability without exposing them to external threats.

8. Improved Performance: By reducing exposure to internet-related traffic and congestion, instances in private subnets may experience improved network performance and latency for internal communications.

9. Secure Access Controls: Private subnets can leverage AWS security features like security groups, network access control lists (NACLs), and AWS Identity and Access Management (IAM) policies to enforce strict access controls and permissions for inbound and outbound traffic.

10. Scalability and Elasticity: Private subnets can scale seamlessly with the growth of your infrastructure, allowing you to add new instances and services without compromising security or compliance requirements.

Thanks For reading....