Virtual Private Cloud (VPC)
- A logically isolated virtual network within a public cloud provider’s infrastructure that gives you complete control over your network environment
- Acts as your own private section of the cloud where you can launch resources in a virtual network that you define
- Combines the scalability and convenience of public cloud computing with the isolation and control of private networking
- Essential bridge between traditional on-premises networking concepts and cloud infrastructure
Core VPC Components
- Subnets: Subdivisions of your VPC’s IP address range where you actually place resources
- Public subnets: Have routes to an Internet Gateway (resources get public IPs)
- Private subnets: No direct internet access (resources use NAT for outbound only)
- Route Tables: Control where network traffic is directed from subnets
- Internet Gateway (IGW): Provides internet access to public subnets
- NAT Gateway/Instance: Allows private subnet resources to access internet without being directly accessible
- Security Groups: Virtual firewalls that control inbound/outbound traffic at the instance level
- Network ACLs: Additional firewall layer that operates at the subnet level
VPC Addressing and Routing
- Uses RFC 1918 private IP address ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
- Cannot change VPC CIDR block after creation (in most cloud providers)
- Subnet CIDR blocks must be subsets of VPC CIDR and cannot overlap
- Each subnet exists in a single Availability Zone but VPC can span multiple AZs
- Default route (0.0.0.0/0) points to IGW for internet access in public subnets
| Component | Scope | Function | Example |
|---|---|---|---|
| VPC | Regional | Logical network container | 10.0.0.0/16 |
| Subnet | Single AZ | Resource placement | 10.0.1 |