Amazon Virtual Private Cloud (Amazon VPC) enables you to define a
virtual network in your own isolated area within the Amazon Web Services (AWS)
cloud, known as a virtual private cloud (VPC). You can
launch your AWS resources, such as instances, into your VPC.
Your VPC closely resembles a traditional network that you might operate in your own datacenter, with the benefits of using AWS's scalable infrastructure. You can configure your VPC; you can select its IP address range, create subnets, and configure route tables, network gateways, and security settings. You can connect instances in your VPC to the Internet. You can connect your VPC to your own corporate datacenter, making the AWS cloud an extension of your datacenter. To protect the resources in each subnet, you
can use multiple layers of security, including security groups and network access control lists.
Your VPC closely resembles a traditional network that you might operate in your own datacenter, with the benefits of using AWS's scalable infrastructure. You can configure your VPC; you can select its IP address range, create subnets, and configure route tables, network gateways, and security settings. You can connect instances in your VPC to the Internet. You can connect your VPC to your own corporate datacenter, making the AWS cloud an extension of your datacenter. To protect the resources in each subnet, you
can use multiple layers of security, including security groups and network access control lists.
Benefits
of Using a VPC
By launching your instances into a VPC instead of Amazon EC2, you
gain the ability to:
·
Assign static private IP addresses to your instances that persist
across starts and stops
·
Assign multiple IP addresses to your instances
·
Define network interfaces, and attach one or more network
interfaces to your instances
·
Change security group membership for your instances while they're
running
·
Control the outbound traffic from your instances (egress
filtering) in addition to controlling the inbound traffic to them (ingress
filtering)
·
Add an additional layer of access control to your instances in the
form of network access control lists (ACL)
·
Run your instances on single-tenant hardware
Differences
Between Amazon EC2 and a VPC
The following table summarizes the differences between instances
launched in Amazon EC2 and instances launched in a VPC.
Characteristic
|
Amazon EC2
|
VPC
|
Public IP address
|
Your instance receives a public IP address.
|
Your instance doesn't receive a public IP
address.
|
Private IP address
|
Your instance receives a private IP address
from the EC2 range each time it's started.
|
Your instance receives a static private IP
address from the address range of your VPC.
|
Multiple IP addresses
|
You can assign a single IP address to your
instance.
|
You can assign multiple IP addresses to your
instance.
|
Elastic IP address
|
An EIP is disassociated from your instance
when you stop it.
|
An EIP remains associated with your instance
when you stop it.
|
Security group
|
A security group can reference security
groups that belong to other AWS accounts.
|
A security group can reference security
groups for your VPC only.
|
Security group association
|
You must terminate your instance to change
its security group.
|
You can change the security group of your
running instance.
|
Security group rules
|
You can add rules for inbound traffic only.
|
You can add rules for inbound and outbound
traffic.
|
Tenancy
|
Your instance runs on shared hardware.
|
You can run your instance on shared hardware
or single-tenant hardware.
|
Posts
0 comments:
Post a Comment