Welcome!! In this article, we shall learn about AWS
VPC (Virtual Network), Subnet, VPC Peering, NACL, Security Groups, Site to site
VPN, and Direct Connect.
VPC:-
VPC is nothing but, like On-premises network environment,
where we use switches and routers to communicate with servers and clients, same
as AWS Virtual Private Cloud. It is also used for communicating with AWS
resources such as EC2, RDS, etc.
· Per Region, it is limited to a 100 VPCs.
VPC is isolated, based on the configuration in Network Access Control List and Security Groups, all resources within VPC can communicate with each other.
VPC is isolated, based on the configuration in Network Access Control List and Security Groups, all resources within VPC can communicate with each other.
Subnet:-
Under the VPC, we must understand the Subnet and
how it works.
Subnetting is the process of dividing a network
into small networks
- We can divide the VPC IP range into multiple parts of unique subnet IP ranges.
- By default the resources within the subnet will communicate with each other and also communicate across the subnets in the same VPC. We can restrict the communication across the subnet and outside
- AWS Environment with the help of NACl and Security Groups, so communication between the Subnets and Outside of the AWS Environment is up to our choice.
- Here the Security Group and NACL acts as a Firewall.
For Example: -
There are two classrooms in a school, both classrooms are restricted by Network Access Control List. Consider a classroom as a
subnet
Class A leader wants to get a duster from Class B,
but the class was closed, he can go by opening the door, here the door is a Network Access
Control List, it will act as a firewall for subnets only.
·
Resources in different VPCs can’t
communicate with each other.
What should we do to communicate between two different VPC’s inside AWS?
VPC Peering:-
For Example, let me explain based on a scenario
There are two schools, School A (VPC A) and School B (VPC
B)
School A students want to participate in a
sports event conducted by School B,
the school A must get permission and register in government CEO Office to join
in this event. After getting permission they can join the event.
As same in our AWS, to communicate between
two different VPC’s A and B, we must configure VPC Peering.
With the help of VPC Peering, our AWS
resources can communicate with the private IP address.
VPC Peering is one best option when
compared to Site to Site VPN.
VPC Peering is a seamless connection
between two different VPCs, it works on the AWS backbone network which means no
need for public internet.
If we want to communicate between two
different VPC’s in a different region or different account, there is an option in
AWS called as AWS Global VPC Peering, this too runs on AWS backbone network, no
need a public network and a gateway.
Now Global VPC is generally
available.
How to communicate AWS resources with On-Premises.
Site to Site VPN:-
·
We can communicate with AWS to
On-Premises with the help of Site to site VPN.
·
Site to site VPN is like normal VPN,
it is used to communicate with AWS resources.
Direct Connect:-
We can use Direct Connect to communicate between AWS and On-Premises.
· It costs huge when compare with Site to site VPN.
· Because it was the dedicated route between AWS and on-premises, for the Direct Connect the configuration we support from our On-Premises Internet Service Provider.
· My suggestion if we have a large number of resources then we can go for Direct Connect otherwise Site to site VPN is sufficient.
For Azure users, you can easily compare
these service by referring below article
I hope you understood the above topics.
If you like this please like, comment
and share.
Thanks for reading this article, Have a
nice day.
Cheers,
Gokulakrishna