Amazon Virtual Private Cloud (VPC) | AWS VPC | AWS Tutorial for Beginners | Edureka

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hello everyone this is ankit here greetings from medureka in today's session we are going to discuss about a very important and widely used services from aws that is virtual private cloud or vpc in this session we will cover the following agenda we will start by explaining you what a vpc is and why is it required we will then move on and discuss about subnets and its various types later we will do a hands-on wherein we will create a vpc using the aws console while creating the vpc we will also discuss the critical components of vpc post that we shall discuss about the important topics that is vpn and direct connect end of this session we will give you the recommendation of the vbc best practices meanwhile kindly subscribe to us and don't forget to hit that bell icon to never miss an update from the edureka youtube channel also to learn more about aws and cloud computing do check out our aws training program the link to which is given in the description box below let's start with the basic question what is a bpc in order to understand let us think about today's scenario today we are facing a pandemic situation in this situation the utmost priority for all of us is to maintain a private sanitized space even when we are visiting a public space we need to take care that the social distancing norms are being followed similar to this enterprise want to use all the services available in aws but they want to do it in their own private sanitized space this space is provided by a service in aws known as vpc vpc provides us the private space that is required inside aws wherein we can define our own network and also use all the services of aws as per our requirements so the technical definition of a vpc is as can be seen from the illustration let us try to understand it a vpc is defined in a region of aws as we all know there are various availability zones within the region it should be noted here that the bpc can be spread within a region in all availability zones in this illustration there is shown a region with two availability availabilities the vpc is spread among both these availability zones the other point to be taken into consideration is a vpc is generally a large network in order to have better control over the network the large network of a vpc is further divided into smaller groups or smaller chunks these smaller chunks within bpc are known as subnets so now let us discuss why a vpc is required for an enterprise using the cloud or migrating to a cloud the most important concern is privacy security and the security of their proprietary data they are not comfortable when they need to use a public network of a cloud service like aws in order to use their services therefore a vpc provides them an extra layer of security wherein they can define their own network it not only gives them security but it also gives them ease of connecting to their instances or services when we create our aws credential a default ppc is created but in industry or at a production level we need to customize our vpc the tools required to customize our vpc is provided by aws where we can explicitly create subnets nat security groups internet gateway etc all these terms shall be explained with the hands-on in this session before we move and understand the components of what makes a vpc let us first spend some time and understand what is an ip address the ip address or the internet protocol address is a logical numerical label assigned as a unique identity to each device in a network in more late terms it can be understood as every human being has a fingerprint it is unique to each of us similarly every device which is connected to a network has an ip address which is unique to itself it's like a fingerprint for that device let us get more deeper into understanding of an ip address take for illustration the computer's ip address 155.67.35.0 it consists of four parts these four parts are known as octets each update contains eight bits so in all the ip address consists of 32 bits four octets each octet consisting of eight bits therefore four into eight 32 bits let us now understand another important topic or important definition that is cidr classless inter domain routing cidr is basically a methodology to represent a ip address let's take an illustration 172.31.0.063 the slash 16 part here represents the number of bits present in the network id let us understand it a little deeper as explained earlier the ip address consists of 4 octanes and each update consists of 8 bits the 16 here denotes the number of first 16 bits out of this 32 bits which are not so in short in this ip address the slash 16 denotes that in this network this 16 bits are locked so what does it signify it signifies that the remaining 16 bits out of this 32 bits are available for use in the network therefore the total bits which are available to be used in the network are 32 minus 16 is equal to 16 therefore the total number of ip addresses which can be generated from this 16 bits would be 2 raised to 16. let us take for better understanding one more illustration suppose one seventy two point three one point zero point zero slash twenty eight this is a little tricky as 28 is not a multiple of 8 but let us understand so this denotes that in this ip address out of 32 28 bits are locked number of bits which can be changed in this ip address are the last 4 bits therefore the total number of ip addresses which can be generated from this cidr 2 raised to 4 or 16 ip address what does this denote it denotes that this ib address is a much larger network wherein you have provisioned it with the larger number of ip addresses which can be assigned within this network whereas in this ib address the number of ip addresses available to be used within this network are very small therefore classless inter domain routing reduces the wastage of ip addresses by providing the exact required number of ib address to the users it is also a methodology by which we can gauge the vastness or the largeness of the network it has been assigned to now that we have understood the basics of ip address and cidr let us see what are the key components of epc the key components of ppc that we would be talking and also discussing and doing hands-on on are the following one internet gateway and nat it logically enables routing of traffic in the public network