Please enable JavaScript.
Coggle requires JavaScript to display documents.
🌐 13.AWS VPC - Coggle Diagram
🌐 13.AWS VPC
-
🔹 VPC & Subnets
- VPC: Regional private cloud to isolate resources.
- Public Subnet: Internet accessible.
- Private Subnet: Internal use only.
- Routing: Managed by Route Tables.
-
🔹 VPC Flow Logs
- Purpose: Capture network traffic logs for interfaces.
-
-
- ENI (Elastic Network Interface) Flow Logs.
- Destinations: S3, CloudWatch Logs, Kinesis.
-
🔹 IP Addressing in AWS
- Public IP: Assigned at EC2 start, changes on stop/start.
- Private IP: Fixed for internal AWS use.
- Elastic IP (EIP): Permanent public IP for EC2 (small cost).
- Fully Public: All IPs are internet-routable.
- Example:
2001:db8:3333:4444:cccc:dddd:eeee:ffff
.
-
🔹 VPC Peering
- Definition: Direct connection between two VPCs.
- Private connection, no overlapping IP ranges.
- Non-transitive (each VPC must peer individually).
🔹 VPC Endpoints
- Purpose: Private connection to AWS services (no public internet).
- Gateway Endpoint: S3, DynamoDB.
- Interface Endpoint (ENI): Other services.
🔹 AWS PrivateLink
- Definition: Expose services securely to many VPCs.
- Uses Network Load Balancer (NLB) and ENI.
- No need for Internet/NAT Gateway or peering.
🔹 VPN & Direct Connect
- Encrypted connection over public internet.
- Uses Virtual Private Gateway (VGW).
- Private, fast connection to AWS (dedicated line).
🔹 Transit Gateway
- Definition: Hub-and-spoke model to connect multiple VPCs and on-premises environments.
- Benefit: Scales to thousands of VPCs.
🔹 AWS Client VPN
- Purpose: Secure remote access to AWS VPC.
- How: OpenVPN over public internet to private VPC.