What is VPC

1) What is VPC

VPC, Virtual private cloud. if you choose tenancy as dedicated then you will be able to launch only Dedicated instances or dedicated hosts

2) Creating VPC

While creating VPC we may see below options and need to select the values.A short information about the options

(i) Tenancy - While creating VPC if you choose tenancy as dedicated then you will be able to launch only Dedicated instances or dedicated hosts

(ii) CIDR block - It represents range of IP Address Eg; 10.0.0.0/26 Start will be 10.0.0.0 and rang will be [ 2 ^ (32 - 26)  = 2^6 = 64 ] and so the end will be 10.0.0.63

(iii) Subnet - It represents range of IP Address. Amazon reserves first 4 and last 1 IP of every subnet. Default subnet within default VPC are assigned /20 netblocks.

3) VPC Resources & Settings

(i) NACL - Network Access controlled List. - Subnet level Traffic filtering .

(ii)  Internet Gateway: VPC side of a connection to the public Internet. 1 Per VPC

(iii) NAT Gateway: A highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the Internet.

(a) Modify auto assign IP Setting - If true, enables auto assign public for Instances. Enable auto-assign public IPv4 or IPv6 addresses to automatically request an IP address for instances launched into this subnet.

3) Resoure Location

VPC - Specific to Region. We can't mention AZ.

Subnet - Specific to AZ

4) VPC Settings

Edit DNS resolution -

Edit DNS host name - If checked, instances will get private hostname.

CIDR block -

VPC (Virtual Private Cloud) - Logically isolated virtual network in the AWS cloud. You can define VPC's IP address space from a range you select

VPC wit single public subnet -

Using an Elastic IP address (EIP) enables an instance in a VPC, which is otherwise private, to be reached from the Internet through an Internet gateway (for example, it could act as a web server).

4) VPC options

(i)   VPC wit single public subnet

(ii)  VPC with public/private subnet

(iii) VPC With public/private subnet and Hardware VPN access

(iv) VPC with private subnet only and Hardware VPN access

5) Components of Amazon VPC?

Amazon VPC comprises a variety of objects that will be familiar to customers with existing networks:

Hardware VPN Connection: A hardware-based VPN connection between your Amazon VPC and your datacenter, home network, or co-location facility.

Virtual Private Gateway: The Amazon VPC side of a VPN connection.

Customer Gateway: Your side of a VPN connection.

Router: Routers interconnect subnets and direct traffic between Internet gateways, virtual private gateways, NAT gateways, and subnets.

Peering Connection: A peering connection enables you to route traffic via private IP addresses between two peered VPCs.

VPC Endpoint: Enables Amazon S3 and Amazon DynamoDB access from within your VPC without using an Internet gateway or NAT, and allows you to control the access using VPC endpoint policies.

Egress-only Internet Gateway: A stateful gateway to provide egress only access for IPv6 traffic from the VPC to the Internet

6) Charge – No Charge for VPC & VPC peering

7) VPC Peering – Is between availability zone’s only, Peering must non-overlapping IP range.

8) Limits

VPC           – 5 per region

Subnet       – 200 per VPC

IG               – 1 per VPC

Virtual private gateway – 5 per region

Customer Gateway       – 50 per region

9) Security group

Default security group config – Allow All outbound and No inbound

10) General Information's

1) Default VPC are assigned range of 172.31.0.0/16 in size

2) Currently AWS supports VPC between /28(In CIDR) & /16 in size.

3) We can't change the size of VPC. You must terminate and create new one

4) You can't assign IP address for multiple instances simultaneously

5) We cant dtach eth0

11) VPC Peering 

Connecting of two non CIDR overlapping VPC's. Peering is available between same region. Peering between different AWS account is possible.

Conditions/Restrictions

(i) No Tranisitive Peering (Eg:Let us there are 3 VPC's A,B,C. A is peered between B & C that does'nt mean that VPC C can connect B.

(ii) No Edge routing

(iii) No NAT routing

About Peering

(i)  We need to update route tables of the VPC after Peering. Like for the CIDR block of VPC 2 and entry in VPC 1 route table need to be created with the destination as Peer name.

(ii)  We cannot use the Security group of Other VPC even it is peered

(iii) Windows instances cannot boot correctly if launched into a VPC with ranges from 224.0.0.0 to 255.255.255.255 (Class D and Class E IP address rang