AWS Private Networking
Virtual Private Cloud (VPC):
A private network within AWS. It's our private data center inside the AWS platform.
Can be configured to be public/private or a mixture.
Regional (can't span regions), highly available, and can be connected to our data center and corporate networks.
Isolated from other VPCs by default.
VPC and subnet: max /16 (65,536 IPs) and minimum /28 (16 IPs)
VPC subnets cannot span AZs (1:1 mapping)
Certain IPs are reserved in subnets.
Region Default VPC:
Required for some services, used as a default for most.
Pre-configured with all required networking/security
Configured using a /16 CIDR block (172.31.0.0/16)
A /20 public subnet in each AZ, allocating a public IP by default.
Attached internet gateway with a "main" route table sending all IPv4 traffic to the internet gateway using a 0.0.0.0/0 route.
A default DHCP option set attached.
SG: Default - all from itself, all outbound.
NACL: Default - allow all inbound and outbound.
Can be designed and configured in any valid way.
We need to allocate IP ranges, create subnets, and provision gateways and networking, as well as design and implement security.
When we need multiple tiers or a more complex set of networking.
Best practice is to not use default for most production things.