VPC Overview & Components
A virtual private cloud (VPC), is a virtual network that is dedicated to an AWS account. It is logically isolated and not connected to other virtual networks in AWS cloud.
VPC allows you to choose IP addresses, create subnets, configure route tables, network gateways, security settings, and other configurations.
VPC SizingVPC requires a set IP addresses in the form a Classless Internet-Domain Routing block for e.g. 10.0.0.0/16. This allows 216 (65536) IP addresses to be available
The maximum allowed CIDR block size is between/28 and 16 netmasks (minimum of 24 – 16 available Ip addresses).
/16 netmask (maximum 216 – 65536 Ip address)
CIDR block can be assigned from private (non publicly routable IP address) 10.0.0.0 – 10255.255.255 (10/8 Prefix)
172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
192.168.0.0 – 192.168.255.255 (192.168/16 prefix)
You can specify a range public routable IP addresses. However, direct access to Internet is not supported at the moment from publicly routable CIDR blocs in a VPC.
The CIDR block that was assigned to the VPC cannot now be modified. NOTE: You can now resize VPC. Read AWS blog post.
Each VPC is distinct from any other VPC that was created with the same block of CIDRs, even if it is part of the same AWS account
VPC allows VPC Peering connections to other VPC within the same AWS account or different AWS accounts
Although connection between your VPC’s and corporate networks or home networks can be established, the CIDR blocks must not overlap for e.g. VPCs with CIDR 10.0.0.0/16 are able to communicate with the corporate network 10.1.0.0/16, but connections to 10.0.37.0/16 will be dropped due to overlapping ip addresses.
VPC allows you set the tenancy option for Instances launched within it. The default tenancy option is shared. If you select the dedicated option, all instances within it are launched using dedicated hardware. This overrides the individual instance tenancy setting.
The VPC can be deleted only after it has been closed to all instances. Subnets, security groups and network ACLs are required to delete all instances within the VPC. Route tables, Internet gateways, VPC peering connection, and DHCP optionsIP addresses are also required.
Instances launched in VPC can be assigned a Private, Public, and Elastic IP address. These IP addresses are properties of ENI.
Private IP Addresses Private IP addresses cannot be reached over the Internet and can only be used to communicate between instances within the VPC
All instances are assigned a private I address within the subnet’s IP address range to the default network interface
The primary IP address is associated to the network interface for the lifetime of the instance. It is also associated with the instance when it is stopped and restarted. It is released only when the instance has been terminated.
Additional private IP addresses, also known as secondary IP addresses, can be assigned to the instances. These can then be reassigned from another network interface.
Public IP addressPublic IP addresses can be reached over the Internet and used to communicate between instances and other AWS services with public endpoints
Public IP address assignment to an Instance is dependent on whether the Subnet has enabled Public IP Addressing.
You can also assign a public IP address to the instance by activating the Public IP addressing option during creation of the instance. This overrides subnet’s public addressing attribute
Public IP addresses are assigned from the AWS pool IP addresses. They are not associated with AWS accounts and are released when the instance is terminated, restarted, or stopped.
Elastic IP addressElastic IP addresses can be associated with and disassociated from the instance as needed.
If the account is not released, an elastic IP address is assigned at a VPC.
A Pub Interface can be assigned to a Network Interface.
