301d8 read10 - carlosjorr/reading-notes GitHub Wiki

VPC

  1. How can one host within a VPC any services that need to be public?

Set up a public subnet: Create a subnet within your VPC that has a route to an internet gateway. This allows the instances within this subnet to have public IP addresses and be directly accessible from the internet.

Launch instances/services: Launch your services or instances within the public subnet. These instances will have public IP addresses, which can be used to access the services over the internet.

Configure security groups: Set up appropriate security groups for your instances/services to control inbound and outbound traffic. This helps ensure that only necessary ports and protocols are open to the internet.

Assign elastic IP addresses (optional): If you want to have a static IP address for your instances/services, you can allocate and assign Elastic IP addresses to them. This is useful if you need to maintain a consistent endpoint for your services.

  1. What are examples of services that would live in the publicly-accessible part of the VPC? The privately-accessible part?

Examples of services that would typically reside in the publicly-accessible part of a VPC include web servers, load balancers, DNS servers, and public-facing APIs.

On the other hand, services that would reside in the privately-accessible part of a VPC are those that should not be directly accessible from the internet. Examples include application servers, databases, internal APIs, and backend services that are meant to be accessed only from within the VPC or through a secure connection like a VPN.

  1. What are the trade-offs of using a VPC vs traditional infrastructure?

Trade-offs of using a VPC compared to traditional infrastructure:

Enhanced security: VPCs offer network isolation, allowing you to define and control network access through security groups and network ACLs (Access Control Lists). This provides an additional layer of security compared to traditional infrastructure.

Scalability and flexibility: VPCs allow you to scale your infrastructure easily by launching and managing instances as needed. You can also create multiple subnets, configure routing, and utilize various AWS services within your VPC, providing flexibility in designing your infrastructure.

Cost-effective: VPCs offer a pay-as-you-go model, allowing you to pay only for the resources you use. This can be more cost-effective compared to traditional infrastructure where you may need to invest in physical hardware upfront.

Integration with other AWS services: VPCs seamlessly integrate with various AWS services, such as Elastic Load Balancing, AWS Lambda, and Amazon RDS, among others. This simplifies the deployment and management of your services within the VPC.

Learning curve: Setting up and managing a VPC requires familiarity with networking concepts, AWS services, and security practices. This can involve a learning curve if you are new to cloud infrastructure. Traditional infrastructure may be more straightforward if you are already well-versed in managing physical servers and networking equipment.