Networking In EC2: VPCs, Subnets, And Route Tables

Networking in Amazon EC2 involves several key components, including Virtual Private Clouds (VPCs), subnets, and route tables. These components are fundamental to creating isolated network environments for deploying and managing EC2 instances securely within the Amazon Web Services (AWS) cloud infrastructure. In Amazon Web Services (AWS), EC2 abbreviation is Elastic Compute Cloud one of the most popular service in AWS. In this article we will know By understanding and effectively configuring VPCs, subnets, and route tables, you can design and deploy network architectures in AWS that meet your specific requirements for security, availability, and performance. These networking components provide the foundation for building scalable and resilient cloud-based applications and services on the AWS platform.

Amazon Elastic Compute Cloud (Amazon EC2) is a web service provided by Amazon Web Services (AWS) that allows users to rent virtual servers or virtual machines known as instances, on which they can run their own softwares and applications. An EC2 instance is essentially defined as virtual machine (VM) in the cloud.

Amazon Elastic Compute Cloud (Amazon EC2) provides on-demand and scalable computing capacities like scaling the networking, storage, RAM..etc. in the Amazon Web Services (AWS) Cloud. Using Amazon EC2 saves the cost so you can develop and deploy applications faster. You can utilize Amazon EC2 service and launch as many as instances you want and need might.may design security and systems administration, and oversee storage capacity. You can add limit increase the size of instances.it will save you the cost to deal with register weighty undertakings, like month to month or yearly cycles, or spikes in site traffic. At the point when use diminishes, you can lessen limit (downsize) once more.

In the name EC2 itself tells that Elastic Compute Cloud it can easily elastic the computer metrics like RAM,Storage,Network,Hardware EC2 Instances are deployed within Virtual Private Clouds (VPCs), which provide isolated network environments in the cloud. Understanding VPCs, subnets, and route tables is crucial for effective networking in EC2.

A virtual network dedicated to your AWS account is known as a VPC. It gives a logically isolated network section secluded part of the AWS Cloud where you can send off AWS assets in a virtual network.

• You have unlimited authority over your VPC including IP address range determination, subnets, route tables, network gateways, and security settings.

• Subnets: Subdivisions of the IP address range of your VPC. instances within a subnet can communicate with each other, and you can control over traffic stream between subnets.
• Gateway for Internet (IGW): allows resources in your VPC to connect to the internet as well as resources in the VPC to connect to the internet.
• Route Tables: Control the routing for subnet traffic. You define routing rules that figure out where organization traffic is coordinated.
• Network Access Control Lists (NACLs) and Security Groups: Security components that control traffic to and from instances. Security groups are stateful, while NACLs are stateless.
• Elastic IP Address: IPv4 static addresses that can be assigned to AWS resources within your VPC, such as EC2 instances.

Subnets in AWS, or Amazon Web Administrations, are sections of an Amazon Virtual private Cloud (VPC) network. They enable you to divide the IP address space in your VPC into smaller, more manageable blocks.For organizing resources, controlling network traffic, and ensuring high availability within your AWS infrastructure, it is essential to comprehend and configure subnets appropriately.

• Each subnet is related with a particular range of IPv4 addresses within the CIDR block of the VPC.Subnets are identified by their CIDR notation, which indicates the range of IP addresses allocated to the subnet.

Public subnets: Public subnets will be subnets inside a VPC that have route to the web through a internet gateway (IGW). Instances deployed in public subnets can have public IP addresses related with them and can communicate with the internet.

Use Cases:

• Public-facing web servers
• Load balancers
• Bastion hosts (for SSH/RDP access)
• Content delivery networks (CDNs)

Private subnets will be subnets inside a VPC that don’t have an immediate route to the web. Instances deployed in private subnets can’t be accessed directly from the web. However, a Network Address Translation (NAT) gateway or NAT instance in a public subnet can be used to initiate outbound connections to the internet.

