9
Jan
Amazon Virtual Private Cloud
The network infrastructure of Amazon Web Services (AWS) can be complicated. Structuring VPCs and instances requires tactical planning whether it’s using a content delivery network (CDN), a network optimizer, or dynamic content accelerators. Using Elastic IPs in AWS can help you optimize your infrastructure and implement modifications more easily. With Elastic IPs, you’ll need a quick and easy way to modify your setup as your environment and business need change. Recognizing what an Elastic IP is, as well as the differences between static and public IPs, can add tremendous value when designing your AWS configuration.
Private IP addresses #
Private IP addresses are those that can’t be reached over the internet. Private IPs allow instances in the identical network to communicate with one another. When you create a new instance, you get a private IP address and an internal DNS hostname that resolves to the instance’s private IP address. It will not work if you try to connect to it via the internet. For that, you’d require a public IP address. A private IP address is reserved for a private network and is not widely used.
Public IP addresses #
For interaction between many internet instances and your public IP addresses are employed An external DNS hostname is allocated to each instance with a public IP address. The public IP addresses associated with your instances come from Amazon’s public IP list. Once you end or terminate your instance, the public IP address is discharged, and when it restarts, a new one is assigned. An elastic IP address must be used to keep this public IP address after it has been stopped or terminated. The internet recognizes you by your public IP address. The IP address that your internet-connected device uses to interact with the public internet is known as a public IP address.
Elastic IP Addresses #
Static or persistent public IP addresses are included with your account as elastic IP addresses. With the elastic IP address, if any of your software or instances fails, they can be easily remapped to another instance. You can keep an elastic IP address in your account until you decide to discharge it. If an Elastic IP address is in your account but not assigned to an instance, a charge is attributed to it. AWS manages its dynamic cloud computing services with elastic IP addresses. Customers have virtual private clouds inside the AWS infrastructure (VPCs). Users have instances within VPCs.
The Elastic IP address is used to broadcast the data inside the instance to the rest of the internet. Elastic IP is utilized for dynamic cloud computing in the AWS cloud environment, according to AWS. It’s crucial to make this distinction. If your AWS instance breaks down, you’ll want to keep your IP address and interact effectively with your account. As a result, an Elastic IP is a hybrid of a public and a static IP address. It enables you to keep promoting AWS instances inside of your AWS network infrastructure.
Subnet #
A subnet in your VPC is defined by AWS as a set of IP addresses. AWS resources can be launched into a specific subnet. A public subnet is for internet-connected resources, while a private subnet is for non-internet-connected resources. In VPC, a subnet is an essential element. All public subnets (or a mix of public and private subnets) can be contained within a VPC. A subnet without a route to the internet gateway is known as a private subnet. A VPN-only subnet can be created by routing traffic through a virtual private gateway.
A default subnet in your VPC has a netmask of 20, which allows for up to 4,096 addresses per subnet, with a handful restricted for AWS use. Although the VPC can stretch various availability zones, the subnet is generally mapped to just one. Availability zones make up a virtual private cloud. Each availability zone has its subnet, and users won’t be able to launch any instances only if their VPC has subnets.
Public and Private Subnets #
Subnets are divided into two categories: public and private. Web servers, for example, use a public subnet to connect to the internet. The main route table sends subnet traffic bound for the internet to the internet gateway, making a public subnet public. Private subnets are used for resources that don’t require an internet connection or that users want to keep safe from the internet, such as database instances.
Internet Gateway #
An internet gateway is a VPC element that is robust, horizontally scaled, and highly available. It allows instances in your VPC to communicate with each other and with the internet. As a result, your network traffic is not subject to any availability threats or bandwidth restrictions You must link an internet gateway to your VPC for it to be able to connect to the internet. Each VPC can only have one internet gateway connected. The very first step in granting internet access to instances in your VPC is to connect an internet gateway.
To connect an EC2 instance to the internet, you must implement the following rules:
- Link an Internet gateway to your VPC.
- Ascertain that your instances either have public or an elastic IP address.
- Set your subnet’s route table to point to the internet gateway.
- Check that your security group and network access control rules permit useful traffic to move into and out of your instance.
Route Table #
A routing table, according to Amazon, is a set of rules known as routes that establish where network traffic is guided. Each subnet must be associated with a routing table, and each subnet can only be associated with one route table.
A routing table, on the other hand, can be associated with multiple subnets. Every VPC has a default route table, which you should leave alone and establish a new route table to customize the network traffic routes linked with your VPC. We’ve included two route tables in this illustration: the main route table and the custom route table. The new route table or custom route table instructs the internet gateway where to route internet traffic to the public subnet.
The private subnet, on the other hand, is still linked with the default route table, which is the main route table that does not permit internet traffic. Within the private subnet, all traffic continues to remain local.
NAT Devices #
A Network Address Translation (NAT) device can be employed to connect instances in a private subnet to the internet or AWS services, but this blocks the internet from establishing connections with the instances in the private subnet. As previously stated, public and private subnets secure your assets from being directly connected to the internet.
For instance, your web server would be in the public subnet, while your database would be in the private subnet, which does not have internet access. However, your private subnet database instance may still require internet access or the ability to interact with other AWS resources. You can accomplish this by using a NAT device. The NAT device routes traffic from your private network to the internet or other AWS services. The response is then sent back to your instances. When traffic is directed to the internet, your instance’s source IP address is substituted with the NAT device address, and when traffic returns, the NAT device interprets the address to your instance’s private IP address.
The networking foundation for EC2 and other AWS services is provided by the Virtual Private Cloud service. AWS aggregates some networking components so that configuring them is easier than in a traditional network, but architecting VPCs still requires a solid understanding of networking fundamentals.
