前注:
学习书籍
Index
- Virtual Private Cloud
-
- 1. Amazon VPC Components and Terminology
-
- (1) Amazon VPC
- (2) Subnet
- (3) Route Table
- (4) Internet Gateway
- (5) Network Address Translation (NAT)
- (6) Egress-only Internet Gateway
- (7) Elastic Network Interface (ENI)
- (8) Elastic IP Address
- (9) Security Group
- (10)Network Access Control List (NACL)
- (11)Amazon VPC Peering
- (12)Amazon VPC Endpoint
- (13)DNS and VPC
- (14)DHCP Option Sets
- (15)Connecting to a VPC
- (16)VPC Flow Logs
- 2. Default VPC
Virtual Private Cloud
You can do the following things by having a virtual private network:
· Have some of the applications running in the cloud within VPC and some of the applications running on-premise.
· Create multiple subnets within VPC.
eg. Create a public subnet by providing it with Internet access and can keep the resource isolated from the Internet by creating a private subnet.
· Have dedicated connectivity between your corporate data center and VPN by using Direct Connect.
· If you need more than one VPC, you can create multiple VPCs and can connect each one of them by VPC peering. This way you can share the resources across multiple VPCs and accounts.
· Connect to resources such as S3 using a VPC endpoint.
1. Amazon VPC Components and Terminology
(1) Amazon VPC
The first step of creating a VPC is deciding the IP range by providing a Classless Inter-Domain Routing (CIDR) block.
VPC supports both IPv4 and IPv6. Having a CIDR block for IPv6 is optional, but you need an IPv4 CIDR block.
Once you create a VPC, you can’t alter the size of it.
A VPC is limited to a region which means you can’t have a VPC spanning regions. Within a VPC, you have all the AZs that are part of the region where the VPC belongs.
(2) Subnet
Subnet is short for subnetwork, which is logical subdivision of an IP network.
The most common ones are public subnets, private subnets and VPN-only subnets.
Public subnet: create for resources that need to be connected to the Internet.
Private subnet: create for resources that do not need to be connected to the Internet.
VPC-only subnet: create when you want to connect your virtual private cloud with your corporate data center.
Subnets are AZ specific. For multiple AZs, create multiple subnets. VPC are region specific. For multiple regions, create different VPCs.
If you create more than one subnet in a VPC, the CIDR blocks of the subnets cannot overlap.
Table CIDR Block and Available IP Addresses
For any subnet AWS reserves, the first four IP addressed and the last IP address are for internal networking purposes, and they are not available for your usage.
(3) Route Table
A route table is a table consisting of certain rules known as routes that determine where the traffic is directed.
Each subnet must have a route table at any time, but you can associate multiple subnets with the same route table.
When you create a subnet and do not associate it with any other route table, it is automatically associated with the main route table of the VPC.
The VPC’s default route table (known as the main route table) is created automatically, and you can’t modify it.
For the case you don’t want to use the main route table of VPC, a best practice would be to keep the main route table of the VPC in an original state with only the local route and assign a custom route table for each subnet you have created.
A target if “local” means only local traffic can flow within the virtual private cloud and no other traffic is allowed.
(4) Internet Gateway
An Internet Gateway (IG) is a component of VPC that allows your VPC to communicate with the Internet.
An IG supports both IPv4 and IPv6 traffic.
Attach an IG: add the entry for the IG i
最低0.47元/天 解锁文章
扫一扫
446
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
