Welcome!! In this article, we shall learn about AWS VPC (Virtual Network), subnets, VPC peering, NACL, security groups, site to site VPN, and direct connect.
VPC
VPC is like an on-premises network environment, where we use switches and routers to communicate with servers and clients, the same as AWS Virtual Private Cloud. It is also used for communicating with AWS resources such as EC2, RDS, etc.
- Per Region it is limited to a 100 VPCs.
- VPC is isolated, based on the configuration in Network Access Control List and Security Groups, all resources within VPC can communicate with each other.
Subnet
Under the VPC, we must understand the Subnet and how it works.
Subnetting is the process of dividing a network into small networks
- We can divide the VPC IP range into multiple parts of unique subnet IP ranges.
- By default the resources within the subnet will communicate with each other and also communicate across the subnets in the same VPC. We can restrict the communication across the subnet and outside AWS Environment with the help of NACL and Security Groups, so communication between the Subnets and outside of the AWS Environment is up to our choice.
- Here the Security Group and NACL acts as a Firewall.
For Example,
There are two classrooms in a school, both class rooms are restricted by Network Access Control List. Consider a classroom as a subnet. Class A leader wants to get a duster from Class B, but the class was closed, he can go by opening the door. Here the Door is a Network Access Control List, it will act as a firewall for subnets only.
- Resources in different VPCs can’t communicate with each other.
What should we do to communicate between two different VPC’s inside AWS?
VPC Peering
Let me explain based on a scenario.
There are two schools, School A (VPC A) and School B (VPC B)
School A students want to participate in a sports event conducted by School B, the school A must get permission and register in government CEO Office to join in this event. After getting the permission they can join the event.
As in our AWS, to communicate between two different VPC’s A and B, we must configure VPC Peering.
With the help of VPC Peering, our AWS resources can communicate with the private IP address,
- VPC Peering is one best option when compared to Site to site VPN.
- VPC Peering is a seamless connection between two different VPCs it works on the AWS Backbone network which means no need for public internet.
- If we want to communicate between two different VPC’s in different regions or different accounts, there is an option in AWS called as AWS Global VPC Peering, this too runs on AWS backbone network, no need public network and a gateway.
- Now Global VPC is generally available.
How to communicate AWS resources with On-Premises
Site to site VPN
- We can communicate with AWS to On-Premises by the help of Site to site VPN.
- Site to site VPN is like normal VPN, it is used to communicate with AWS resources.
Direct Connect
- We can use the Direct Connect to communicate between AWS and On-Premises.
- It costs a lot when compared with site to site VPN.
- Because, it was dedicated route between AWS and on-premises, for the direct connect configuration we support from our on-premises Internet Service Provider.
- My suggestion is, if we have a large number of resources then we can go for direct connect otherwise site to site VPN is sufficient.
For Azure users you can easily compare these services by referring to this
article.
I hope you understood the above topics.
If you like this please like, comment and share.
Thanks for reading this article, and have a nice day.
Cheers,
Gokulakrishna