[AWS for beginners] Rough explanation! What is Amazon VPC?
Introduction
Hello.
am an apprentice engineer
Have you ever heard of AWS's VPC service?
I would like to explain this for people who have recently started using AWS, or for those who have heard of AWS but are not sure about it.
What is VPC?
As an engineer, I am often told that I should be the primary source.
Now that I'm in my 3rd year, I've been really feeling this way.
So let's take a look (abrupt).
With Amazon Virtual Private Cloud (Amazon VPC), you can launch AWS resources in a logically isolated virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
Quote: AWS official documentation ( https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html )
Amazon Virtual Private Cloud (Amazon VPC) allows you to launch your AWS resources within a defined, logically isolated virtual network. A virtual network is very similar to a traditional network operated in your own data center, but with the benefit of using AWS's scalable infrastructure.
〇 Citation: AWS official document ( https://docs.aws.amazon.com/ja_jp/vpc/latest/userguide/what-is-amazon-vpc.html )
Yes, I'm using some difficult words, but to summarize, it's as follows.
A virtual network in which you can build AWS resources
What do you like?
The major benefits include:
- Saves time and cost
- Easy to customize
Saves time and cost
In traditional on-premises environments, for example, when installing a server, it was time-consuming to prepare a location within the company, install it in a data center, or rent a server.
Additionally, opening a network line was extremely time consuming and costly.
However, you can easily create a dedicated network using Amazon VPC.
Easy to customize
When building a network on-premises, it was time-consuming to thoroughly research the intended use and prepare components such as routers.
Additionally, preparations for changes that become necessary after the actual operation has started are difficult.
Of course, even if you use Amazon VPC, you will need to investigate the affected area and make the actual changes, but I am very happy that you can operate it from the AWS console etc. without having to touch any physical parts. hey!
Just keep this in mind! important words
Now, I think I've (probably) understood the benefits, so I'd like to introduce some important words you should keep in mind to better understand Amazon VPC.
1. Region
As you know, AWS is an American company, but there are companies all over the world that use AWS.
Even if it is a cloud, physical distance will affect communication speed, etc., so his AWS company has data centers all over the world, and each one is physically separated.
Separated areas around the world are called regions
As of June 2024, Japan has Tokyo (ap-northeast-1) and Osaka (ap-northeast-3).
This is off-topic, but AWS recently announced plans to invest in Japan, so the number of regions may increase in the future.
https://aws.amazon.com/jp/about-aws/whats-new/2024/01/aws-commits-2trillion-yen-investment-into-japan-ai-and-digital-transformation-from-2023- to-2027/
2. Availability Zone (AZ)
Within each region, there are multiple independent locations.
This is called an "availability zone."
You can select an Availability Zone within each account, but even if the name is the same, which Availability Zone it refers to will differ depending on the account.
In the image below, the availability zones "us e 1-az1 / us e 1-az2 / us e 1-az3" that exist in the region us-east-1 are pointed to differently by Account1111111111 and Account22222222, respectively. This is an image that indicates that
〇 Citation: AWS official document ( https://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#availability-zones-describe )
3. Subnet
A subnet is a virtual network created as a VPC that is further divided into a network within a certain IP address range.
It's like creating a virtual network inside a VPC.
For this subnet, we will create what is called a public subnet and a private subnet.
A public subnet is a network that allows direct communication with the Internet.
A private subnet is a network that cannot be directly connected to outside networks.
Each subnet must specify an availability zone; for example, you can place a public subnet and a private subnet in the ap-northeast-1a availability zone in the Tokyo region.
Once the subnet has been successfully created, we will create EC2 and RDS resources there.
4. Internet Gateway
It's like a gate that allows communication between the VPC created on your personal AWS account and the outside world, the Internet.
Without this, resources within your VPC will not be able to access the outside Internet.
5. Loot table
Rules that determine network routes within a VPC are called "routes," and
the resources that describe those routes are called "route tables."
For example, if you want to allow access to the external Internet from EC2 created within a VPC, you need to write the route from the IP of the resource you want to allow to the Internet gateway in this route table.
6. Security Group
It allows you to set rules that allow access to resources created within the same VPC.
Specifically, write the access source IP, protocol, and port number.
For example, if you want to make an SSH connection to EC2, you can connect to EC2 by adding the following settings.
Access source IP | protocol | port number |
XXX.XXX.XXX.XXX | SSH | 22 |
Finally...
What do you think?
Some of you may be wondering, but is this what VPC is? I hope you have an image of this.