Understand the Default AWS Virtual Private Cloud Network

Sam Julien
InstructorSam Julien
Share this video with your friends

Social Share Links

Send Tweet
Published 4 years ago
Updated 4 years ago

In this course, we will be setting up a server that uses Elastic Compute Cloud (EC2) as well as a database through Amazon Relational Database Service (RDS). In order for these two services to talk to each other, they will need to live on the same Virtual Private Cloud (VPC).

Throughout the course, as you build out functionality, the settings for your VPC can be modified or disrupted causing painful errors. This lesson is to give you a tour of the key attributes of a VPC and show you the default settings so that you can revert back if you find yourself in a bad state.

We'll cover what a VPC looks like in the AWS console, Subnets, Internet gateways, route tables, and the Network ACL.

Instructor: [0:00] Before we dive into setting up Ghost in this course, I want to take you on a quick tour of the default network that gets set up when you create a new AWS account. It's called a virtual private cloud, or VPC for short.

[0:14] Let's go over and click on services, and scroll down to network and content delivery, and then click on VPC. We're not going to cover networking too much in this course, but sometimes you might get weird errors or things might not work right. Often, it's because something got messed up in your network settings.

[0:36] You can use this video as a reference to come back to if you need to start from scratch and see how the default network looks at first creation.

[0:45] A VPC is a virtual private cloud, or a virtual network. VPCs are a regional resource. The default in the US is the Ohio region, and that's fine for our purposes. I want to show you each of the different pieces of this because our Ghost server and database are going to live in this private network.

[1:06] First is the VPC itself. If you click on Your VPCs, you can see over here that I've got a VPC. The important things are the ID, which you don't have to memorize. AWS will auto-populate for you. Also, this IPv4, what's called a CIDR block, this is just the addresses of the network. You can see they're in the 172.31.. IP address block.

[1:35] Under the VPC, there are a number of different pieces that make up the network. The first one I want to show you are the subnets. Subnets are like cordoned off sections of the network. You can see that they have their own sections of the IP addresses.

[1:52] One thing that's important to know about subnets is that they can be in different availability zones in AWS. A zone is like a data center. You can think of it like a data center in that they have their own separate power, networking, and things like that.

[2:09] It's very unlikely that multiple availability zones will go down at once. This is important. It comes back up when we are going to get into RDS and our database, because RDS requires you to have the database in at least two subnets that are in two availability zones. Luckily, the default network that AWS provides does this for us.

[2:31] The next thing I want to show you is the Internet gateway. By default, a private network can't access the Internet and you need this thing called an Internet gateway to let you do that.

[2:43] What's nice is that you can always click on this little info box to give you a better definition of what each of these things are. This networking stuff is probably, in my opinion, the most difficult thing as a developer trying to learn AWS because I don't have a background in networking. These little definitions come in handy.

[3:02] We have this Internet gateway, and you can see that it has this attached state and it's attached to our VPC. This means that our VPC will be able to access to the Internet. More accurately, things on our VPC will be able to access the Internet.

[3:17] The next thing I want to show you is the route table. If you go over here to this route table, a route table contains a set of rules called routes that are used to determine where network traffic from your subnet or gateway is directed.

[3:31] This is the main route table. The main route table automatically comes with the VPC, and it controls the routing for all the subnets that aren't explicitly associated with any other route table. Since we only have one, they're all three associated with this one. If I scroll down, you can see all three of these subnets here.

[3:48] If I look over in the summary and go back to the routes, you can see this destination of ../ which basically means all IPv4 addresses. This is saying that all of this traffic is being routed through. You can see our Internet gateway, and so all of the traffic is going to go through the Internet gateway, and all three of our subnets are associated with it.

[4:13] The last thing I want to show you is what's called a Network ACL. An ACL is called, this is an access control list, and if I click on this, this is a way, it's an optional security layer for your VPC that acts as a firewall for controlling traffic in and out of one or more of the subnets. Right now, this is the default, it's allowing all traffic.

[4:38] These are the different components of the default VPC, the default virtual network, that AWS gives you. This will work for us as we set up Ghost, but if you've been doing a lot of tutorials or messing around in your AWS account, you might have inadvertently deleted these things or reset some of the settings.

[4:58] This is a clean slate to show you what everything will look like by default so that you can set up Ghost without having any sort of networking issues.