Amazon VPC (Virtual Private Cloud) is probably one of the most used and famous services inside the Amazon Web Services suite. The reason is simple: this service is mostly related to the concepts of security in the cloud and access to our data inside a third-party data center, like the ones of Amazon.
A bit about Amazon Virtual Private Cloud: it was initially released in August 2009 as Jeff recounts in this post of the official AWS blog. Then Amazon was already aware of the fact that VPC was a great addition to its platform in order to have more security and isolation for its customer. Since then, Amazon did another step ahead introducing a Default VPC for everyone.
See who is using VPC: we recently published a great presentation by Anki Drive. Read how they are using VPC in our blog post.
How to learn Amazon VPC: based on our users’ behavior we know that Amazon VPC is one of the hardest and most answered question set. You can decide to start with our random quizzes or pick a Deck dedicated to Amazon VPC. For every quiz, you get also a basic learning experience. If you’re interested in learning more about Amazon VPC, we recommend the Cloud Academy’s Working with AWS Networking and Amazon VPC Course.
Well, when it comes to cloud security, you are going to hear a lot of crap and prejudices. It was like this at the beginning, when people used to say “you don’t know where is your data” and it is not that different today; the reality a bit different, fortunately, and AWS like other IaaS cloud computing services, is proving it with different approaches.
So, Amazon VPC is one of the few things that you should learn immediately if you want to start using AWS for your business. In this article, I want to cover, very quickly, the most important 5 things about VPC that can help you understand how to implement VPC and how to do that in relation with your infrastructure and kind of business you have.
At the end I will also suggest you how to learn to use Amazon VPC, Cloud Academy has a great set of quizzes and basic learning information on it, so this is, of course, the first step for you, but there are many others.
1. Amazon VPC gives a lot of security to your data and instances
So I would like to start saying what is Amazon Virtual Private Cloud. My feeling is that our users sometimes are getting lost in the jungle of services and they simply need a structured guide to start using them. Well, the first step is understanding why you need to use Amazon Virtual Private Cloud.
When you launch a normal instance inside a public cloud, this is basically exposed to the Internet with a lot of potential risks for your business: attacks, DDoS and possible bugs that can compromise it and so your security. This is not something happening only with a cloud computing provider, it happens with a dedicated server or a virtual machine anywhere else, if you expose it directly to a public network, you get troubles, most of the times.
Amazon VPC is a logically isolated portion of Amazon Web Services that gives you a virtual network where you can launch instances with particular rules and policies to get access to the Internet. It is really like having a virtual network inside a cloud computing service with the possibility to have a specific range of IPs, subnets and networks rules in order to specify a set of rules to communicate with external resources, in AWS or in another data center or publicly available.
To summarize, using Amazon VPC you have:
- An isolated environment inside AWS to launch your instances
- A virtual network where you can define rules and policies for your services
- A great solution to have a wall between the Internet and your instances, you can decide to expose only a part of your infrastructure, basically, the only one that needs to speak with the rest of the world
- The opportunity to set up subnets, IP ranges, and network configurations as you prefer.
2. Amazon VPC is the best way to connect your data center to your Instances on Amazon Web Services
When it comes to public cloud computing, there a lot of companies that have already a private data center or a set of private dedicated server around the world and they need to split their workload between those servers and the public cloud. It is generally called a hybrid cloud, and even if it’s not the purpose of this article, it’s something that you should know if you are considering to use Amazon VPC.
In VPC you don’t need any external hardware or VPN to set up your own networks with your rules, this is the perfect setup in order to create a private channel between your own data center and AWS: there is a great option to start within VPC’s configuration, select “VPC with a Private Subnet Only and Hardware VPN Access“.
In case you are thinking about this use, well there are many other things that you should consider, like having a small set of instances inside your VPC that directly back up your own data center for the most important server. This is a smart solution because in case of disaster, those instances inside AWS are already up and running and you don’t have a long and painful downtime. This is a great lesson also for many hosting providers (I come from this industry, so I know a bit about them) that could use AWS to enforce their disaster recovery strategies, starting from services like e-mail and DNS.
A note: in any case, you will need also a Virtual Private Gateway.
3. Not all your web applications components need to access the Internet
Designing an AWS infrastructure is not so simple as you can imagine. Of course, you get a nice GUI for all the services but the devil is in the details; one of the reasons why you should use Amazon VPC to organize your AWS instances is because not all the parts of your applications need to be exposed externally to the Internet.
In a multi-tiers scenario, where my web-app is using a database (let’s say MongoDB) and an application server, Amazon VPC allows you to enforce the security of your database and application server: they will not be accessible from the Internet, but only by the instances acting as web servers inside your AWS. This means that you can also specify rules and policies to get them connected through the use of security groups.
