What is AWS VPC? Definition and How It Works?

项目：创建 Amazon Web Service (AWS) 虚​​拟私有云 (VPC)

什么是AWS VPC？定义？

VPC 是一种虚拟网络，与您在自己的数据中心中运行的传统网络非常相似。创建 VPC 后，您可以添加子网。

它是如何运作的？

VPC 在云中提供可定制的软件定义网络 (SDN)，从而实现：

主要特点：

1. 资源管理：配置和管理 EC2 实例、RDS 数据库和 S3 存储。
2. 网络分段：定义 CIDR 块、创建子网和组织资源。
3. 流量控制：配置网关、路由表和网络 ACL 以确保流量安全。
4. 访问控制：为受保护的资源访问建立安全组、NACL 和防火墙规则。

好处：

• 与其他网络的逻辑隔离
• 增强的数据和应用程序安全性
• 可定制的网络配置
• 受监管的资源间通信

VPC 实施：

按照我们的步骤部署此项目：

A 部分：创建 VPC
B 部分：配置资源 (EC2)
C 部分：创建 Python 应用程序并运行项目。

准备好使用 VPC 保护您的云基础设施！

此示例展示了为生产服务器创建弹性 VPC：

首先登录您的 AWS 控制台。

A 部分：在 AWS 控制台上设置 VPC。

第 1 步：找到搜索栏并输入“VPC”

第 2 步：这就是 VPC 在仪表板中的样子，然后单击 VPC。

第 3 步：将您的项目命名为 VPC

第4步：将其设置为默认

第五步：点击创建VPC，VPC就创建成功了。

第六步：点击查看VPC，进入资源地图。

B 部分：创建 EC2 实例。 登录并连接您的终端。

第 1 步：搜索 EC2

第 2 步：选择正确的区域并命名您的 EC2 实例，选择首选 Linux 发行版 (Ubuntu)

第 3 步：选择 AMI 的免费套餐选项（首选）并选择您的 pem 密钥或创建一个。

第4步：在网络设置中点击编辑并选择图中的选项，确保选择创建的演示VPC，并且可以重命名安全组名称以便于识别。

第 5 步：将其余部分保留为默认值，然后单击启动实例。

C 部分：安装 python 应用程序并测试运行我们使用终端创建的 security / vpc。

第 1 步：转到创建的新实例，单击连接。

第 2 步：打开终端 (Git Bash) 并连接您的 EC2 实例。

Comments:
Make sure you change your directory where your pem key then connect using this cmd line:
ssh –i key.pem username@host
ssh –i cloud-jay-key.pem Ubuntu@34.236.38.205

step 3: update the packages this cmd line:

sudo apt update

Step 4: check if python is installed with cmd line:
“Python3 –version”

Step 5: run the application the cmd line:
python3 –m http.server 8000

Step 6: Run the python application on web run it with the ip
http:// 54.236.38.205:8000

You can see it is not accessible

Step 7: Go to vpc and check for Network NACL under security.

Step 8: You can see it is set and okay, let’s go security group.

Step 9: Go to Security groups, make sure you select the right security group id for demo-vpc, open it and check if the right port is open, which Custom TCP port 8000

Step 10: Edit the inbound rules.

Step 11: Under Inbound rules, add a new rule name custom TCP, add port 8000, under source select ip version 4 and save it and open the Python app again.

Step 12: Congratulation, Python app is accessible now.

Glossary

VPC: A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. After you create a VPC, you can add subnets.

Subnet: A subnet is a range of IP addresses in your VPC. A subnet must reside in a single Availability Zone. After you add subnets, you can deploy AWS resources in your VPC.

IP addressing: You can assign IP addresses, both IPv4 and IPv6, to your VPCs and subnets. You can also bring your public IPv4 and IPv6 GUA addresses to AWS and allocate them to resources in your VPC, such as EC2 instances, NAT gateways, and Network Load Balancers.

Network Access Control List (NACL): A Network Access Control List is a stateless firewall that controls inbound and outbound traffic at the subnet level. It operates at the IP address level and can allow or deny traffic based on rules that you define. NACLs provide an additional layer of network security for your VPC.

Security Group (SG): A security group acts as a virtual firewall for instances (EC2 instances or other resources) within a VPC. It controls inbound and outbound traffic at the instance level. Security groups allow you to define rules that permit or restrict traffic based on protocols, ports, and IP addresses.

Route table: Use route tables to determine where network traffic from your subnet or gateway is directed.

Gateway: A gateway connects your VPC to another network. For example, use an internet gateway to connect your VPC to the internet. Use a VPC endpoint to connect to AWS services privately, without the use of an internet gateway or NAT device.
Peering connections: Use a VPC peering connection to route traffic between the resources in two VPCs.
Traffic Mirroring: Copy network traffic from network interfaces and send it to security and monitoring appliances for deep packet inspection.

Transit gateways: Use a transit gateway, which acts as a central hub, to route traffic between your VPCs, VPN connections, and AWS Direct Connect connections.
VPC Flow Logs: A flow log captures information about the IP traffic going to and from network interfaces in your VPC.
VPN connections: Connect your VPCs to your on-premises networks using AWS Virtual Private Network (AWS VPN).

Resources:
VPC with servers in private subnets and NAT
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-example-private-subnets-nat.html

The above is the detailed content of What is AWS VPC? Definition and How It Works?. For more information, please follow other related articles on the PHP Chinese website!