AWS VPC (Virtual Private Cloud)
Documentation
- VPC User Guide:
- EC2 User Guide:
- links:
Advantages
- once an EIP is assigned to a VM, it stays associated even if the VM is stopped (i.e. not terminated);
- multiple EIPs can be assigned to the same VM;
- the security groups assigned to a VM can be changed after the VM has been started;
- in addition to security groups, which apply at VM level, there is the option of network ACL's which enforce policies at subnet inbound / outbound level;
- fine-grained control over which availability zone a certain VM is to be launched in;
Disadvantages
- in order to access any Internet service, or even other AWS services (except RDS databases), each VM needs to have assigned a public IP;
in order to have a public IP assigned to a VM, you need to allocate an EIP and then associate it to the VM;
![/!\](/moin_static198/modernized/img/alert.png "/!\")
(not certain about this one, it might be possible to have a public IP automatically assigned;) - non trivial to set-up, involving the creation, besides the VPC itself, of subnets, internet gateways, routing tables, security groups, and properly associate these;
Good to know
- when planning for subnets, take into account the following:
the IP address range of subnets cannot overlap; i.e. you need a large enough IP address range for the entire VPC, therefore perhaps a 10.x.0.0/16 would be appropriate;
- if you intend to use RDS databases, although you plan to confine your entire deployment to a single availability zone, you must have at least two subnets in different zones to allow for RDS database placement; i.e. see the previous point of large enough IP address range for the VPC and its proper split;