Amazon VPC Networking Components

Amazon Virtual Private Cloud is a networking service that you can use to establish boundaries around your AWS resources. So, in simpler words, Amazon Virtual Private Cloud (Amazon VPC) enables the users to define some virtual network and then launch the AWS resources into that virtual network. It gives you full control over various network environments, resources, connectivity, and security. Moreover, it defines how a network should communicate across different Availability Zones or regions. Users have a option of easy customization of the network configuration for their Amazon Virtual Private Cloud(VPC).

Components of Amazon VPC:

• Subnet: A subnet in VPC is something a range of IP addresses. It is a section of a VPC that can contain resources such as Amazon EC2 services and shares a common address component. Public Subnet where resources are exposed to the internet through Internet Gateway and Private Subnet where resources are not exposed to the outside world.
• Route Table: They are the set of rules used to decide where the network traffic has to be managed. It specifies the destination i.e IP address and target. The target can be Internet gateway, NAT gateway, Virtual private gateway, etc. With the use of route tables, users can determine where the network traffic will be directed from your subnet or gateway.
• Virtual Private Gateway: It is the VPN(Virtual Private Network) hub on the Amazon side of the VPN connection to have a secure transaction. Users can attach it to the VPC from which they want to create the VPN connection.
• NAT Gateway: Network Address Translation (NAT) Gateway is used when higher bandwidth, availability with lesser management effort is required. It updates the routing table of the private subnet such that it sends the traffic to the NAT gateway. It supports only UDP, TCP, and ICMP protocols.
• VPC Peering: A VPC peering connection allows you to route traffic between two Virtual Private Clouds using IPv4 or IPv6 private addresses. Users can create a VPC peering connection between their own VPC with a VPC in another AWS account. This connection helps you to smoothly transfer the data.
• Security Groups: It consists set of firewalls rules that control the traffic for your sample. You can have a single security group associated with multiple instances.
• Elastic IP: It is a static IP address which is a reserved public IP address that can be assigned to any Instance in a particular region and never changes.
• Network Access Control Lists (NACL): It is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. It adds an additional layer of security to your VPC.
• Customer Gateway: VPN connection links your network (or data) to your Amazon VPC (virtual private cloud). A customer gateway is a presenter on your side of that connection. It can be a physical or software appliance.
• Network Interface: It's a connection between private and public networks. Network traffic is automatically shifted to the new instance if you move it from one instance to the other.
• VPC Endpoints: It allows VPC to make a connection with other services of AWS without using the internet. They are of two types, Interference endpoints, and  Gateway endpoints. They are scaled, redundant, and highly available VPC components.
• IP addressing: With the IP Addressing, you can assign your VPCs and subnets, the IPv4 addresses and IPv6 addresses. 

The below image will give you an architectural view of Amazon VPC:

Benefits Of Using AWS Virtual Private Cloud:

Following are the benefits of using AWS VPC:

• Efficient coordination: VPC can scale to a vast extent and users have total control over a network size including automation resources.
• Protection: VPC environment is more secure and its resources contain cloud infrastructure which uses firewalls to protect the system from internet attacks.
• Enhanced performance: VPCs enable a hybrid cloud environment in which a VPC is used by an organization as an extension of their database instead of having to deal with the complexity of building an on-premises private cloud. 
• Low Cost: VPCs are within a public cloud so the cost is quite economical.
• East to use:  AWS VPC can be easily created using AWS Management Console in two ways; first by creating manually and second through Start VPC Wizard. 
• Variety of Connectivity Options: AWS VPC can be connected to a variety of resources, such as the internet, other VPCs account, VPN connection, etc.

VPC Peering

When you allow to connect one VPC with another VPC through some of direct network route and using some private IP addresses, then this connection is called VPC Peering. and Instances will behave as if they are on the same private network. Users can peer between the regions. From VPC Peering, users can easily peer the VPC's with another AWS accounts and also users can peer the VPCs in the same account.

Pricing for Amazon VPC

As there is no additional charge for using a VPC. but there are charges for using some of VPC components like NAT gateways, IP Address Manager, traffic mirroring and many more. If user wants to create a NAT gateway in their VPC and choose this service, then the users are charged for every “NAT Gateway-hour" used.

Best Practices For Securing Your AWS VPC Implementation

The following are the best practice in order to secure the AWS VPC:

• Use AWS Identity and Access Management (IAM) for controlling access.
• Multiple Availability Zones(AZs) will increase the availability.
• Use Amazon CloudWatch to manage the VPC components.
• To control traffic and manage a network, use AWS security and groups.