Have you been wondering how AWS defines the backbone of its networking service?
Well, this is all thanks to VPC Virtual Private Cloud, a virtual network within the AWS cloud, and it comprises the following: security groups, network access control list (NACl), subnet, route tables, internet gateway and NAT gateway.
Using an analogy, AWS cloud can be described as an estate which contains several houses.
A VPC is an individual house in that estate and you can place your properties in different positions in your house. Some properties may be placed in the living room while others in the bedroom. When expecting a visitor, that is, traffic from the internet. This can refer to the isolated logical network in the AWS cloud where you provision your resources such as application and database servers. The concept of VPC components are explained thus:
- Internet Gateway: This is likened to the telephone in your house and it is the only way for anyone that wants to visit you to reach you. If your telephone line is off, nobody can reach your house and only the people within your house can talk to each other. In AWS, this refers to the default route to the internet which enables your resources in the VPC to communicate with the internet.
Subnets: These are logical segmentation of your resources, they can be likened to the properties in your house. The properties placed in the living room are public subnets, all your visitors can see them such as television, stereo system etc.
In AWS, Web/Application servers are deployed in the public subnets, external users can have access to them and are reachable on the internet.
The properties placed in your bedroom are private subnets, they are accessible within your house, that is, only your family members have access to them.
In AWS, database servers are mostly placed in the private subnets in VPC because they are only accessible within your VPC network.NAT Gateway: By default, only people staying in the living room can meet the visitors, perhaps you are in the bedroom and you want to meet the visitor, you can use your mobile phone to talk to them, but you would be the one to make a call request.
In AWS, this allows resources deployed in the private subnets to have access to the internet, and is especially used for upgrade and software patches for database servers or to enhance the security level of the system.
Network Access Control List: These are the security guards guarding your home, they will check the visitor,to either grant access to the building or not.
In AWS, this serves as a security measure at the subnet level for your VPC network to deny or allow inbound and outbound traffic. At default, it allows both inbound and outbound traffic.
Inbound traffic: User's request entering the VPC
Outbound traffic: User's response leaving the VPCSecurity Group: You have an electronic door which checks the visitors before they can come in. If they have an appointment or invite, they will be granted access to your living room and welcomed to your home, and when the visitor is departing, he wouldn’t be subjected to another check (stateful).
In AWS, this is a security measure at the instance level, it only allows traffic and it is stateful which means once the traffic is allowed in, automatically the traffic will be permitted out.
I hope you understand the basics of VPC, your comments are welcome
Cheers 😊