Importance Of VPC in AWS
VPC is mainly a network-level function. Its purpose is to allow users to build an isolated virtual network environment on the AWS cloud platform that can manage their own configurations and policies, thereby further improving users’ resources in the AWS environment. Security. Users can manage their own subnet structure, IP address range and distribution method, network routing strategy, etc. in the VPC environment. Because users can control and isolate the resources in the VPC, it is like a private cloud computing environment for users.
Secondly, we can see that the adoption of VPC is the technological development direction of the AWS cloud platform. AWS began to introduce the concept and technology of VPC in one region in 2009, and then added new VPC features to all other regions year by year, and finally set VPC technology as the default environment setting this year. If you are an AWS user created after March 18, 2013, your account will automatically include a default VPC. Another situation that includes a default VPC is that although it is an old account that was previously created, AWS will also provide a default VPC environment in areas where no resources such as EC2 have been previously created. Since AWS introduced the VPC function, the computing environment of EC2 has been divided into EC2-Classic and EC2-VPC. In order to provide users with a more secure and flexible environment, it is clear that the use of EC2-VPC will become more and more common.
Compared with the traditional EC2-Classic, what benefits does using EC2-VPC bring to users?
1. Instance IP address is fixed
After a traditional EC2 instance is started, if the instance is restarted after the instance is stopped, the instance’s private IP address will change. After using VPC, you can not only assign a private IP address to the instance, but this address can remain unchanged during the life cycle of the instance.
2. Assign multiple IP addresses to the instance
A traditional EC2 instance can only have one private IP address and one public IP address at most. However, some customers have an instance corresponding to the needs of multiple IP addresses, which can be realized in a VPC environment. Depending on the type of instance, in VPC we can assign different numbers of IP addresses to the instance. For the specific number, please refer to the table at the end of this article.
3. Define and add network interfaces
Traditional EC2 instances can only have one default network interface, but for VPC instances, in addition to the default main network interface (Eth0), you can define multiple ENI (Elastic Network Interface) and connect them Go to the EC2 instance.
4. Dynamically change the security group (Security Group)
Traditional EC2 instances cannot add and delete security groups after running, but for instances in VPC, you can easily modify them dynamically. Each instance in the VPC can have up to 5 security group settings.
5. Control outbound communication
The security group of the traditional EC2 instance can only control inbound (Inbound) communication, but for the security group of the instance in the VPC, you can control both outbound communication and inbound communication.
6. Set the network control list (NACL)
In a VPC environment, in addition to setting access rights for instances through security groups, you can also control the communication rules of all instances in the subnet through the network control list of the subnet. The security group only takes effect for an instance that uses it, and the network control list is effective for all instances on it.
7. Dedicated hardware mode
Traditional EC2 instances can only run in the default shared hardware mode. For some customers who do not want to share hardware with other users, you can choose a dedicated hardware mode, but this mode is only available in a VPC environment.
In addition to the above-mentioned features of VPC, another important function is that you can use the virtual private gateway provided by VPC or become a VPN gateway, and then connect the user’s own data center or office environment with the VPC environment on AWS, so as to realize the user’s own The internal network forms a virtual private network environment with VPN or Direct Connection (DX) and the VPC environment on AWS. Because of this, VPC is also one of the important technologies for the AWS cloud platform to achieve a hybrid cloud architecture.
Attached Table: Number of Interfaces and IP Addresses of Different Instance Types
Thanks for reading this post, you can follow me up to get latest update on new post.
Pankaj K.(www.pankajconnect.com)
