Cloud Computing is a collection of servers connected over the Internet using a virtual network. This virtual network connects the cloud computing resources across the globe, that is what makes it so special. In this article, we would be discussing how AWS VPC helps connect AWS resources across the globe.
Following pointers will be covered in this article:
- What is Amazon Web Services?
- What are AWS Networking Services?
- What is AWS VPC?
- Components of AWS VPC
- Demo Working of AWS VPC
So let us get started.
What is AWS?
AWS also known as Amazon Web Services is one of the leading Cloud Services Providers in the Public Cloud Market and holds the highest market share in the Public Cloud Domain.
It is the world’s most comprehensive and widely adopted Cloud Service provider in the Cloud Domain. It has data centres across the globe. Whether we consider small scale business, start-ups or leading industries around the world all have used AWS and continue to do so to run their businesses successfully.
It offers over 200+ fully featured and functioning services. These services can be classified under domains for simplification and easy exploring. Here are some of the popular domains:
- Compute Services
- Storage Services
- Database Services
- Security Services
- Network Services
- Messaging Services
- Monitoring Services
- Machine Learning
- IoT
- DevOps
Apart from this AWS is a featured packed cloud service provider that provides plenty of features making it stand out when compared with other cloud service providers following are some of those features:
- Scalability
- Availability
- Fault Tolerance
- Disaster Recovery
Let us now go ahead and understand some of the networking services that AWS has to offer to us.
Great Learning offers a number of paid and free courses on AWS.
AWS Networking Services
We know that the cloud connects data and applications around the world and that is why it is very important to put this data and these applications under networks. AWS provides a series of services that provide better network features, security, and connectivity
Amazon VPC
With Amazon VPC you can configure AWS Services/resources in a virtual sub network. It is very similar to an old school network that would be used to operate your traditional data centre. We will discuss Amazon VPC at length as we dig deeper into the topic in hand.
AWS Direct Connect
Amazon Web Services provides a network service that lets you establish a dedicated network connection between your on premise infrastructure and AWS Cloud platform. This private network establishment ensures better bandwidth throughput and more consistent network than internet-based networks.
Amazon Route 53
It is Cloud Domain Naming System which is scalable in nature. The aim of this service is to give developers and businesses a reliable and cost-effective way for data routing to end users to Internet applications. It translates Web addresses to IP addresses. It is highly available, reliable, flexible in nature
AWS CloudFront
AWS CloudFront is a CDN or Content Delivery Network Service offered by Amazon Web Services. With AWS CloudFront you can solve the issue of latency. That means we can create a cache store or an edge location which located close to a specific point where our application experience a lot of data requests. So the copy of the data can be maintained at the edge location and people requesting the data can get to access it quicker with minimum latency or waiting time.
Let us now go ahead understand AWS VPC in detail. To do this let us understand the difference between Virtual Network and Traditional Network.
Great Learning offers a number of paid and free courses on AWS.
Traditional Network Vs Virtual Network
Traditional Network
Traditional Networks root back to being fixed set of functions of network devices be it a switch, or router. These resources or devices have a certain set of functions that perform well when these devices connect and function together and in turn they support the entire network. These functions or resources give high performance and speed if they used as hardware implementation.
However, these forms of network when try sort out flexibility. There is less room for fault tolerance and availability. These networks go well with proprietary provisioning software and can be modified quickly if and when needed
Following are some of the benefits of Traditional Networking:
- Better Traffic programmability
- Improved agility
- Ability to generate policy-driven network supervision
- Ability to implement network automation
This was about traditional networks, let us now go ahead and understand virtual networks,
Virtual Network
A Virtual Network is a network where are the devices or resources that fall under the network be it your servers, virtual machines or instances (Amazon Web Services term) and even data that connect with each other happens through a virtual network or through a set of wireless technology. Cloud Computing uses virtual network and one of the major benefits of this is it allows you to expand your reach as far as it needs to for a peak efficiency in addition to various other benefits that come with it.
A virtual network will have following components,
- A Virtual Switch
- Virtual Network Adaptor
- Servers
- Firewalls
- Virtual Network Security
Now that we know the difference between Virtual and Traditional Network, let us go ahead and understand Amazon VPC in detail,
Amazon Virtual Private Cloud
Amazon VPC or AWS VPC is a service that lets you provision a logically isolated section on the cloud where you can create or launch your Amazon Web Services resources, in a virtual network which can be configured or defined as per your requirement. This virtual network gives you complete control over the resources and the virtual network you have created. You also control IP range, creation of subnets and you can even configure the route tables and internet gateways. Your resources over this network are also secure and we can use IPv4 and IPv6.
