# AWS VPC ###### tags: `tutorials` ### Ref : https://www.youtube.com/watch?v=g2JOHLHh4rI ### IPv4 subnet creator : https://network00.com/NetworkTools/IPv4SubnetCreator/ ### https://betterprogramming.pub/aws-console-creating-a-3-tier-architecture-f44e226e5842 ## Questions - Check route table - rotes #### What is an IP Address?  #### Structure of an IPv4 Address - IP Addresses are written in dotted decimal notation - Each part of the address is a binary octet(Octet means we have 8 values)  ## Networks and Hosts - Every IP Address has `Network ID` and `Host ID`      #### Private IP ranges   ## VPC Overview A VPC is a logically isolated portion of the AWS cloud within a region. We can create 5 VPC for a region by default, but we can request more - A virtual private cloud (VPC) is a virtual network dedicated to your AWS account - Analogous to having your own data center inside AWS - It is logically isolated from other virtual networks in the AWS cloud - Provides complete control over the virtual networking environment including selection of IP ranges,creation of subnets, and configuration of route tables and gateways - You can launch your AWS resources, such as Amazon EC2 instances, into your VPC - When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing(CIDR) block, for example, 10.0.0.0/16 - A VPC spans all the availability zones in the region - You have full control over who has access to the AWS resources inside you VPC - By default you can create up to 5 VPCs per region - A default VPC is created in each region with a subnet in each AZ **Subnet** : A segment of a VPC's IP address range where you can place groups of isloated resources **Internet Gateway/Egress-only internet gateway** : The amazon VPC side of a connection to the public internet for IPv4/IPv6 **Router** Routers interconnect subnets and direct traffic between internet gateways, virtual private gateways, NAT gateways, and subnets. **Peering Connection** Direct connection between two VPCs **VPC Endpoints** Private connection to public AWS services **NAT Instance** Enables internet access for EC2 in private subnets (managed by you) **NAT Gateway** Enables internet access for EC2 instances in private subnets(managed by AWS) **Virtual Private Gateway** The amazon VPC side of a virtual private network(VPN) connection **Customer Gateway** Customer side of a VPN connection **AWS Director connect** High speed, high bandwidth, private network connection from customer to aws **Security Group** Instance-level firewall **Network ACL** Subnet-level firewall   #### Defining CIDR Blocks **Rules and Guidelines** - CIDR block size can be between /16 and /28 subnet mask - The CIDR block must not overlap with any existing CIDR block thats associated with the VPC - You cannot increase or decrease the size of an existing CIDR block - The first four and last IP address are not avaialbe for use - AWS recommend you use CIDR blocks from the RFC 1918 ranges:  #### Additional Considerations: - Ensure you have enough networks and hosts - Bigger CIDR blocks are typically better(more flexibility) - Smaller subnets are OK for most use cases - Consider deploying application tiers per subnet - Split your HA resources across subnets in different AZs - VPC peering requires non-overlapping CIDR blocks - ==Avoid overlapping CIDR blocks== as much as posisble #### Create a VPC name : tpenmets-vpc IPv4 CIDR block : 10.0.0.0/16 **Create public subnets** Name: tpenmets-subnet-public-1A AZ : us-east-1a IPv4 CIDR block : 10.0.1.0/24 Name: tpenmets-subnet-public-1B AZ : us-east-1b IPv4 CIDR block : 10.0.2.0/24 Name: Name: tpenmets-subnet-private-1A AZ : us-east-1a IPv4 CIDR block : 10.0.3.0/24 Name: Name: Name: tpenmets-subnet-private-1B AZ : us-east-1b IPv4 CIDR block : 10.0.4.0/24 **Create private route table** Name : tpenmets-private-RT VPC: tpenmets-vpc subnet associations: Priovate-1A, Private-1B **Create Internet Gateway** Name: tpenmetsIGW VPC: tpenmets-vpc