3. VPC - Virtual Private Cloud

Private Cloud:-

• VPC is a virtual network or Data Center inside AWS for one client.

• It is logically isolated from other virtual N/W in the AWS cloud.

• 5 VPC in one region and 200 subnets each vpc

• Automatically created NACL, DHCP, and security group

• You can not change its CIDR block range.

• If you need a different CIDR size create a new VPC

Logical - you cannot touch

Physical - you can touch

Component of VPC

• CIDR and IP address Subnets

• Implied Router and Routing Table implied router = virtual router -- >> networking device

• Internet Gateway

• Security Group

• Network ACL

• Virtual Private gateway

• Peering Connection

• Elastic IP

---

Brief:-

• VPC

• Component of VPC

Questions:-

• What is VPC?

• How many VPC can be created in one region?

• How many subnets can be created in one VPC?

• When you create VPC what will create automatically?

• Once create vpc can you change CIDR block range ? Yes/Not

• What does it mean of Logical and Physical router?

• What is component of VPC?

Private VPC

VPC Type

1. Default VPC

2. Custom VPC

Default VPC

• Created in each AWS Region when an AWS account is Created.

• Has Default CIDR, Security Group, NACL and Route table Settings.

• Internet Gateways by Default.

Custom VPC

• Is a VPC on the AWS account owner creates

• AWS users can decide on the CIDR

• Create Internet Gateways

Step of creating of Vpc

1. Create VPC

2. Subnet

3. Internet Gateways

4. Route Table

Elastic Ip = Static IP

Public Subnet - which can go to the internet that is called to the public subnet / which are connect to the internet gateway

Private Subnet - this can not go to the internet is called a private subnet/ ----> which are not connect to internet gateway

Take CIDR ---> 16 to 24

Reserved IP Address

Ex- 10.0.0.0/24 Reserved Address

10.0.0.0	Network Address
10.0.0.1	Reserved by AWS for VPC Route
10.0.0.2	Reserved for DNS
10.0.0.3	Reserved for Future purpose
10.0.0.255	Broadcast address

Note:- AWS do not support Broadcast in a VPC But Reserved this address

---

Brief:-

• VPC TYPE

• Steps Creating VPC

• Reserved IP Address

Questions:-

• How many types of VPC?

• What is Default VPC?

• What is Custom VPC?

• Igw is not connected with custom VPC? --> yes/NO

• What is Steps of Creating VPC?

• What is Elastic IP?

• What is Public Subnet?

• What is Private Subnet?

• How many ip are reserved by AWS?

---

Implied Router and Route Table and Internet Gateway

Implied Router = Logical Router

Implied Router and Router Table

• It is the central routing function

• 200 route table in per VPC

• You cannot delete main route table

• 50 route entry per route table

• Each subnet must be associated with only one route table at any given time

Internet Gateway

• An internet gateway is a virtual router that connects a VPC to the internet.

• Default VPC is already attached with on Internet Gateway

• If you create a new vpc then you must attach the internet gateway in order to access the internet

• Ensure that your subnet route table points to the internet gateway

• It supports IPv4 and IPv6

---

Brief:-

• Implied Router

• Route Table

• Internet gateway

Questions:-

• What is implied Router?

• What is route table?

• How many route table can be create in one VPC?

• Can you delete main route table?

• How many entry can you do in per route table?

• What is internet gateway?

• Is it supports IPv4 and IPv6?

---

NAT (Network Address Transmission) Gateway

NAT Gateways- Private subnet to Public subnet (internet)

You charged for creating and using a NAT Gateways

Security Group

It is virtual firewall works at ENI level

Up to 5 security group each instance

Can only have permit rules cannot have deny rule

Statefull - ---------> inbound , agar inbound rule laga hai to by default outbound rule allowd hoga

<---------- outbound

Stateless ---------->

Inbound <-----------

Outbound -------->

Network ACL- all traffic (inbound , outbound ) are allowed, this working as firewall

Security Group	NACL
Operate at instance  level	Operate at the subnet level
Support allows rules only	Permits allow as well as deny rules
Stateful , return traffic is automatically allowed	Stateless /allowed  by rules
Applies to an instance only	Applies to all instances in the subnet

---

VPC Peering

You can peer to Mumbai vpc to London vpc by VPC peering

Using private ipv4 address

Own vpc and your other aws account you can vpc peering

Transitive Peering

VPC -A --------------> VPC -B ------------> VPC -C --------X-------VPC - A

VPC DEMO

VPC Peering	Two different vpc communicate with vpc peering
	Cross-region peering

NACL= go with comparision

VPC Endpoint

\===========

• Public instance se private instance ko access karenge and enpoint ke through aws ko access kar skte hain

• Aws ko privately access karna , access without internet

• Nat gateway ke through jitna data send karoge wo utna pasoa lega to ye mahga tha

• Isiliye vpc endpoint ka use karna sahi hoga

• This is virtual device

• Endpoint is specific

Command

Aws configure	It takes secret id of your aws account
Aws s3 mb s3://bhupi	Make bucket
Aws s3 ls s3://bhupi	List bucket
Aws s3 rb s3://bhupi	Remove bucket

VPN Connection

• Create vpc

• Create vpn

• Create EC2

• Establish VPN

• Connect to EC2 to VPN

Question:-

• What is private cloud ?

• How many vpc can create in one region ?

• How many subnet can create in one region ?

• How many component of VPC ?

• How many type of VPC ?

• What Steps of Creating VPC ?

• What is Elastic IP ?

• What is public and private subnet ?

• What is internet Gateways ?

• What is NAT Gateway ?

• What is different between Security Group and NACL ?

• What is VPC Peering ?

• What is Transitive Peering ?

• What is VPC Endpoint ?

• What is VPN Connection ?