VPC

Subnet

Is a segment of VPC's IP Address Range

CIDR defines the IP Range of a subnet

AWS Reserves 5 IP address for internal network purposes

There are 3 types of subnet: Private, Public and VPN Only

You can create multiples subnets in the same AZ

A subnet exists only in one single AZ

The default VPC created by AWS has one public subnet in every AZ

Is inside a subnet that you can launch an EC2 Instance, Database or others AWS Resources

Route Table

Is a set of rules (routes), that are applied to a subnet to determine where the network traffic is directed

A subnet needs to be associated to a route table. If you don't specify one, it'll be associated to the default route table.

Is through the route table that we can make possible different EC2 Instances in different subnets, talk with each other

To make a public subnet, you need to associate an Internet Gateway in the route table that is associated

Every route in the route table specifies a destination CIDR and a Target

Facts

Every VPC has an implicit router

A VPC already comes with a main route table that you can modify

You can have only 5 VPCs per region

Internet Gateway

Is a VPC Component that scales horizontally, is redundant and highly available

Is responsible for provide Internet Connection to your VPC

One VPC can have only one Internet Gateway attached to it

After created, you need to attach to a VPC

Is responsible for perform network address translation to EC2 instances that have been associated to a public IP Address

Steps to create a public subnet:

1- Attach an Internet Gateway to your VPC

2- Create a new route in your Route Table: from 0.0.0.0/0 to IGW

3- Configure your NACL and Security Group allow the traffic

Steps to make your EC2 Instance available to access the Internet:

1- Assign a public IP Address or EIP Address

DHCP Options

AWS automatically creates and associate one DHCP Options for your VPC

Every VPC must have only one DHCP Options assigned to it

EIP (Elastic IP Address)

Is a pool of public IP Address maintained by AWS in each region

Each EIP is specific per region

To start using EIP, you must first associate to your VPC, then you can use on your EC2 Instances

You can move your EIP from another instance, since in the same region

EIP remains associated with your account until you explicitly release them

There are extra charges for EIPS allocated to your account, even when they are not associated with a resource

Elastic Network Interface

Is a virtual network interface that you can attach to an instance

Are associated with a subnet

Can have one public IP Address and multiple private IP Address

Assigning a second ENI to an Instance, you can have a Dual-Home Based instance. So the instance will be available in two different subnets

Endpoints

Enables you to create a private connection between your VPC and an AWS Service, without require access via IGW or NAT

You can create multiple endpoints for a single service and use different route tables to enforce different access policies

Steps to create an Endpoint:

1- Specify the Amazon VPC

2- Specify the service. The service is defined like this: com.amazonaws.<REGION>.<SERVICE>

3- Specify the policy document. It can be changed any time

4- Specify a new Route in the Route Table with the endpoint as the Target