that is it gives us the gateway like a final one from which our vpc can connect to the internet dns standard which resolve names used over the internet into ip address elastic ip it is a static ib which never changes vpc end points private connection between your vpc and other aws services without using internet this is one of the key features of vpc wherein we will be discussing that in detail during this session network interface a point of connection between a public and private network egress only ig allows only outbound communication from ec2 over ipv6 route tables another important feature to understand vpc it defines how a traffic is routed between each subnet vpc period connection between vpcs we will be discussing about each of these components during the course of this session now that we have understood what is an ip what is cidr and what are the key components of a vpc let us understand what are subnets as explained earlier a vpc may consist of a large network in order to have better architecture within this large network we may divide it into smaller networks so it is a concept of network within a network it may also be understood that the large network of vpc has been divided into smaller networks these smaller networks are known as subnets therefore a subnet is a logical subdivision of a larger network here comes a picture of cidr ip addresses with common prefix are used in the same subnet as can be seen in this illustration 172.31.0.0 16 is the ip address of this vpc we have two subnets here one is known as a private subnet and the other public subnet we have assigned a common prefix of 172.31 to both the subnets and the ip addresses have been divided the various types of subnets are private subnet and public server why is this a requirement let us understand it may be with the example of a website like facebook there are certain parts of facebook which we require access to on which facebook wants us to access but there are other parts of facebook which facebook wouldn't want us to get access to that is their database this bifurcations can be done using private subnet and public subject when we do hands-on we will understand how do we categorize a subnet which has been created inside a vpc as private or public so let us now start our hands-on in order to better understand the concepts which we have understood till now that is vpc region availability zone and subnets let us start our hands-on and reiterate what we have learned in this hands-on we would be creating an architecture similar to the illustration as seen in the image within the aws we will be creating in one of the region a vpc in that vpc we will be creating two subnets one is the public subnet and the other is a private server we will then provide an internet gateway which will give access to the subnet to the public network on the internet also we will understand how we shall create a router or a rock table we will be creating a route table for each of the subnets that we are creating and understand how important it is for vpc so let us start this session so let us now log in to our aws console we are signing in to our aws console so this is the dashboard which reach into when we start our aws management console the point to be taken into consideration here are one this is the region wherein we are going to create our bpc it should be noted there are various regions we have chosen this region in which we are going to create our ppc now how do we access vpc as a service we can do it either by searching on the search bar or we may go and click on the vpc service inside cat networking and content delivery section of aws we have launched into the vpc service of aws inside north virginia region now we need to create our vpc aws provides us one of the visa by which we can launch a bpc but we shall be creating our vpc by clicking on this link let us first as you may see there is already a vpc residing here this is the default ppc which i am talking about this default vpc comes packaged whenever we create our aws credential we are now going to create our own custom vpc let us name the vpc as edureka dem before we discussed about a topic known as cidr here in comes its use we need to allocate a ip address to this vpc in the form of a cidr block we are just providing it 10.0.0.0 16. so basically we are creating a vpc in which we can assign as explained before 2 raised to 16 ip addresses let us create this vpc with the default settings the vpc has been created the next thing which we discussed about was subnet let us understand what we did till now again we created a vpc inside the aws region north virginia now we are going to create inside this vpc smaller networks or smaller chunks of this network known as subnets we go into the subnet module there is already one default subnet available we are going to create our own subnet the first subnet which we will create is the private subnet let us name it as private subnet the vpc inside which this subnet will reside we need to select it so we are going to select the one which we created that is the availability zone this is what i was talking about we created a vpc inside the region north virginia in north virginia there are six availability zone in the illustration which we had discussed it had two availability zone in north virginia there are six availabilities what we are going to do is we are going to create a private subnet in one of the availability zone let us select this one the other thing to be noted here is as soon as we associated this subnet with the vpc the corresponding cidr of the vpc has been mentioned here now we need to mention a cidr block for the subnet which we are creating it needs to be mentioned here we need to give a cidr block here which is a part of this network so 10.0 will remain fixed as explained earlier the 16 for 16 bits of this network or ib address is blocked so 10.0 cannot be changed so we change the third digit or the third object as one zero slash 24. so we are locking in this subnet the first 24 bits 10.0.1 so it has to its dispose 2 raised to 8 ip addresses which can be assigned within this subnet let us create the subnet here the first subnet that is private subnet has been created now let us create another subnet which is our public submit public submit we assign this subnet again inside the vpc edureka demo we can assign this public subnet in the same availability zone which we did for private subnet or we can have it in other