Amazon Virtual Private Cloud (VPC) is a commercial

cloud computing Cloud computing is the on-demand availability of computer system resources, especially data storage ( cloud storage) and computing power, without direct active management by the user. Large clouds often have functions distributed over mu ...

service that provides a

virtual private cloud A virtual private cloud (VPC) is an on-demand configurable pool of shared resources allocated within a public cloud environment, providing a certain level of isolation between the different organizations (denoted as ''users'' hereafter) using th ...

, by provisioning a logically isolated section of

Amazon Web Services Amazon Web Services, Inc. (AWS) is a subsidiary of Amazon that provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. These cloud computing web services provide d ...

(AWS) Cloud.

Enterprise Enterprise (or the archaic spelling Enterprize) may refer to: Business and economics Brands and enterprises * Enterprise GP Holdings, an energy holding company * Enterprise plc, a UK civil engineering and maintenance company * Enterpris ...

customers can access the

Amazon Elastic Compute Cloud Amazon Elastic Compute Cloud (EC2) is a part of Amazon.com's cloud-computing platform, Amazon Web Services (AWS), that allows users to rent virtual computers on which to run their own computer applications. EC2 encourages scalable deployment o ...

(EC2) over an

IPsec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...

based virtual private network. Unlike traditional EC2 instances which are allocated internal and external IP numbers by Amazon, the customer can assign IP numbers of their choosing from one or more subnets.

Comparison to private clouds

Amazon Virtual Private Cloud aims to provide a service similar to private clouds using technology such as

OpenStack OpenStack is a free, open standard cloud computing platform. It is mostly deployed as infrastructure-as-a-service (IaaS) in both public and private clouds where virtual servers and other resources are made available to users. The software pl ...

or HPE Helion Eucalyptus. However, private clouds typically use technology such as

OpenShift OpenShift is a family of containerization software products developed by Red Hat. Its flagship product is the OpenShift Container Platform — a hybrid cloud platform as a service built around Linux containers orchestrated and managed by Kuber ...

application hosting and various database systems. Cloud security experts warn that there can be compliance risks, such as a loss of control or service cancellation in using public resources which do not exist with in-house systems. If transaction records are requested from Amazon about a VPC using a

national security letter A national security letter (NSL) is an administrative subpoena issued by the United States government to gather information for national security purposes. NSLs do not require prior approval from a judge. The Stored Communications Act, Fair Cre ...

they may not be legally allowed to inform the customer of the breach of the security of their system. This would be true even if the actual VPC resources were in another country. The API used by AWS is only partly compatible with that of HPE Helion Eucalyptus and is not compatible with other private cloud systems, so migration from AWS may be difficult. This has led to warnings of the possibility of a lock-in to a specific technology.

IP Addressing

IP Addressing in Amazon Virtual Private Cloud ( VPC) refers to the assignment of IP addresses to the resources within a VPC. VPC is Amazon Web Services (AWS) solution for providing isolated network environments for AWS resources. IP addresses in a VPC are used for communication between resources within the VPC, as well as for communication between the VPC and the Internet. There are two types of IP addresses used in a VPC: private IP addresses and public IP addresses.

Private IP addresses In Internet networking, a private network is a computer network that uses a private address space of IP addresses. These addresses are commonly used for local area networks (LANs) in residential, office, and enterprise environments. Both the IP ...

are used for communication between instances within the VPC, while public IP addresses are used for communication between the VPC and the Internet. Amazon VPC provides several options for IP address management, including the use of IPv4 and IPv6 addresses, the automatic assignment of private IP addresses, and the ability to assign static private IP addresses. Additionally, Amazon VPC provides the option to associate Elastic IP addresses with instances to ensure persistent public IP addresses. By using Amazon VPC, customers can have full control over the network configuration of their AWS resources, providing increased security and isolation compared to the traditional shared-tenancy model of public cloud computing.

Connectivity

AWS VPC allows users to connect to the Internet, a user's corporate data center, and other users' VPCs. Users can connect to the Internet by adding an Internet Gateway to their VPC, which assigns the VPC a public IPv4 Address. Users can connect to a data center by setting up a hardware virtual private network connection between the data center and the VPC. This connection allows the user to “interact with Amazon EC2 instances within a VPC as if they were within he user'sexisting network.” Users are also able to route traffic from one VPC to another VPC using private IP addresses and can communicate as if they were on the same network. Peering can be achieved by connecting a route between two VPCs on the same account or two VPCs on different accounts in the same region. VPC peering is a one-to-one connection, but users can connect to more than one VPC at a time. To achieve a one-to-many connection between VPCs, you can deploy a transit gateway (TGW). In addition, you can connect your VPCs to your on-premise systems by employing the transit gateway.

Security

AWS VPC's security is two-fold: firstly, AWS VPC uses security groups as a firewall to control traffic at the instance level, while it also uses network

access control lists In computer security, an access-control list (ACL) is a list of File-system permissions, permissions associated with a system resource (object). An ACL specifies which User (computing), users or Process (computing), system processes are granted acc ...

as a firewall to control traffic at the subnet level. As another measure of privacy, AWS VPC provides users with the ability to create “dedicated instances” on hardware, physically isolating the dedicated instances from non-dedicated instances and instances owned by other accounts. AWS VPC is free, with users only paying for the consumption of EC2 resources. However, if users choose to access VPC via a Virtual Private Network (VPN), there is a charge.

References

External links

Seamlessly Extending the Data Center - Introducing Amazon Virtual Private Cloud
�� – blog post by Amazon CTO

Werner Vogels Werner Hans Peter Vogels (born 3 October 1958) is the chief technology officer and vice president of Amazon in charge of driving technology innovation within the company. Vogels has broad internal and external responsibilities. Early life and ...

{{Amazon

Virtual Private Cloud A virtual private cloud (VPC) is an on-demand configurable pool of shared resources allocated within a public cloud environment, providing a certain level of isolation between the different organizations (denoted as ''users'' hereafter) using th ...