Case Studies:

• Database servers
• Application servers
• Internal APIs
• Backend services

A route table is a set of rules, known as routes, that are used to determine where network traffic from your subnets is directed.It controls the routing of traffic between subnets within the same VPC and between the VPC and external networks like the internet.When we create a VPC, a default route table is automatically created for it. This default route table contains a local route allowing communication within the VPC. with this default route table Subnets that are not explicitly associated with a custom route table use the default route table by default.Each subnet in a VPC must be associated with a route table, which controls the routing for that subnet.

keywords

• Route tables controls network traffic and it figure our where the network traffic in virtual private cloud ought to be coordinate
• Route tables provide the means to manage how traffic flows within the VPC and to external destinations.
• They enable you to define the paths that network packets should follow based on their destination IP addresses.
• Route tables are essential for implementing security policies, routing traffic to specific destinations, and ensuring connectivity between resources within the VPC and with external networks.
• Routes: Each route table contains a list of routes, where each route specifies a destination CIDR block and a target.
• Associations: Route tables are associated with one or more subnets within the VPC.
• Target: The target for a route can be a network gateway, an instance, a virtual private gateway (VGW), a VPN connection, a Direct Connect gateway, or a VPC peering connection.

Default And Custom Route Tables

• When you create a VPC, a default route table is automatically created and associated with the VPC.
• You can create custom route tables and associate them with specific subnets as needed.
• Custom route tables allow you to define routing policies tailored to the requirements of different subnets or applications within the VPC.

Step 1: Create A VPC

• Log in to the AWS Management Console.
• Navigate to the VPC dashboard.
• Click on “Create VPC”.

• Enter the VPC details, including name, IPv4 CIDR block, and any additional settings.

• Click on “Create VPC”.

Step 2: Create Subnets

• In the VPC dashboard, navigate to “Subnets”.
• Click on “Create subnet”.

• Select the VPC created in Step 1.

• Choose an Availability Zone (AZ) and specify the IPv4 CIDR block for the subnet.

• Repeat the process to create additional subnets as needed, ensuring distribution across multiple AZs.

Step 3: Configure Route Tables

• Navigate to “Route Tables” in the VPC dashboard.
• Click on “Create route table”.

• Select the VPC created in Step 1.
• Click on “Create”.

• Edit the route table and add a route to the Internet Gateway (IGW) for internet-bound traffic.

• Associate the route table with the public subnets.

The following screenshot clearly illustrated that our created route tables.

• The Following screenshot illustrates the flow of network traffic with created vpc, subnet and route tables.

• finally,our VPC configuration setup is done,now attach this VPC to EC2 instance.

Step 5: Launch EC2 Instances

• Navigate to the EC2 dashboard.
• Click on “Launch instance”

• Choose an Amazon Machine Image (AMI) and instance type.

• Configure instance details, including selecting the VPC and subnet.

• Configure storage, add tags (optional), and configure security groups.
• Review and launch the instance.

• The following screenshot illustrates the creation an instance with defined specifications.

Step 6: Connect To Instance

• Wait till the created Instance come to the running state. After that connect to the instance and copy the ssh command. The command looks as follows:

ssh -i "keypair" ec2-user@public-IP address

What Is A Virtual Private Cloud (VPC)?

In AWS, a virtual network environment known as a Virtual Private Cloud (VPC) lets you provision and isolate resources like EC2 instances, databases, and more. It lets you control how your network is set up, like choosing IP address ranges, making subnets, and setting up route tables and network gateways.

What Are Subnets In Amazon VPC?

The IP address range of a VPC is divided into subnets. They are utilized to sort out assets inside the VPC and give isolated network and segments. Subnets are related with explicit Availability Zones (AZs) and can be either open (with access to the internet) or private (without direct access to the internet).

How Are Route Tables Used In Amazon VPC?

Route tables in Amazon VPC characterize rules (courses) for directing organization traffic inside the VPC and to outside organizations. Each subnet in a VPC is related with a route table, which decides how traffic streams all through the subnet. route tables control the directing of packets in view of their destination IP addresses.

Can I Peer Vpcs In Different AWS Accounts?

Indeed, you can peer VPCs in various AWS accounts using VPC peering. By connecting VPCs with different AWS accounts, you can make resources in those VPCs talk to each other like they were on the same network. However, the peering connection must be approved by both AWS accounts, and certain restrictions apply, such as ensuring that CIDR blocks do not overlap and configuring route tables.

Can I Restrict Internet Access For Resources In Amazon VPC And How?

In Amazon VPC, you can restrict resources within a subnet’s internet access by:

• Create a route table for the subnet that does not include a route to an Internet Gateway (IGW).
• Guarantee that assets in the subnet don’t have public IP addresses relegated.
• If necessary, make use of a NAT gateway or instance to access the internet from the outside, but restrict internet traffic from the inside to preserve security (typically in private subnets).