Components of Amazon VPC
Amazon VPC is comprised of a variety of objects that will be familiar to customers with existing networks:
- A Virtual Private Cloud (VPC): a logically isolated virtual network in the AWS cloud. You define a VPC’s IP address space from a range you select.
- Subnet: a segment of a VPC’s IP address range where you can place groups of isolated resources.
- Internet Gateway: the Amazon VPC side of a connection to the public Internet.
- NAT Instance: An EC2 instance that provides Port Address Translation for non-EIP instances to access the Internet via the Internet Gateway.
- Hardware VPN Connection: a hardware-based VPN connection between your Amazon VPC and your datacenter, home network, or co-location facility.
- Virtual Private Gateway: the Amazon VPC side of a VPN Connection.
- Customer Gateway: Your side of a VPN Connection.
- Router: Routers interconnect Subnets and direct traffic between Internet Gateways, Virtual Private Gateways, NAT instances and Subnets.
- Peering Connection: A peering connection enables you to route traffic via private IP addresses between two peered VPCs.
How do instances in a VPC access the Internet?
Elastic IP addresses (EIPs) give instances in the VPC the ability to both directly communicate outbound to the Internet and to receive unsolicited inbound traffic from the Internet (e.g., web servers)
How do instances without EIPs access the Internet?
Instances without EIPs can access the Internet in one of two ways:
Instances without EIPs can route their traffic through a NAT instance to access the Internet. These instances use the EIP of the NAT instance to traverse the Internet. The NAT instance allows outbound communication but doesn’t enable machines on the Internet to initiate a connection to the privately addressed machines using NAT, and
For VPCs with a Hardware VPN connection, instances can route their Internet traffic down the Virtual Private Gateway to your existing datacenter. From there, it can access the Internet via your existing egress points and network security/monitoring devices.