Quick notes on Amazon Virtual Private Cloud (VPC)

Amazon Virtual Private Cloud (VPC) is a critical component of AWS that allows you to create a private network in the cloud. Here are few important facts about AWS VPC:

1. Isolated Networking: VPC provides isolated network space within AWS, allowing you to create a private and secure network environment.
2. Custom IP Address Ranges: You can define your IP address ranges (CIDR blocks) for your VPC, providing flexibility in network design.
3. Subnet Configuration: VPCs can be divided into subnets, which can be public (accessible from the internet) or private (not accessible from the internet).
4. Route Tables: Each subnet in a VPC is associated with a route table, which determines how traffic is routed.
5. Internet Gateway (IGW): To make subnets public, you can attach an IGW, allowing instances to connect to the internet.
6. NAT Gateway/Instance: To enable private subnets to access the internet, you can use Network Address Translation (NAT) gateways or instances.
7. Security Groups: Security groups act as virtual firewalls, controlling inbound and outbound traffic to instances within the VPC.
8. Network ACLs: Network Access Control Lists (NACLs) provide an additional layer of security, controlling traffic at the subnet level.
9. VPC Peering: VPCs can be peered together to allow communication between them, creating a virtual private network.
10. Transit Gateway: For complex network architectures, Transit Gateway simplifies VPC-to-VPC and on-premises network connectivity.
11. VPC Endpoints: VPC endpoints allow private access to AWS services (e.g., S3, DynamoDB) without using the public internet.
12. Elastic IP Addresses: You can allocate Elastic IP addresses for instances to maintain a consistent public IP.
13. VPC Flow Logs: Flow logs capture information about IP traffic going to and from network interfaces in your VPC for monitoring and troubleshooting.
14. Peering Limitations: VPC peering is not transitive, meaning if VPC A is peered with VPC B and VPC B is peered with VPC C, VPC A cannot directly communicate with VPC C.
15. IPv6 Support: AWS VPCs support both IPv4 and IPv6 addressing.
16. VPC Endpoints for AWS Services: VPC endpoints allow private access to various AWS services like S3, DynamoDB, and more, without going through the internet.
17. Site-to-Site VPN: VPCs can be connected to your on-premises data center using Virtual Private Network (VPN) connections.
18. Direct Connect: For dedicated, high-speed connections to AWS, you can use AWS Direct Connect.
19. VPC Peering Limits: There are limits to the number of VPC peering connections you can create per VPC and per region.
20. VPC Limits: AWS imposes certain limits on the number of VPCs, subnets, security groups, and other VPC components based on your AWS account’s default limit and your service limit request.

Understanding AWS VPC is essential for designing and deploying secure and scalable cloud infrastructure within the AWS ecosystem. It forms the foundation for building complex and secure network architectures in the cloud.