snow-dev.com

Recent Notes

VPC 101

2 min read

AWS Regions and Availability Zones

VPC

  • Virtual Private Cloud = Your own private network
  • VPC belongs to a region
  • VPC consists of Subnets

Subnets

  • Subnets belong to AZs
  • Can be public or private

Public

  • You can directly access the internet
  • but the resource in the subnet can also be directly accessed from the internet

Private

  • You can’t directly access the internet
  • You also can’t access the resource in the private subnet from the internet directly
  • If you want to access the internet:
    • deploy a NAT Gateway in a public subnet to route traffic

NAT Gateway

  • AWS Managed Network Address Translation (NAT)
  • NAT is created in a specific AZ
  • NAT Gateway is resilient within one AZ
    • must create NAT Gateway in multiple AZ for fault-tolerance
  • Requires an Internet Gateway

Internet Gateway

  • Helps the VPC resources connect to the internet
  • Scales horizontally, is highly available and redundant
  • One VPC can only be attached to one IGW and vice versa
  • Has no Bandwidth limit
  • Internet Gateways on their own do not allow internet access
    • Also need a properly configured Route Table

Route Table

  • Defines routes
  • A route consists of:
    • A destination: A CIDR
    • A target: NAT Gateway, Internet Gateway and more
  • Is associated to Subnets

CIDR

  • CIDR = Classless Inter Domain Routing
  • Describes an IP Space
  • Consists of 2 componens:
    • base IP (X.X.X.X)
    • Subnet Mask (/26)
  • base IP represents an IP contained in the range
  • The subnet masks define how many bits can change in the IP

Subnet Masks

  • 2^32 - Subnet Mask = amount of IP addresses available
  • Ordering
    • /32 allows for 1 IP = 2 ^ 0
    • /31 allows for 2 IP = 2 ^ 1
    • /30 allows for 4 IP = 2 ^ 2
    • etc
  • Most Important numbers
    • /32 no IP number can change
    • /24 last IP number can change
    • /16 last 2 IP numbers can change
    • /8 last 3 IP numbers can change
    • /0 all IP numbers can change

Private IP Ranges

  • 10.0.0.0 - 10.255.255.255 (10.0.0.0/8): big networks
  • 172.16.0.0 - 172.31.255.255 (172.16.0.0/12): default AWS
  • 192.168.0.0 - 192.168.255.255 (192.168.0.0/16): for example used in home networks
  • All other IPs are public

Calculate

Graph View