- 🛣Networks are like roads and highways to get from Point A to Point B
- This works the same way with data going through networks (go from local “roads” to “highways” to communicate with other computers)
- If you want to send traffic to a different (non-local) computer/server, you’d have to go through the router as opposed to just communicating with local computers on the same network just using switches.
Conceptual Overview of VPCs
- ☁️ VPC = virtual private cloud = private subsection of AWS that you control, and use AWS resources/services such as EC2 instances and databases.
- May select your own ip address range, subnets, and config of route tables and network gateways.
- When you create an AWS account, a default VPC is created for you.
- Subnet = sub network, or a sub section of a network. Generally, a subnet includes all of the computers in a specific location.
- i.e. all of the houses (computers) on the same street in a neighborhood would be a subnet.
- Hierarchy goes: find right network, then the right router, then correct subnet, and finally the correct computer (ip address).
- Or high level cloud hierarchy: AWS cloud -> VPC -> Subnet(s) -> AWS Resources (EC2, RDS, etc)
- Can have multiple subnets in different AZs with different AWS resources for high availability.
Internet Gateways and Route Tables
- Internet Gateways (IGWs) = hardware + software that provides your private network with a route to the outside world (meaning the internet) of the VPC
- Your default VPC already has an IGW attached
- IGWs are highly available VPC components so it doesn’t impose any availability risks or bandwidth constraints.
- Route Table = talks to IGW to allow lets say an EC2 instance to connect to the internet (outside of your VPC)
- RTs are like the GPS of the VPC. They contain a set of rules called Routes that are used to determine where network traffic is directed.
- Your default VPC already has a main route table.
- Basically a RT helps direct traffic to the right destination.
- Networking Security = determining which devices can communicate with each other.
VPC Subnets, Security Groups, and NACLs
- 🔐Network Access Control List (NCAL) = A firewall / security layer on the subnet level. Basically like a bouncer saying who can come in or out.
- NACL lists have inbound and outbound lists.
- I.e. want http traffic to come into your subnet in your VPC, need to add to the NACL
- Security Group = A firewall / security layer on the EC2 instance/server level for example. SGs are used when you need multiple EC2 instances on the same subnet but with different security restrictions for some for example.
- SGs are like a conference where someone checks if you are allowed into the conference (subnet) and then once in the conference, someone checks which talks/rooms (instances) you can attend in terms of access.
- Public subnets = ability to access resources on the internet (because connected through IGW)
- Private subnets = no IGW, therefore no access to the resources on the internet
- NACL also needs to set both inbound and outbound rules.
- Rules are evaluated based on rule # (ordered list), can think of this as priorities of rules.