Comprehensive Guide -Amazon Virtual Private Cloud AWS VPC-18

Course details

Amazon Virtual Private Cloud is a commercial cloud computing service that provides users a virtual private cloud, by "provisioning a logically isolated section of Amazon Web Services Cloud". Enterprise customers are able to access the Amazon Elastic Compute Cloud over an IPsec based virtual private network.

Amazon Virtual Private Cloud (VPC)is a commercialcloud computingservice that provides users avirtual private cloud, by "provisioning a logically isolated section ofAmazon Web Services(AWS) Cloud". Enterprisecustomers are able to access theAmazon Elastic Compute Cloud(EC2) over anIPsecbasedvirtual private network. Unlike traditional EC2 instances which are allocated internal and external IP numbers by Amazon, the customer can assign IP numbers of their choosing from one or more subnets.By giving the user the option of selecting which AWS resources are public facing and which are not, VPC provides much more granular control over security. ForAmazonit is "an endorsement of the hybrid approach, but it's also meant to combat the growing interest in private clouds".

Contents

• Comparison to private clouds

• IP Addressing

• Connectivity

• Security

• See also

• References

• External links

Comparison to private clouds

Amazon Virtual Private Cloud aims to provide a service similar to private clouds using technology such asOpenStackorHPE Helion Eucalyptus. However, private clouds typically also use technology such asOpenShiftapplication hosting and various database systems. Cloud security experts warned there can be compliance risks, such as a loss of control or service cancellation in using public resourceswhich do not exist with in house systems. If transaction records are requested from Amazon about a VPC using aNational security letterthey may not even be legally allowed to inform the customer of the breach of the security of their system. This would be true even if the actual VPC resources were in another country.The API used by AWS is only partly compatible with that of HPE Helion Eucalyptus and is not compatible with other private cloud systems so migration from AWS may be difficult. This has led to warnings of the possibility of lock-in to a specific technology.

IP Addressing

This sectionmay rely excessively on sourcestoo closely associated with the subject, potentially preventing the article from beingverifiableandneutral.Please helpimprove itby replacing them with more appropriatecitationstoreliable, independent, third-party sources.

Initially, users are able to choose a range of IP addresses for their VPC. Within this range, users can assign various private and public IPv4 and IPv6addresses to instances in the VPC in order to communicate with the Internet and other instances of VPCs. These addresses are assigned to specific instances rather than the user's entire VPC account.Static assignment of Public IP addresses is not possible, instead the address is assigned and unassigned in certain cases, causing the address of an instance to change. When a consistent IP address is needed, a third type of IP Address,Elastic IP addresses, can be used in place of Public IP addresses.

Connectivity

This sectionmay rely excessively on sourcestoo closely associated with the subject, potentially preventing the article from beingverifiableandneutral.Please helpimprove itby replacing them with more appropriatecitationstoreliable, independent, third-party sources.

AWS VPC allows users to connect to the Internet, a user's corporatedata center, and other users' VPCs.

Users are able to connect to the Internet by adding an Internet Gateway to their VPC, which assigns the VPC a public IPv4 Address.

Users are able to connect to a data center by setting up a Hardware Virtual Private Network connection between the data center and the VPC. This connection allows the user to "interact with Amazon EC2 instances within a VPC as if they were within (the user's) existing network."

Users are able to route traffic from one VPC to another VPC using private IP addresses, and are able to communicate as if they were on the same network. Peering can be achieved by connecting a route between two VPC's on the same account or two VPC's on different accounts in the same region. VPC Peering is a one-to-one connection, but users are able to connect to more than one VPC at a time.

Security

AWS VPC's security is two-fold: firstly, AWS VPC uses security groups as a firewall to control traffic at the instance level, while it also uses networkaccess control listsas a firewall to control traffic at the subnet level.As another measure of privacy, AWS VPC provides users with the ability to create "dedicated instances" on hardware, physically isolating the dedicated instances from non-dedicated instances and instances owned by other accounts.

AWS VPC is free, with users only paying for the consumption ofEC2 resources. However, if choosing to access VPC via a Virtual Private Network (VPN), there is a charge.