4. Security Groups
Security Groups is something that you will love in AWS and in particular inside Amazon VPC.
A security group can be compared to a software firewall that authorizes the traffic inbound and outbound from your instances. You can use Security Groups in VPC in order to set which instance can communicate with others.
5. AWS Certification candidate? You need a lot of VPC!
Yes, we know that Amazon VPC is probably the best topic you should know before taking the AWS Certification. We heard a lot of candidates saying that VPC was a great part of the questions for the certification. It’s pretty clear why: Amazon VPC is a core component right now in AWS and being an expert on this means knowing a good part of Amazon Web Services.
This is also the reason why you will find a lot of Amazon VPC quizzes and learning statements.
Watch this short video on NAT Gateway (a key VPC component) which is taken from the Cloud Academy’s Working with AWS Networking and Amazon VPC Course.
Check the Cloud Academy’s Training Library on all VPC-related content we’re produced so far.
New Content: Platforms, Programming, and DevOps – Something for Everyone
This month our team of expert certification specialists released three new or updated learning paths, 16 courses, 13 hands-on labs, and four lab challenges! New content on Cloud Academy You can always visit our Content Roadmap to see what’s just released as well as what’s coming soon....
Mastering AWS Organizations Service Control Policies
Service Control Policies (SCPs) are IAM-like policies to manage permissions in AWS Organizations. SCPs restrict the actions allowed for accounts within the organization making each one of them compliant with your guidelines. SCPs are not meant to grant permissions; you should consider ...
New Content: Focus on DevOps and Programming Content this Month
This month our team of expert certification specialists released 12 new or updated learning paths, 15 courses, 25 hands-on labs, and four lab challenges! New content on Cloud Academy You can always visit our Content Roadmap to see what’s just released as well as what’s coming soon. Ja...
New Content: Get Ready for the CISM Cert Exam & Learn About Alibaba, Plus All the AWS, GCP, and Azure Courses You Know You Can Count On
This month our team of intrepid certification specialists released five learning paths, seven courses, 19 hands-on labs, and three lab challenges! One particularly interesting new learning path is Certified Information Security Manager (CISM) Foundations. After completing this learn...
Which Certifications Should I Get?
The old AWS slogan, “Cloud is the new normal” is indeed a reality today. Really, cloud has been the new normal for a while now and getting credentials has become an increasingly effective way to quickly showcase your abilities to recruiters and companies. With all that in mind, the s...
The 12 AWS Certifications: Which is Right for You and Your Team?
As companies increasingly shift workloads to the public cloud, cloud computing has moved from a nice-to-have to a core competency in the enterprise. This shift requires a new set of skills to design, deploy, and manage applications in cloud computing. As the market leader and most ma...
AWS Certified Solutions Architect Associate: A Study Guide
Want to take a really impactful step in your technical career? Explore the AWS Solutions Architect Associate certificate. Its new version (SAA-C02) was released on March 23, 2020. The AWS Solutions Architect - Associate Certification (or Sol Arch Associate for short) offers some ...
New Content: AWS Terraform, Java Programming Lab Challenges, Azure DP-900 & DP-300 Certification Exam Prep, Plus Plenty More Amazon, Google, Microsoft, and Big Data Courses
This month our Content Team continues building the catalog of courses for everyone learning about AWS, GCP, and Microsoft Azure. In addition, this month’s updates include several Java programming lab challenges and a couple of courses on big data. In total, we released five new learning...
Where Should You Be Focusing Your AWS Security Efforts?
Another day, another re:Invent session! This time I listened to Stephen Schmidt’s session, “AWS Security: Where we've been, where we're going.” Amongst covering the highlights of AWS security during 2020, a number of newly added AWS features/services were discussed, including: AWS Audit...
AWS re:Invent: 2020 Keynote Top Highlights and More
We’ve gotten through the first five days of the special all-virtual 2020 edition of AWS re:Invent. It’s always a really exciting time for practitioners in the field to see what features and services AWS has cooked up for the year ahead. This year’s conference is a marathon and not a...
WARNING: Great Cloud Content Ahead
At Cloud Academy, content is at the heart of what we do. We work with the world’s leading cloud and operations teams to develop video courses and learning paths that accelerate teams and drive digital transformation. First and foremost, we listen to our customers’ needs and we stay ahea...
Excelling in AWS, Azure, and Beyond – How Danut Prisacaru Prepares for the Future
Meet Danut Prisacaru. Danut has been a Software Architect for the past 10 years and has been involved in Software Engineering for 30 years. He’s passionate about software and learning, and jokes that coding is basically the only thing he can do well (!). We think his enthusiasm shines t...