The document discusses Amazon Virtual Private Cloud (Amazon VPC), including: - Amazon VPC allows users to provision a virtual network within AWS similar to a private network. Users have control over IP ranges, subnets, and routing. - Public subnets route traffic to the internet gateway, while private subnets do not. VPCs contain one public subnet per availability zone by default. - VPC components include subnets, route tables, security groups, network access control lists, internet gateways, virtual private gateways, elastic IPs, endpoints, and NAT instances/gateways. - Security groups apply at the instance level and only allow rules, while network access control lists apply at the subnet level and allow both allow and deny rules.

1. Amazon Virtual Private Cloud
PIYUSH JALAN, Solution Architect

2. Table of Contents
1. What is Amazon VPC?
2. Difference between Public and Private subnet
3. VPC components
4. Difference between Security Group and Network ACL
5. A VPN connection from a network to an Amazon VPC

3. What is Amazon VPC?
● The Amazon Virtual Private Cloud is a custom defined virtual network within AWS
cloud.
● User can provision their own logically isolated section of AWS, similar to designing
and implementing a separate independent network that would operate in an on-
premises data center.
● User have complete control over virtual networking environment, including
selection of their own IP address range, creation of subnets, and configuration of
route tables and network gateways.

4. Difference B/W Public and Private Subnet
A Public Subnet is one in which the associated route table directs the subnet’s traffic to
the Amazon VPC’s Internet Gateway.
A Private Subnet is one in which the associated route tables does not direct the subnet’s
traffic to the Amazon VPC’s Internet Gateway.
Default Amazon VPCs contain one public subnet in every Availability Zone within the
region, with a netmask of /20.

5. VPC Various Components
● Subnets
● Route Tables
● Security Groups
● Network Access Control Lists
● Internet Gateways
● Virtual Private Gateways
● Elastic IP
● Endpoints
● NAT Instances and Gateways

6. Difference B/W Security Group and NACL
● Security group operates at instance level whereas NACL operates at subnet level.
● Security group supports allow rules only whereas NACL supports both i.e. allow and
deny rules.
● Security group is stateful whereas NACL is stateless.
● Security group is applied selectively to individual instances whereas NACL is
automatically applied to all instances in the associated subnet, This is also called as
backup layer of defense.

7. A VPN Connection to an AWS VPC
A user can connect an existing data center to Amazon VPC using either hardware or
software VPN Connections, which will make amazon VPC an extension of the DC.
A Virtual Private Gateway is the VPN concentrator on the AWS side of the VPN
connection between the two networks.
A Customer Gateway represents a physical device or a software application on the
customer side of the VPN connection.
The VPC connection consists of two tunnels for higher availability to VPC.

8. Thank You