NIHAR MALALI

A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC

When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16. This is the primary CIDR block for your VPC.

Subnetting is the process of dividing a network into two or more subnets.

A VPC spans all the Availability Zones in the region. After creating a VPC, you can add one or more subnets in each Availability Zone. When you create a subnet, you specify the CIDR block for the subnet, which is a subset of the VPC CIDR block. Each subnet must reside entirely within one Availability Zone and cannot span zones.  We assign a unique ID to each subnet.

• If a subnet’s traffic is routed to an internet gateway, the subnet is known as a public subnet.
• If a subnet doesn’t have a route to the internet gateway, the subnet is known as a private subnet.
• If a subnet doesn’t have a route to the internet gateway, but has its traffic routed to a virtual private gateway for a Site-to-Site VPN connection, the subnet is known as a VPN-only subnet.

If you want your instance in a public subnet to communicate with the internet over IPv4, it must have a public IPv4 address or an Elastic IP address (IPv4)

There is a distinction between private and public IP addresses. To enable communication with the Internet, a public IPv4 address is mapped to the primary private IPv4 address through network address translation (NAT).

Regardless of the type of subnet, the internal IPv4 address range of the subnet is always private—we do not announce the address block to the internet.

Each subnet must be associated with a route table, which specifies the allowed routes for outbound traffic leaving the subnet.

Every subnet that you create is automatically associated with the main route table for the VPC. You can change the association, and you can change the contents of the main route table.

The instance 2A can’t reach the internet, but can reach other instances in the VPC. You can allow an instance in your VPC to initiate outbound connections to the internet over IPv4 but prevent unsolicited inbound connections from the internet using a network address translation (NAT) gateway or instance. Because you can allocate a limited number of Elastic IP addresses, we recommend that you use a NAT device if you have more instances that require a static public IP address. For more information, see NAT. To initiate outbound-only communication to the internet over IPv6, you can use an egress-only internet gateway. For more information, see Egress-Only Internet Gateways.

• Internet Gateway – An internet gateway is a virtual router that connects a VPC/subnet of a VPC to the internet
  
• NAT Device
  
• Virtual Private Gateway – virtual private network (VPN) connection enables communication with your corporate network.
  

  You can use an AWS Site-to-Site VPN connection to enable instances in your VPC to communicate with your own network. To do this, create and attach a virtual private gateway to your VPC, and then add a route with the destination of your network and a target of the virtual private gateway

• VPC Peering Connection:
  

  To enable the routing of traffic between VPCs in a VPC peering connection, you must add a route to one or more of your VPC route tables that points to the VPC peering connection to access all or part of the CIDR block of the other VPC in the peering connection. Similarly, the owner of the other VPC must add a route to their VPC route table to route traffic back to your VPC

• ClassicLink:
  

  ClassicLink is a feature that enables you to link an EC2-Classic instance to a VPC, allowing communication between the EC2-Classic instance and instances in the VPC using private IPv4 addresses.

• VPC Endpoint:
  

  A VPC endpoint enables you to create a private connection between your VPC and another AWS service.

• Egress-Only Internet Gateway:
  

  You can create an egress-only Internet gateway for your VPC to enable instances in a private subnet to initiate outbound communication to the Internet, but prevent the Internet from initiating connections with the instances.