AWS学习笔记-VPC

本文详细介绍了Amazon VPC的组成部分,包括子网、路由表、DHCP选项集、安全组、网络ACL等核心组件,以及互联网网关、弹性IP、网络接口、端点、对等连接和NAT设备的角色和配置。了解这些概念对于管理和安全地使用AWS VPC至关重要。
摘要由CSDN通过智能技术生成

Amzon Virtual Private Cloud

AWS accounts that support EC2-VPC will have a default VPC created in each region with a default subnet created in each AZ. The assigned CIDR block of the VPC will be 172.31.0.0/16.
An Amazon VPC consists of the following components.

  1. Subnets
  2. Route tables
  3. Dynamic Host Configuration Protocol(DHCP) option sets
  4. security group
  5. Network Access Control List(ACLs)

An Amazon VPC has the following optional components:

  1. Internet Gateways(IGWs)
  2. Elastic IP Addresses(EIPs)
  3. Elastic Network Interfaces(ENIs)
  4. Endpoints
  5. Peering
  6. Network Address Translation(NATs) instances and NAT gateways
  7. Virtual Private Gateway(VPG), Customer Gateways(CGWs) and Virtual Private Networks(VPNs)

Subnets

A subnet is a segment of Amazon VPC’s IP address range where you can launch Amazon EC2, RDS and other AWS resources.

  1. The smallest subnet you can define is /28(16 IP addresses), AWS reserves the first 4 IP addresses and the last IP address for internal network purposes. Default Amazon VPC contain one public subnet in each AZ within the region , with a mask of /20.
  2. One subnet resides in only one AZ and cannot span AZs. But one AZ can have multiple subnets.
  3. Subnets can be classified as public, private and VPN-only.
    3.1 A public subnet is one in which the associated route table directs the subnet’s traffic to IGW.
    3.2 A private subnet is one in which the associated route table does not direct the subnet’s traffic to IGW.
    3.3 A VPN-only subnet is one in which the associated route table direct the subnet’s traffice to VPC’s VPG and doesnot have a route to IGW.

Route Table

  1. Each Route Table contains a default route called the local route, which enables communication within VPC and this route cannot be removed or modified.
  2. VPC has an implicit router.
  3. VPC automatically comes with a main route table that you can modify.
  4. Additional route table can be created for your VPC.
  5. Each subnet must be associated with a route table. If you do not explicitly associate a subnet with a particular route table, the subnet use the main route table.
  6. You can replace the main route table with your custom route table so that each new subnet is associated with it automatically.
  7. Each route in a table specifies a destination CIDR and a target. AWS uses most specific route that matches the traffic to determine how to route the traffic.

Internet Gateway(IGW)

IGW allows communication between instances in VPC and the internet. An IGW provides a target in route table for Internet-Routable traffice and it performs network address translation for instances that have been assigned public IP addresses.
You must do the following to create a public subnet with Internet access:

  • Attach an IGW to VPC.
  • Create a subnet route table rule to send all non-local traffic(0.0.0.0/0) to the IGW.
  • Confirm network ACLs
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值