Amazon VPC Components and Terminology
Amazon VPC consists of multiple objects and concepts. Before discussing them, I’ll cover why VPC was created in the first place. Without VPC, there would be no way to isolate your resources running on the cloud. For example, if you have deployed thousands of servers in the cloud, you need to manage IP namespaces more diligently so that there is no overlap between the IP addresses and so that you can seamlessly connect them from the resources running on your premises. Without VPC, it becomes difficult to manage the IP namespaces for thousands of servers
Amazon VPC
As discussed, Amazon VPC gives you your own private space in the cloud. When you create a VPC, you have the option of carving out your own data center in the cloud. The first step of creating a VPC is deciding the IP range by providing a Classless Inter-Domain Routing (CIDR) block. VPC now supports both IPv4 and IPv6, so you can have both IP ranges as part of your VPC. When you choose an IPv4 CIDR range, you can choose anything between /16, which corresponds to 65,536 IP addresses (for example 10.0.0.0/16), and /28, which corresponds to 16 IP addresses. If you select IPv6, you can choose an Amazon-provided IPv6 CIDR block or you can bring the IPv6 CIDR block owned by you. If you choose an Amazon-provided CIDR block, the size of the IPv6 CIDR block is fixed to /56 and the range of IPv6 addresses is automatically allocated from Amazon’s pool of IPv6 addresses. As of now, having a CIDR block for IPv6 is optional; however, you need an IPv4 CIDR block. It is important to note that once you create a VPC, you can’t alter the size of it. If you create a VPC with a small size and later realize that you need more IP addresses, you can create a new VPC with a bigger IP address range and then migrate your applications from the old VPC to the new one.
![](https://codelido.com/assets/files/2022-12-26/1672077160-464330-image.png)
Subnet
Subnet is short for subnetwork, which is a logical subdivision of an IP network. With subnetting you can divide a network into multiple networks. With VPC you can create various subnets as per your needs. The most common ones are public subnets, private subnets, and VPN-only subnets. A public subnet is created for resources that need to be connected to the Internet. A private subnet is created for resources that do not need to be connected to the Internet, and a VPN-only subnet is created when you want to connect your virtual private cloud with your corporate data center. You can also create different subnets to isolate the type of workload, such as a subnet for the development environment, a subnet for the production environment, and so on.
Internet Gateway
![](https://codelido.com/assets/files/2022-12-26/1672077217-293975-image.png)
An Internet gateway (IG) is a component of a VPC that allows your VPC to communicate with the Internet. When you attach an IG in your VPC, you can connect directly to the Internet from the subnets where you have added the IG in the route table. It must be noted that an IG is a horizontally scaled, redundant, and highly available component in VPC. An IG supports both IPv4 and IPv6 traffic. It’s simple to attach an IG; you just add the entry for the IG in the routing table and you are all set. In the previous example of a routing table, the entry 0.0.0.0/0 igw-11aa33cc shows how an entry for the IG is added in the routing table. When you add an IG in your VPC, then you can make any of the subnets inside that VPC accessible to the Internet just by adding the IG in the subnet’s route table. If Amazon VPC does not have an IG in the route table, then you won’t be able to make any of the subnets accessible to the Internet. Say now you have another subnet, a private subnet, with the CIDR block 10.0.1.0/24 and you don’t want to provide Internet access to any IP address residing in this subnet. So, the entry in the route table for the private subnet will look something like Table 3-5. A target of “local” means only local traffic can flow within the virtual private cloud and no other traffic is allowed.