Imagine you want to set-up a private and isolated area in the cloud where you can host your applications and store crucial data, this is when VPC comes into play.
VPC a logically isolated section of the AWS cloud where you can host websites, store data in a defined, private, virtual network.
It is like having your own private data center within AWS.
Create a VPC:
Think of VPC as a large plot of land. When you purchase this land, you decide its size and boundaries and own it. It becomes your private property.
Similarly, when creating a VPC, you need to define the size of your VPC using IP address range.
The common IPv4 range used in VPC is 172.16.0.0(private).
Creating subnets:
You can now divide you land into smaller plots and use each of them for different purposes. There can be two types of plots - the one with a gate from which you can access the outside of your plot and, the one inside, behind a fence and without a gate which shouldn't be accessible from the outside.
These smaller plots are subnets(sub-networks in the main network) in your VPC.
Public subnet - It can be accessible from the outside i.e., the internet.
Private subnet - This is secure and cannot be accessed from the internet.
The CIDR ranges must be specified during the creation of subnets. It is like a partition of IP addresses specifying how much belongs to each each subnet within the VPC network. Ex - 10.0.0.0/16
A VPC can only have 5 CIDR. Maximum size is /16 - 65536 IP addresses and minimum size is /28 - 16 IP addresses.
Internet Gateway(IGW):
This is the gate which allows the resources in the public subnet of the VPC connect to the internet. There can exist only one IGW per VPC.
Additionally, route tables must be configured to allow internet access.
NAT Gateway:
What if the resources(EC2 instances) in the private subnet needs to access the internet while preserving its privacy? This is when NAT gateway comes into play.
It is managed by AWS, has high availability and high bandwidth of 5Gbps scaling up to 100Gbps.
The route tables of the private EC2 instances who need to access the internet are configured to send traffic to the NAT gateway, which is connected to the Internet Gateway.
