Components of an AWS Virtual Private Cloud (VPC)

Alan Rodrigues
A free video tutorial from Alan Rodrigues
Software Engineering Evangelist
4.5 instructor rating • 19 courses • 264,180 students

Learn more from the full course

AWS Certified Solution Architect - Associate

Includes 2 Practice Tests - 130 Practice Test Questions

14:16:48 of on-demand video • Updated November 2018

  • Students will learn about all the various services offered by AWS
  • Students will learn how these services work together to build fault tolerant and highly available applications
  • Students can use the practice questions to get a hang of the type of questions which are asked in the exam
  • Will provide Students a better understanding when pursuing further certifications on the AWS Platform
English Hi and Welcome back. Now in this chapter we are actually going to discuss the different elements or components of the VPC. This is important for you to understand. When you want to actually communicate with your virtual server from let's say, your work station. So let's say you are working on your Workstation. You want to login to the virtual server. You want to may be install some application, install a web server. You basically want to do something on that virtual server. Now as an Architect, you have to understand the different components of the VPC and how they work. Because remember this is your own virtual private network on the AWS cloud. Now I've got a lot of stuff going on here. I've put a lot of components so let's look at all of them in much more detail. So we have our VPC to make things simple. I just have a single subnet. Again the CIDR block is a subset of the main CIDR block of the VPC. I have an EC2 instance. Now In order for your EC2 instance to have the ability to communicate with your workstation via the Internet , there are some things which have to be in place. The first main thing is your Internet Gateway. So the Internet gateway is another resource that's available in AWS. It's an appliance which you attach to your VPC. So all communication from now the EC2 instance will go to the internet gateway and then to your workstation. So this gateway is nothing but an appliance in AWS that is attached to the VPC and is attached to the Internet. This is a highly available and durable device that allows you to connect to the Internet. So this is the first prerequisite. We need to have the internet gateway in place. Now we come to the second requirement that is having a Public IP for the EC2 instance. Now earlier on, I had mentioned that when you launch an EC2 instance it will have a private IP, that private IP i'll discuss in another chapter is used for internal communication within the VPC itself. So if you add another EC2 instance, they would communicate via the Private IP. But if you need communication on the Internet, we need to have something known as a Public Routable IP address. This public routable IP address will be attached to the EC2 instance and using the public IP, You can then connect to the EC2 instance from your workstation. So from your workstation, if you want to connect to EC2 use the public IP. That's the second thing done. Now the third important thing is the Route table. Now each VPC and subnet has something known as a route table attached it. And a route table basically is nothing but a table which has routinginformation. I have actually given an example over here. So if I go to my route table, All right, I've got two routes defined. So the first one and the second one. Now in the first one, I have a destination of 10.0.0.0/16 This is nothing but the CIDR block of the VPC. Now if you create your own VPC , by default a route table will be created. That's called the main route table. And in that main route table you will have one default route which is this one. It says, route for anything within the VPC, should go to a target known as Local. Local means that the VPC has something of its own Router. So there's a router attached to the VPC which handles all the communication within the VPC itself. So if traffic is flowing from this instance let's say another instance in the same VPC as per the route table , if it's going to an IP address within this range, then the target is the Local Router. So the router will manage all the communication within that VPC itself. If you want to manage the communication via the internet gateway then you have to attach another route. What does the router specify ? It's a special IP address block range, known as 0.0.0.0/0 This means that any traffic which is going from the VPC to the Internet has the destination, then the target is the internet gateway ID. So when you create the internet gateway it will get an ID, a number basically, and you put that in the route table. So this is something you have to explicitly mention in the route table. Once you do this, then the traffic will start flowing to the Internet. So these are the important aspects when it comes to your VPC. In our demo when we actually create our own custom VPC we are going to be looking at all of these components. Now at this point in time I want to explain to you that in your AWS account, when you create your account a Default VPC will be created in every region. And for each default VPC you will get a default subnet for each availability zone in that region. Why is this the case ? It's because it allows you to quickly provision a virtual server in the default VPC. If you were a new user, Like we just started using AWS. Imagine the amount of artifacts that you have to create in order to get started. But what AWS does for you, it creates something known as a default VPC which I'll show you in a video. In that default VPC everything is already set up. There is already an internet gateway, there is already a route table, there's already a subset , a VPC, Everything is in place. All you have to do is, Spin up a virtual server on EC2 instance in that default subnet. And by doing that you can automatically reach the Internet. So we have a video in which, I'm going to show you the default VPC and when we create our EC2 instance it's also remember created in the default VPC. So that's it for this chapter. We have looked into detail into how the VPC works.