What is Amazon VPC?
Amazon Virtual Private Cloud (VPC) is a logically isolated section of the AWS Cloud where you can define and control your networking environment. It allows you to launch AWS resources securely, controlling access and connectivity without exposing everything to the public internet.
In short, VPCs enable secure, private communication between your cloud resources while providing flexibility in network design.
How I Used Amazon VPC in This Project
Today, I built a custom Amazon VPC setup that included:
• A public subnet with internet access
• A private subnet isolated from the internet
• Internet Gateway to connect the VPC to the internet
• Route tables for directing traffic between subnets and internet
• Security Groups and Network ACLs for layered security
• EC2 instances deployed in both public and private subnets
• Connectivity setup between EC2 instances for internal communication
This project gave me hands-on experience with networking fundamentals on AWS and how different VPC components work together.
Key Concepts Explored
Virtual Private Cloud (VPC)
A VPC is your private network within AWS. It uses a CIDR block (IP address range) to organize resources and enables secure resource communication without exposing them publicly. AWS provides default VPCs, but creating your own gives you full control.
Subnets
Subnets partition the VPC into smaller network segments.
• Public subnet: Connected to the internet via an Internet Gateway; EC2 instances here can have public IPs.
• Private subnet: No direct internet access; used for sensitive or backend resources.
Internet Gateway
This gateway attaches to your VPC and allows resources in public subnets to access the internet and receive inbound connections.
Route Tables
Route tables control the traffic flow within your VPC. They contain rules (routes) that determine where network traffic is directed—whether to other subnets, the internet gateway, or virtual private gateways. Each subnet is associated with a route table that defines how its traffic is routed.
Security Groups
Security Groups act as virtual firewalls at the instance level. They control inbound and outbound traffic by allowing or denying specific IP addresses, ports, and protocols. Unlike NACLs, security groups are stateful, meaning they automatically allow response traffic for requests initiated by the instance.
Network ACLs (NACLs)
Network Access Control Lists act as a firewall at the subnet level. They provide an additional layer of security by controlling inbound and outbound traffic for subnets using stateless rules, which are evaluated before security groups.
Step-by-Step: What I Built
☁️ Create a VPC: You've taken your first steps by setting up a Virtual Private Cloud (VPC) using Amazon VPC.
🥅 Create subnets: Moving deeper into your VPC, you created subnets, which act like neighborhoods within your city, each with unique access rules. You learned the difference between public and private subnets and set up a subnet to allow instances within it to automatically receive public IP addresses, making them accessible from the internet.
🚪 Set up an internet gateway: Lastly, you added an internet gateway to your VPC, acting as the main gate that allows data to flow in and out. This setup is essential for any applications that require internet access, such as web servers. You've configured the gateway and linked it to your VPC, ensuring your public instances can reach the outside world and vice versa.
🚏 Bonus - configure IP addresses and CIDR blocks: You've configured your VPC with an IPv4 CIDR block, understanding that IP addresses are like street addresses for your resources! You explored how different CIDR blocks dictate the size and scale of your VPC
🚏 Set up route tables: You configured a route table in your VPC to send Internet-bound traffic to your internet gateway, turning your subnet into a public subnet.
👮♀️ Implement security groups: You created a security group to control inbound and outbound traffic at a resource level, specifying allowed IP addresses, protocols, and ports.
📋 Deploy network ACLs: You set up network ACLs as an additional layer of security, managing both incoming and outgoing traffic at the subnet level.
🚷 Create a private subnet: You created a new subnet and set its CIDR block to avoid an overlap with your public subnet.
🚧 Create a private route table: You also made this subnet private by assigning it to a dedicated route table that doesn't route traffic to an internet gateway!
🚔 Create a private network ACL: Then, you set up custom network ACLs to control inbound and outbound traffic for this private subnet - denying all traffic by default.
💻 Launch a public EC2 instance You launched an EC2 instance in your public subnet, set up the appropriate AMI and instance type, and configured key pairs for secure access.
🤐 Launch a private EC2 instance You launched an EC2 instance in your private subnet, created a security group within the same flow, and used the same key pair for access.
How Traffic Flows in My VPC
• 💻 Client/User: A user enters the URL of your website into their web browser and hits enter.
• 🚪 Internet Gateway: The request is sent from the user's browser through the internet and reaches your internet gateway.
• 🌐 VPC: The internet gateway forwards the user's request to the VPC it's attached to.
• 🚏 Route Table: Your VPC has a route table for your public subnet, which directs traffic to your EC2 instance hosting the website. The user's request get put on the local route in the route table.
• 📋 Network ACL: While en route to your EC2 instance, the request has to pass through the network ACL associated with your public subnet. The network ACL has an inbound rule (rule 100) that lets in traffic from anywhere (0.0.0.0/0), so your request is let through.
• 🥅 Public Subnet: The request enters your public subnet and travels to your EC2 instance within the subnet.
• Response is sent back following the reverse path through Security Group, subnet, route table, VPC, and Internet Gateway
This flow ensures that traffic is filtered and secured at multiple points.
What I Learned
• The importance of subnet segmentation for security and organization
• How routing and gateways connect your VPC to the internet safely
• The role of Security Groups and Network ACLs in protecting your cloud environment
• Setting up EC2 instances in both public and private contexts
• Hands-on experience with configuring and visualizing network components in AWS
Building this custom VPC gave me a foundational understanding of AWS networking essentials and prepared me for more complex cloud infrastructure projects ahead.
Have you worked with AWS VPCs before? What’s your go-to architecture setup? Let me know in the comments!
Top comments (0)