You can control the customization of the network of Amazon VPC. If the need is to create public facing subnets for your web application servers or even if the servers in private in nature with no internet access at all, all can be controlled. Let us assume there some things that need to be private facing like your databases or even application, you can put them in private facing networks. You can even use multiple layers of security, these will include security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.
Components of Amazon VPC
An Amazon VPC service consists of various sub components. Let us take a look at the following components one by one:
- Subnet
- Internet Gateway
- NAT
Subnet
As we already know virtual private cloud is a virtual network we create to put our resources under that particular network. With Amazon VPC you can further classify this virtual network into sub networks which are known as subnets. A subnet as defined above is division of a virtual network into smaller chunks.
The reason we do subnetting is to further classify the distribution of traffic. Let’s assume we have certain set of traffic which we plan to route to a particular destination. If it follows a standard routing path, then there is a possibility that traffic will be rerouted through all the routing points. With subnets you limit the routes to limited points and classify them under subnets.
We break these virtual networks into subnet networks by dividing the network based on the IP assigned to the network. If we break a network down in two parts with equal IP, that means we are assigning half IP range to each subnet. (Please note: An IP Address is an unique ID that can be assigned to a resource or a machine)
Internet Gateway
As mentioned above an internet gateway is a component of VPC that can horizontally scale, and be highly available. It helps communication between VPC and the Internet.
Internet Gateway basically serves two purposes for you:
- It gives you a target inside your VPC route tables, so you can route your traffic that can be routed using it
- It also supports NAT that is Network Address Translation for those instances that have been assigned public IPv4 addresses
Please note that an Internet Gateway will support traffic from IPv4 and IPv6. As mentioned above it is highly available and we do not have to face any risks or bandwidth constraints on our network. The best thing is we do not get charged for using Internet Gateway on our account.
NAT
NAT stands for Network Address Translation (NAT). A NAT Gateway allows instances in a private subnet to either connect to the internet or to the other devices or Amazon Web Services. It at the same time ensures prevention of connection to resources to the instances through open internet.
In case if NAT charges apply when used. You will be charged when you create NAT Gateway in your account. Here you are charged by AWS on hourly usage of resources and even data charges apply.
These Gateways do not support IPv6 traffic.
So this was about the components if VPC, let us now go ahead and understand how Amazon VPC works?
How VPC works?
Let us now go ahead and understand how Amazon Virtual Private Cloud Works? Let us start by referring the diagram below:
Whenever we create resources in AWS we have an option of assigning a default a VPC to that resource and at the same time we can even create a custom VPC and assign that to the resource we have with us. When we create a VPC, we are creating a container under which we can put our resources. As we can see above, we have a VPC for a region under which we have two subnets with different instances under them.
These instances as shown are under different availability zones and can communicate with each other by using virtual routers. There is an Internet Gateway in place to help these resources communicate with the internet or other resources out there. This is how a Virtual Private Cloud looks like and functions in a nutshell.
Demo: AWS VPC
Let us now go ahead and see how to create a VPC and attach it to the instance.
Step 1: Go to AWS Management Console and open AWS VPC Service. This is how the console page would look like:
Step 2: Click on VPC and then on create VPC. Give you VPC a name, and IPv4 Block and click on create.
Step 3: Next step is to create a subnet, on the VPC Dashboard select subnet. Click on create Subnet. Fill in the below details and select VPC which we created and click on create
This is the Subnet we created
Step 4: Let us now create an internet gateway, that lets us drive write traffic across our instances. To do that, let us go ahead create one by going to VPC dashboard and clicking on Internet gateway, once we do that, let us select create Internet gateway, fill in the details as shown below.
An internet gateway is a virtual router that connects a VPC to the internet. To create a new internet gateway, specify the name for the gateway below.
Step 5: Once the Gateway is created, select your Internet Gateway, click on actions and select attach to VPC. In this case attach to the VPC you have created.
Next we will create a route table, attach a subnet to it and route the traffic using Internet gateway,
Step 6: Select Route Tables and click on create one, fill in the details as shown below,
Step 7: Select your route and below it Click on Subnet associations, select you subnet and click on save,
Step 8: Click on routes, select add route and select Internet Gateway and then add the Internet Gateway we have added. And click on save route.
Now go ahead and launch an EC2 instance (Windows) and in the networking bit select the VPC you have created and that VPC should be active in your instance.
When you launch the instance, you should see the IP and VPC details in left hand corner of your screen. This brings us to the end of this article on AWS VPC. We hope you have learnt something new. In case of questions, put those in the comment section below and somebody from our team would revert to you at the earliest.
Great Learning offers a number of paid and free courses on AWS. Check them out to get started with your upskilling journey.