Enquire Now

AWS - VPC,Subnet,Route Table,NACL Services

Cloud
March 25, 2025, 5:53 p.m. | Sridhar S

VPC

Part I 

AWS Virtual Private Cloud (VPC) is a fundamental service within Amazon Web Services that enables the creation of an isolated and secure network cloud environment. A VPC gives users complete end-to-end control over networking, such as IP address space, subnets, route tables, gateways, and security.

What is Amazon VPC (Virtual Private Cloud)?

Amazon VPC can be described as the private cloud of the overall cloud infrastructure. It is a logical set of servers in a particular network. The servers which you will wish to host in the Virtual Private Cloud (VPC) will be separated from all other servers which are hosted in Amazon Web Services. Users are given full control over the IP addresses which are allocated to the virtual machines, as well as the route tables and gateways for the VPC. Through security groups and network access control lists, it is also possible to make one's application secure.

Amazon VPC (Virtual Private Cloud) Architecture 

The fundamental framework of a well-functioning Virtual Private Cloud (VPC) is made up of numerous isolated services, including but not limited to Gateway, Load Balancer, and Subnets. Individually, they are all positioned inside a VPC to establish a segmented virtual domain. In addition to these services are also security levels established at different levels.

It is first divided into subnets that are interconnected using route tables with the help of a load balancer.

Key Components of AWS VPC

Subnets :

A VPC can be divided into multiple subnets. There are two types:

  • Public Subnet: Accessible from the internet, usually used for web servers.
  • Private Subnet: Internal network with no direct internet access, used for databases and internal applications.

Route Tables

Route tables define how traffic is directed within the VPC. Each subnet is associated with a route table that determines the allowed network paths.

Internet Gateway (IGW)

An IGW allows instances in a public subnet to connect to the internet. It is attached to the VPC and acts as a bridge between the AWS network and the public internet.

NAT Gateway

A NAT (Network Address Translation) Gateway enables instances in private subnets to access the internet securely while preventing inbound traffic.

Security Groups and Network ACLs

Security Groups (SGs) and Network Access Control Lists (NACLs) act as firewalls to control traffic at different levels:

  • Security Groups: Operate at the instance level and define inbound and outbound rules.
  • NACLs: Function at the subnet level to regulate traffic between subnets.

Peering and VPN Connectivity

  • VPC Peering: Enables communication between VPCs across different AWS accounts or regions.
  • AWS Site-to-Site VPN: Establishes a secure connection between an on-premises data center and a VPC.
  • AWS Direct Connect: Provides a dedicated physical network link between an on-premises network and AWS.

Benefits of AWS VPC

  • Security: Complete isolation and granular control over network access.
  • Scalability: Easily expand by adding subnets and peering connections.
  • Flexibility: Supports hybrid cloud architectures with VPN and Direct Connect.
  • Cost Efficiency: Optimized data transfer costs compared to traditional networking solutions.

In a default AWS VPC, the number of instances you can create depends on several factors:

Subnet IP Address Limit:  

  • A default VPC has a /16 CIDR block (65,536 IPs).
  • Each subnet in the default VPC is a /20 block (4,096 IPs).
  • AWS reserves 5 IPs per subnet, so each subnet has 4,091 usable IPs.

EC2 Instance Limits:

  • AWS imposes instance limits per region. By default:
  • 128 vCPUs for on-demand instances.
  • 64 vCPUs for spot instances.

You can increase limits by requesting a quota increase.

Instance Type:

  • The number of instances depends on their vCPU count.
  • Example: If your instance type has 4 vCPUs, you can launch 32 instances (128 ÷ 4).

Availability of Public IPs:

  • Public subnets need an Elastic IP (EIP) for external access.
  • AWS has a soft limit on the number of EIPs per region (default is 5, but you can request more).

Practical Scenario:

  • If you use t2.micro instances (1 vCPU each) in a default VPC:
  • You can launch 128 instances (until the vCPU limit is reached).

If you increase the vCPU limit, you can utilize more IPs.

Conclusion

AWS VPC is an essential service for building secure, scalable, and efficient cloud environments. By understanding its components and configuration, businesses can deploy applications with optimal security and network performance.

 

aws vpc, vpc subnet, aws subnet, private subnet, public subnet, aws route table, vpc route table
22
Sridhar S

Author

Sridhar S

Cloud Admin - Chadura Tech Pvt Ltd, Bengaluru

Related Posts

Cloud
Mastering AWS IAM Users: Policies, Permissions, and Identity Security
April 2, 2025, 12:35 p.m. Sridhar S

Mastering AWS IAM Users: Policies, Permissions, and Identity Security

LEARN MORE ABOUT Mastering AWS IAM Users: Policies, Permissions, and Identity Security
Cloud
Managing Remote Access with Bastion Hosts in Cloud Environments
April 1, 2025, 12:07 p.m. Sridhar S

Managing Remote Access with Bastion Hosts in Cloud Environments

LEARN MORE ABOUT Managing Remote Access with Bastion Hosts in Cloud Environments