Cloud explained: AWS networking with VPC

In the previous article, we introduced a few terms: Region, Availability zone (AZ), and Edge zones. If you missed this link is given below.

Cloud explained: AWS Cloud structure

This is the introductory write up about cloud. We will focus on the AWS as an example for the introduction to the cloud concepts and terms in this series. It will be in series and we will go through an article about different segments of the AWS cloud concepts and

qdnqnAdnan Selimovic

Category of cloud resources

Vast services are available to solve infrastructure problems and can be grouped into three categories:

• Compute
• Storage
• Network

These are common suspects and in combination will solve all the software problems present today. It's natural since the cloud is just moving the hardware to the data centers and software was already running on the hardware before.

We will go through the networking in this article, and how network spans over regions and availability zones.

When we think about resources on the cloud, the first and foremost point to be considered is how the specific resource is functioning in terms of:

• Regions
• Availability zones

Virtual public cloud

The fundamental component of the AWS network is the Virtual Private Cloud (VPC). It offers users a virtual network as a logical isolation tool on the AWS. Any resource that is connected to the VPC can communicate with one another through the VPC itself.

VPC is a region-scoped resource. This means that VPC covers all the availability zones in one region. AWS has various other services that are attachable to it such as:

• Subnet
• Private endpoints
• NAT gateways
• VPN
• Peering

Network topology

VPC network is defined using subnets in CIDR format. Subnets make networks more resilient and logically isolated. It's the same as any network.

Internet connection

Allowing connection from the VPC to the internet can be achieved via:

• NAT (For resources without public IP)
• Internet gateway (For resources with public IP)

Private network

Accessing AWS services using a private network can be achieved via private endpoints.

Hybrid network

AWS Virtual Private Network can connect the on-premise network to the VPC.

Multi-region private network

AWS Virtual Private Network can connect the on-premises network to the VPC

Design pattern

These patterns are often used when VPC peering is needed.

Hub and spoke pattern

The hub and spoke pattern is often used in the network design on the cloud. You have one central entry point for the network where core shared services are running. An example is the API gateway, Firewall, etc.

One VPC is designated as a hub while all others are designated as spokes. VPC peering is set up between the hub and all the spokes to establish a hub-and-spoke pattern.

Full mesh

All the VPCs are peered with all VPCs defined.

Single VPC

Another often-used pattern is creating one VPC to solve networking.

Security

Network subnet ACL

Network subnet ACL lets you define inbound and outbound traffic rules on the subnet level.

Security group

Security group lets you define inbound and outbound traffic rules on the resource level.