03. VPC, Subnet, IG, NAT
π Amazon VPC Overviewβ
A VPC (Virtual Private Cloud) is your own private network inside AWS β an isolated section of the AWS Cloud where you can launch resources such as EC2 instances.
- Itβs region-specific β each AWS Region can have its own VPCs.
- It provides full control over your networking environment, including:
- IP address range (CIDR block)
- Subnets
- Route tables
- Internet connectivity
- Security (Security Groups & Network ACLs)
π Subnetsβ
A Subnet is a segment within your VPC β it partitions your network into smaller sections.
Each subnet is:
- Associated with one Availability Zone (AZ).
- Used to organize resources based on accessibility.
| Subnet Type | Description | Typical Usage |
|---|---|---|
| Public Subnet | Connected to an Internet Gateway | Web servers, Load balancers |
| Private Subnet | No direct internet access | Databases, Application servers |
π¦ Route Tablesβ
To define access to the internet and between subnets, we use Route tables.
Route Tables define how traffic flows within the VPC and outside of it.
- Every subnet is associated with a route table.
- Routes determine whether a subnet is public or private.
Example:
| Destination | Target | Meaning |
|---|---|---|
| 10.0.0.0/16 | local | Internal traffic within VPC |
| 0.0.0.0/0 | igw-123 | Route to the Internet (public subnet) |
π Internet Gateway (IGW)β
An Internet Gateway allows resources in public subnets to:
- Send traffic to the internet.
- Receive traffic from the internet.
Key Points:
- Must be attached to a VPC.
- Public subnets have a route to the IGW.
- Private subnets do not.
Example Route Table (Public Subnet):
| Destination | Target |
|---|---|
| 0.0.0.0/0 | igw-12345 |
π NAT Gateway (Network Address Translation Gateway)β
A NAT Gateway allows instances in private subnets to:
- Access the internet outbound only (e.g., OS updates, package downloads).
- Remain inaccessible from the internet inbound.
Setup:
- Create a NAT Gateway in a public subnet.
- Add a route in the private subnetβs route table that points to the NAT Gateway.
- The NAT Gateway then forwards traffic through the Internet Gateway.
Example Route Table (Private Subnet):
| Destination | Target |
|---|---|
| 0.0.0.0/0 | nat-67890 |
π§ Example Architectureβ
Traffic Flow:
- Internet β IGW β Public Subnet β Web Server.
- Web Server β Private Subnet β Database.
- Private Subnet β NAT Gateway β IGW β Internet (for updates).
π Summary Tableβ
| Component | Description | Internet Access | Typical Placement |
|---|---|---|---|
| VPC | Virtual private network in AWS | Controlled by design | Region-wide |
| Subnet | Logical partition inside a VPC | Depends on routing | Per AZ |
| Internet Gateway | Enables internet access for public subnets | β Inbound + Outbound | Public Subnet |
| NAT Gateway | Allows private subnets to access internet outbound | β Outbound only | Public Subnet |
β In short:
- VPC = your private cloud network.
- Subnets = logical divisions (public or private).
- Internet Gateway = entry/exit to the internet.
- NAT Gateway = outbound-only access for private subnets.