Amazon Web Services (AWS): VPC: Points to remember
Let's learn about Amazon VPC:
- VPC allows to provision a logically isolated section of the AWS cloud where user can launch AWS resources in a virtual network.
- VPC endpoints enables to privately connect with VPC to services hosted on AWS without requiring an Internet gateway, a NAT device, VPN or firewall proxies.
- VPC endpoints are horizontally scalable and highly available virtual devices.
- Amazon VPC offers two different types of endpoints: gateway type endpoints and interface type endpoints.
- VPC supports the creation of an Internet gateway. This gateway enables EC2 instances in the VPC to directly access the Internet.
- An Internet gateway is horizontally-scaled, redundant & highly available. It imposes no bandwidth constraints.
- Users may use a third-party software VPN to create a site to site or remote access VPN connection with VPC via the Internet gateway.
- AWS supports Internet Protocol Security (IPSec) VPN connections.
- An internet gateway is not required to establish an AWS Site-to-Site VPN connection.
- Default VPCs are assigned a CIDR range of 172.31.0.0/16. Default subnets within a default VPC are assigned /20 netblocks within the VPC CIDR range.
- Users can route traffic via the AWS Site-to-Site VPN connection and advertise the address range from their home network.
- Users can bring their public IPv4 addresses into AWS VPC and statically allocate them to subnets and EC2 instances.
- A VPC can have both IPv4 and IPv6 CIDR blocks associated to it.
- The minimum size of a subnet is a /28 (or 14 IP addresses.) for IPv4.
- AWS reserves the first four IP addresses and the last one IP address of every subnet for IP networking purposes.
- An IP address assigned to a running instance can only be used again by another instance once that original running instance is in a 'terminated' state.
- Users can use VPC traffic mirroring and VPC flow logs features to monitor the network traffic in their AWS VPC.
- A subnet must reside within a single Availability Zone.
- The total number of network interfaces that can be attached to an EC2 instance depends on the instance type.
- Network interfaces can only be attached to instances residing in the same Availability Zone.
- Peering connections can be created with VPCs in different regions.
- Peered VPCs must have non-overlapping IP ranges.
- Edge to Edge routing isn’t supported in AWS VPC.
- VPC peering connections do not require an Internet Gateway.
- Security groups cannot be referenced across an Inter-Region VPC Peering connection.
A Points to remember series by Piyush Jalan.