📖 What is Amazon VPC?
Amazon Virtual Private Cloud (VPC) allows you to create a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including IP address ranges, subnets, route tables, and network gateways.
"VPC is foundational to AWS security and networking. Understand the difference between public and private subnets, Internet Gateways, NAT Gateways, and VPC endpoints. Exam questions frequently involve network configuration and security group rules within a VPC."
📚 Certification: AWS Certified Cloud Practitioner (CLF-C02)
🔑 What are the Key Concepts of Amazon VPC?
- ▸ VPCs provide network isolation, allowing you to define a network topology independent of other AWS accounts and the public internet.
- ▸ Subnets are sections of a VPC’s IP address range; public subnets have routes to an Internet Gateway, while private subnets do not.
- ▸ Route tables control the destination of network traffic, determining whether it stays within the VPC or is routed to the internet or other networks.
- ▸ Network Access Control Lists (NACLs) and Security Groups act as firewalls, controlling inbound and outbound traffic at the subnet and instance levels, respectively.
- ▸ VPC Peering enables connectivity between VPCs, whether within the same account or across different accounts, creating a private network connection.
🎯 How does Amazon VPC appear on the CLF-C02 Exam?
You may be asked to identify the correct VPC component to allow instances in a private subnet to access the internet without exposing public IP addresses.
A scenario might describe a company needing to connect two VPCs securely – expect questions about choosing between VPC Peering and AWS Transit Gateway.
Expect questions about configuring security groups to allow specific traffic to web servers within a VPC, focusing on inbound and outbound rules.
❓ Frequently Asked Questions
What’s the difference between a NAT Gateway and an Internet Gateway?
An Internet Gateway allows direct internet access for resources in public subnets. A NAT Gateway allows instances in *private* subnets to initiate outbound internet connections, but prevents inbound connections initiated from the internet.
How do NACLs and Security Groups differ in their functionality?
NACLs operate at the subnet level and are stateless, requiring explicit rules for both inbound and outbound traffic. Security Groups operate at the instance level and are stateful, automatically allowing return traffic.
Can I change the CIDR block of a VPC after it's created?
No, you cannot directly change the CIDR block of an existing VPC. You would need to create a new VPC with the desired CIDR block and migrate your resources, which can be complex.