- Virtual Private Cloud
- Multiple VPCs in single AWS region.
- Only private IPv4 ranges are allowed.
Default VPC
- All AWS accounts have a default VPC.
- It has internet connectivity and all EC2 instances inside have public IPv4 addresses.
Subnet (IPv4)
- AWS reserves 5 IP addresses in each subnet.
VPC Peering
- Privately connect two VPCs using AWS network.
- Must not have overlapping CIDRs.
- Must update route tables in each VPC's subnets to ensure EC2 instances can communicate with each other.
VPC Endpoints
- Allows to connect to AWS services using a private network instead of using the public internet.
Types of Endpoints
- Interface Endpoints: Provisions ENI as an entry point.
- Gateway Endpoints: Provisions a gateway and must be used as a target in route table; only supports S3 and DynamoDB.
VPC Flow Logs
- Capture information about IP traffic going into interfaces.
- Captures network information from AWS managed interfaces too.
Architectures
Traffic Mirroring
- Capture and inspect network traffic.
- Route the traffic to security appliances that you manage.
IPv6 in VPC
- IPv4 cannot be disabled for VPC and subnets.
- Can enable IPv6 to operate in dual-stack mode.