AWS Private Networking

Virtual Private Cloud (VPC):

• A private network within AWS. It's our private data center inside the AWS platform.

• Can be configured to be public/private or a mixture.

• Regional (can't span regions), highly available, and can be connected to our data center and corporate networks.

• Isolated from other VPCs by default.

• VPC and subnet: max /16 (65,536 IPs) and minimum /28 (16 IPs)

• VPC subnets cannot span AZs (1:1 mapping)

• Certain IPs are reserved in subnets.

Region Default VPC:

• Required for some services, used as a default for most.

• Pre-configured with all required networking/security

• Configured using a /16 CIDR block (172.31.0.0/16)

• A /20 public subnet in each AZ, allocating a public IP by default.

• Attached internet gateway with a "main" route table sending all IPv4 traffic to the internet gateway using a 0.0.0.0/0 route.

• A default DHCP option set attached.

• SG: Default - all from itself, all outbound.

• NACL: Default - allow all inbound and outbound.

Custom VPC:

• Can be designed and configured in any valid way.

• We need to allocate IP ranges, create subnets, and provision gateways and networking, as well as design and implement security.

• When we need multiple tiers or a more complex set of networking.

• Best practice is to not use default for most production things.