Open in app

Sign in

Write

Sign in

AWS VPC Architectures

Sharathkumar hegde
6 min readMar 9, 2019

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

In this article, I am gonna provide different scenarios for creating and configuring VPC. I am gonna cover four scenarios:

  • VPC with single public subnet
  • VPC with a public and private subnet
  • VPC with private and public subnet and AWS site-to-site VPN Access.
  • VPC with private subnet only and AWS site-to-site VPN Access.

#1 VPC with single public subnet

This configuration includes a virtual private cloud(VPC) with single public subnet and internet gateway to provide communication over the internet. This scenario is best suited for single-tier internet facing web application such as a blog or simple site.

The configuration for the scenario include the following:

  • A VPC with CIDR block of your choice (example: 10.0.0.0/16).
  • A subnet withing that VPC with CIDR block belonging to VPC(example: 10.0.0.0/24)
  • An internet gateway attached to the VPC to provide internet access to AWS resources.
  • A route table associated with the subnet. The route table entries allow the instance in the subnet to communicate with other resources in the VPC and allow to communicate over the internet.
  • An EC2 instance with private IPV4 address with subnet address range which allows the instance to communicate with other resources in the VPC, and an elastic IP address, which is a public IPv4 address that enables the instance to be reached from the Internet.

#2 VPC with public and private subnet

This configuration includes a virtual private cloud with a public and private subnet. This architecture is for a multi-tier web application where the database server will be in private subnet isolated from the internet.

The configuration for the scenario include the following:

  • A VPC with CIDR block of your choice (example: 10.0.0.0/16).
  • A public subnet withing that VPC with CIDR block belonging to VPC(example: 10.0.0.0/24). A public subnet is a subnet that’s associated with a route table that has a route to an Internet gateway.
  • A private subnet(example: 10.0.1.0/24).
  • An internet gateway attached to the VPC to provide internet access to AWS resources.
  • The instances(example 10.0.1.5, 10.0.1.6, 10.0.1.7) in the private subnet will have private IPV4 address where they can communicate with each other.
  • The NAT gateway in the public subnet has an elastic IP address attached to it so that it can communicate with the outside world through internet gateway.
  • The private instances in the private subnet can access the internet through the NAT gateway.
  • A custom route table associated with the public subnet. This route table contains an entry that enables instances in the subnet to communicate with other instances in the VPC over IPv4, and an entry that enables instances in the subnet to communicate directly with the Internet over IPv4.
  • The main route table associated with the private subnet. The route table contains an entry that enables instances in the subnet to communicate with other instances in the VPC over IPv4, and an entry that enables instances in the subnet to communicate with the Internet through the NAT gateway over IPv4.
  • The EC2 instances in the public subnet with private IPV4 address with subnet address range which allows the instance to communicate with other resources in the VPC, and an elastic IP address, which is a public IPv4 address that enables the instance to be reached from the Internet.

#3 VPC with private and public subnet and AWS site-to-site VPN Access

This configuration includes a virtual private cloud with a public and private subnet, and a virtual private network(VPN) to enable communication with the corporate network over IPsec VPN tunnel. This helps to extend your corporate network to the cloud.

The configuration for the scenario include the following:

  • A VPC with CIDR block of your choice (example: 10.0.0.0/16).
  • A public subnet withing that VPC with CIDR block belonging to VPC(example: 10.0.0.0/24). A public subnet is a subnet that’s associated with a route table that has a route to an Internet gateway.
  • A private subnet(example: 10.0.1.0/24).
  • An internet gateway attached to the VPC to provide internet access to AWS resources.
  • The instances(example 10.0.1.5, 10.0.1.6, 10.0.1.7) in the private subnet will have private IPV4 address where they can communicate with each other.
  • The NAT gateway in the public subnet has an elastic IP address attached to it so that it can communicate with the outside world through internet gateway.
  • The private instances in the private subnet can access the internet through the NAT gateway.
  • A custom route table associated with the public subnet. This route table contains an entry that enables instances in the subnet to communicate with other instances in the VPC over IPv4, and an entry that enables instances in the subnet to communicate directly with the Internet over IPv4.
  • The main route table associated with the private subnet. The route table contains an entry that enables instances in the subnet to communicate with other instances in the VPC over IPv4, and an entry that enables instances in the subnet to communicate with the Internet through the NAT gateway over IPv4.
  • The EC2 instances in the public subnet with private IPV4 address with subnet address range which allows the instance to communicate with other resources in the VPC, and an elastic IP address, which is a public IPv4 address that enables the instance to be reached from the Internet.
  • A Site-to-Site VPN connection between your VPC and the corporate network. The Site-to-Site VPN connection consists of a virtual private gateway located on the Amazon side of the Site-to-Site VPN connection and a customer gateway located on the corporate side of the Site-to-Site VPN connection.

#4 VPC with private subnet only and AWS site-to-site VPN Access

This configuration includes a virtual private cloud with a private subnet, and a virtual private network(VPN) to enable communication with the corporate network over IPsec VPN tunnel. There is no Internet gateway to enable communication over the Internet. This helps to extend your corporate network to the cloud without exposing the corporate network to the internet.

The configuration for the scenario include the following:

  • A VPC with CIDR block of your choice (example: 10.0.0.0/16).
  • A private subnet(example: 10.0.0.0/24).
  • The instances(example 10.0.1.5, 10.0.1.6, 10.0.1.7) in the private subnet will have private IPV4 address where they can communicate with each other.
  • The main route table associated with the private subnet. The route table contains an entry that enables instances in the subnet to communicate with other instances in the VPC over IPv4.
  • A Site-to-Site VPN connection between your VPC and the corporate network. The Site-to-Site VPN connection consists of a virtual private gateway located on the Amazon side of the Site-to-Site VPN connection and a customer gateway located on the corporate side of the Site-to-Site VPN connection.

These are some of the important VPC architectures we can use in AWS according to our requirement.

Thanks for reading!!

AWS
Vpc
Aws Architect
Cloud
Cloud Architecture

--

--

Sharathkumar hegde

Written by Sharathkumar hegde

36 Followers

I code for living.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams