1. Home
  2. chevron_right
  3. AWS
  4. chevron_right


Amazon Virtual Private Cloud is an AWS cloud computing service that lets you create a logically isolated virtual network in the AWS cloud. It aims to provide a service like a private cloud. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
One can easily customize the network configuration of their Amazon VPC and use both IPv4 and IPv6 in their VPC for secure and easy access to the resources and applications. Amazon VPC provides organizations complete control over the virtual networking environment, including selection of their own IP address range, creation of subnets and configuration of route tables and network gateways.
By default, a VPC is created in each Region and it spans all the Availability Zones (AZs) in the Region with a default subnet which is a public subnet in each Availability Zone. A user can create up to 5 VPCs per Region by default 200 subnets per VPC. Each instance that is launched into a default subnet has a private IPv4 address and a public IPv4 address.

Amazon VPC Concepts

  • Subnet: It is the range of IP addresses in your VPC where a user can place AWS resources into a specified subnet. One should use a public subnet for resources that require internet connectivity, and a private subnet for resources that don’t need an internet connection.
  • Internet Gateway/Egress-only Internet Gateway: This component of Amazon VPC allows communication between instances in your VPC and the internet for IPv4/IPv6.
  • Route Table: A route table consists of a set of rules that are used to determine where network traffic will be directed within and outside the subnet.
  • Elastic IP Address: An Elastic IP address is a static, public IPv4 address designed for dynamic cloud computing that can be associated with any instance or network interface for any VPC in the user’s account.
  • VPC Endpoints: A VPC endpoint provides a private connection from your VPC to the supported AWS services. The instances in your VPC do not require a public IP addresses to communicate with resources in the service and the traffic between your VPC and the other service does not leave the Amazon network.
  • NAT (Network Address Translation): A NAT device is used to enable instances in a private subnet to connect to the internet or other AWS services but prevents the internet from initiating connections with the instances.
  • Security Groups: It acts as a virtual firewall to control the inbound and outbound traffic for its associated instances.
  • Network ACLs (Access Control Lists): Network ACLs act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level.

Accessing the Internet

The default VPC includes an internet gateway and the instances that are launched into the VPC access resources outside the VPC using the internet gateway whereas an instance that is launched into a nondefault subnet has a private IPv4 address, but no public IPv4 address, unless it is specifically assigned by the user. These instances can communicate with each other but cannot access the internet. In order to provide internet access to the instances launched into the subnet created by the user, the user needs to attach an internet gateway to its VPC (if its VPC is not a default VPC) and associate an Elastic IP address with the instance.

Accessing the Internet

There is no additional charge for using Amazon VPC. You pay for certain components that are either deployed within your VPC or used to connect to your VPC like for the instances and other Amazon EC2 features that you use. You are charged if you don’t use the elastic IP addresses associated with your instance. There are charges for using a Site-to-Site VPN connection, an AWS PrivateLink, Amazon VPC Traffic Mirroring and using a NAT gateway.

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.