vpc - KeynesYouDigIt/Knowledge GitHub Wiki

Use VPCs to segment your organization's resources:

• Different environments for your apps
• Marketing vs. Product, etc.

Route Tables

• Determines how resources inside a VPC communicate with each other
• The internet gateway (igw) allows your internal traffic to reach the internet

ACL

• Determines what kind of traffic is allowed in and out of a VPC
• A seconary line of defense - Security groups do most of the work

NAT

• Network address translation
• Private IP addresses that have that go through a public gateway
• 3 blocks of IP addresses that are only used for private addresses:
  • The entire 10.0.0.0 block
  • 72.16 through 172.31
  • 92.168 through 192.168
• Private addresses are assigned with a DHCP server
  • They generally don't assign .0, .1, and .255 to clients
• You can split these into sub-networks, that may or may not be able to communicate with each other

CIDR

Classless Inter-Domain Routing.

192.168.0.0/24

• Means that the first 3 octets (8 bits * 3) are the network, the last octet is for device ("host") addresses
• Next subnet would be 192.168.1.0/24
• A subnet needing more than 255 devices could open up the next octet with 192.168.0.0/16

Netmask

Alternative to CIDR.

255.255.255.0

• All 8 bits of the first 3 octets are reserved for the network, and none of the last octet
• You could open up the next octet with 255.255.0.0