[AWS] VPC – NAT Gateway

NAT (Network Address Translation)

NAT remaps source IPs or destination IPs. (It translates private IPs to public IPs and vice versa.)

  • Static NAT
    • A private IP is mapped to a public IP at a 1:1 ratio. (such as Internet Gateway).
  • Dynamic NAT
    • A range of private IPs are dynamically mapped to one or more public IPs (Home router or NAT Gateways).
    • To achieve high availably, create one dynamic NAT per AZ.
Continue reading “[AWS] VPC – NAT Gateway”

[AWS] VPC Endpoints

A VPC Endpoint is a gateway object within a VPC and can be used to connect privately to AWS public services or other VPC endpoints without the need for Internet Gateway or a public subnet.

  • You do not need to use Internet Gateway, NAT Gateway (public subnet), or AWS Direct Connect.
  • The traffic never leaves the AWS network.
    • Instances in your VPC do not require public IP address.
  • VPC Endpoints are highly available and horizontally scalable virtual devices.
Continue reading “[AWS] VPC Endpoints”

[AWS] VPC Peering

VPC Peering allows direct communication between VPCs using OSI Layer 3 (Network). Once the VPCs are connected, 2 VPCs can communicate using private IP addresses.

  • Instances can connect each other as if they are in the same private network.
  • VPC Peers can span AWS accounts and even regions with some limitations.
  • Data is encrypted and transits via the AWS global backbone.
Continue reading “[AWS] VPC Peering”

[AWS] VPC – Subnets and Routing Tables

Subnets are the logic network that you group your resources in a single local network. Communication in and out of a subnet is of critical importance, and a routing table contains the rules on how traffic can be directed.

Continue reading “[AWS] VPC – Subnets and Routing Tables”