What is VPC ?
A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC. You can configure your VPC; you can select its IP address range, create subnets, and configure route tables, network gateways, complete auto scaling and security settings.
Benefits of VPC
- Each instance that you launch into a nondefault subnet has a private IP address, but no public IP address,unless you specifically assign one at launch These instances can communicate with each other, but can't access the Internet or other AWS products, such as Amazon Simple Storage Service (Amazon S3).
- You can enable Internet access for an instance launched into a nondefault subnet by attaching an Internet gateway to its VPC (if its VPC is not a default VPC) and associating an Elastic IP address with the instance.
- We can operate at subnet level security and evaluate trafic entering and exiting a subnet with Network ACLs. Network ACLs can be used to set both Allow and Deny rules.
- We can setup 'deny'-rules in security-groups.
- We can give multiple IP's per NIC and multiple NICs per instance.
- There are no additional charges for creating and using the VPC itself. Usage charges for other Amazon Web Services, including Amazon EC2, still apply at published rates for those resources, including data transfer charges. If you connect your VPC to your corporate datacenter using the optional Hardware VPN connection, pricing is per VPN connection-hour (the amount of time you have a VPN connection in the "available" state.) Partial hours are billed as full hours. Data transferred over VPN connections will be charged at standard AWS Data Transfer rates. ( $0.05 per VPN Connection-hour)
- If we are using VPN connection in VPC there is no need to use keypair for security. We can create an AMI with default username and password and we will use those credential with private ip for login with this opening ssh is not needed. Also we can easily communicate internally.
- We can create Separate VPC for staging, prod and testing. By default VPC’s can’t connect each other but if we need we can configure it (VPC peering).
- All nodes are internet addressable. This doesn’t make much sense for nodes which have no reason to exist on the global internet. For example: a database node should not have any public internet hostname/IP.
- We can move NICs and internal IPs between instances.
- Managing huge number of instances with VPC is easy.
Q. Why should I use Amazon VPC?
Amazon VPC enables you to build a virtual network in the AWS cloud - no VPNs, hardware, or physical datacenters required. You can define your own network space and control how your network, and the Amazon EC2 resources inside your network, is exposed to the Internet. You can also leverage the greatly enhanced security options in Amazon VPC to provide more granular access both to and from the Amazon EC2 instances in your virtual network.