Amazon Virtual Private Cloud (VPC) allows you to provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. It provides complete control over the virtual networking environment, including selection of IP address ranges, creation of subnets, and configuration of route tables and gateways.

Isolation and Control:
Logical Isolation: A VPC is logically isolated from other VPCs on AWS.
Control: You have complete control over the virtual networking environment, including IP address ranges, subnets, route tables, and gateways.

Default VPC:
Automatic Creation: A default VPC is automatically created for each AWS account in each region the first time Amazon EC2 resources are provisioned.
All-public Subnets: The default VPC has all-public subnets with "Auto-assign public IPv4 address" set to "Yes", an Internet Gateway attached, and instances with both public and private IP addresses.

VPC Components
A Virtual Private Cloud: A logically isolated virtual network in the AWS cloud. You define a VPC’s IP address space from ranges you select.
Subnet: A segment of a VPC’s IP address range where you can place groups of isolated resources (maps to an AZ, 1:1).
Internet Gateway: The Amazon VPC side of a connection to the public Internet.
NAT Gateway: A highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the Internet.
Hardware VPN Connection: A hardware-based VPN connection between your Amazon VPC and your datacenter, home network, or co-location facility.
Virtual Private Gateway: The Amazon VPC side of a VPN connection.
Customer Gateway: Your side of a VPN connection.
Router: Routers interconnect subnets and direct traffic between Internet gateways, virtual private gateways, NAT gateways, and subnets.
Peering Connection: A peering connection enables you to route traffic via private IP addresses between two peered VPCs.
VPC Endpoints: Enables private connectivity to services hosted in AWS, from within your VPC without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies.
Egress-only Internet Gateway: A stateful gateway to provide egress only access for IPv6 traffic from the VPC to the Internet.

Connectivity Options:
Hardware VPN: A site-to-site VPN connection between your VPC and your on-premises network.
Direct Connect: Establishes a dedicated network connection from your premises to AWS.
VPN CloudHub: Allows multiple VPN connections to connect securely to a single VPC.
Software VPN: Software-based VPN solutions for connecting to your VPC.

Limits and Constraints:
VPC Limits: By default, you can create up to 5 VPCs per region.
Region Wide: VPCs are region-wide, meaning they span all availability zones (AZs) in a region.
AZ Mapping: AZ names are mapped differently for different users (e.g., "ap-southeast-2a" for one user may map to a different physical zone for another user).

Best Practices

Use Default VPC for Simple Deployments: Utilize the default VPC for straightforward deployments with minimal configuration.
Custom VPC for Advanced Configurations: Create custom VPCs for more complex networking setups, such as multi-tier applications with multiple subnets.
Segregate Resources by Subnets: Use public subnets for resources that need direct internet access and private subnets for internal-only resources.
Enable VPC Flow Logs: Capture and monitor network traffic for security and troubleshooting purposes.
Use VPC Peering for Inter-VPC Communication: Establish VPC peering connections for secure communication between VPCs.
Secure Your VPC: Implement security groups and network ACLs to control inbound and outbound traffic to your resources.

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
) instead.