availability zone for this demo let us create this subnet that is our public subnet in a different availability as explained we can now assign ipv4 cidr blocked to this subnet by fixing 10.0 and assigning it a different ipad this is the subnet which we are going to create perfect till now whatever we have done is what we have discussed we have created a vpc inside the region north virginia of aws services in the vpc we have created two subnets one is the private subnet and the other is a public subnet it can be noted here that these two subnets have been assigned to these two vpc so within this vpc we have these two subnets we have also assigned ip address or we have defined the ip addresses for our vpc and accordingly we have assigned a ip address to our subnet the next part after creating subnet is creating route table so what is the route table let us understand that route tables are the set of rules which are used to determine where the network traffic has to be routed it specifies the destination subnet and the gateway router to reach it so basically a route table is a lock wherein we maintain all the rules or we specify all the rules by which we say which subnet will communicate with internet in what way let us better understand it with the hands-on herein there are default route tables created one of the round table you can see has already been created for edureka demo this is the round table which is created by default but it is a standard that we need to create a rough table for the subnets which we have created so let us create for the two subnets which we have created in our vpc two route tables the first route table we will name it as public rt the vpc is edureka demi so now we are creating this roundtable similarly let us create another route table that is private rt for the vpc edureka demo now we have created the two route tables but now we need to assign the subnets which we have created to the respective route tables that can be done by clicking on the created route table and going into this tab of subnet association so now we will associate our subnet with the respective route tables so we click on edit subnet association we see that there are two subnets which we have created that is private subnet and public subnet the name of this route table is private rt that is private route table let us assign the private subnet to this route table this basically means all the rules all the conditions of how this subnet communicates with the router will be locked into this table that is private art similarly let us associate the subnet with public rt tip if we click on edit subnet association we see again that the two subnets which we had created for our vpc edureka demo are listed here now it can be noted here that it shows one of the subnet that is private subnet has already been associated with this route table therefore we shall now associate the subnet that is public subnet to public rt done so the other thing it needs to be noted is this is the default or the main route table which has been created as we created our vpc these two are the route tables which we have created one for the public subnet and the other for private server now let us understand what the internet gateway is as can be seen in this illustration we have our public and private so one of the public subnet needs to communicate with the internet how do we do that how will we provide that gateway to public subnet so that it can communicate with the public network or the internet for that there is a service provided by aws within bpc that is known as internet gate this internet gateway shall be assigned or shall be linked to these subnets which we want to be connected to the internet thus the internet gateway is a vpc component that helps instances to communicate over the internet using targets provided in the route let us now understand how we can create this internet gateway i am going to create a new internet gateway let us name it as edureka demo ig and with the default settings we will create this internet gateway this internet gateway has been created but it is right now in detached state therefore we need to attach it to one of the vpcs so here we click on attach to vpc we select the vpc to which we want this internet gateway to be associated and we create the attached internet gate now if you see the status has changed from attached to tax and it has been attached to this vpc so let us understand or summarize what we have done till here we created our vpc in a region north virginia we created two subnets within that vpc private and public we created for each subnet a route table and now we have assigned or we have created an internet gateway for our ppc edureka demo id now in the route table we need to update the table by the rules or by the log that which subnet can connect to the internet gateway remember as explained earlier internet gateway provides us the access to internet so here the public rt needs to be provided that access how do we do that we go to the tab routes we edit routes we add a number 0.0.0 0 and we select in this tab the internet gateway once we do that we can see in the drop down the gateway which we have created we select that and we save the route so basically what we have done is we have created a route for our subnet to connect to the internet for that we have provided the information in the router thus till now we have created our ppc we have created two subnets we have created an internet gateway and we have updated our route table by mentioning that the public subnet can connect to the internet using internet gateway and we have assigned the respective gateway which we had created now let us create two instances within our subnet let us go here click on ec2 we shall now create one instance each for the two subnets which we had created we go to instances and we launch a instance we need to select a machine or instance we select the default one and we configure our instance so now we are going to create our ec2 instance within one of the subnets here you can see that the vpc which we have created one is the default vpc and the other is a custom vpc we can select our custom ppc from this dropdown within that vpc we have two subnets private subnet and public subnet this instance we actually going to create for our private subnet so we select the private server or to assign public ip we all know that the instances which we want to create in our private subnet need not be exposed to the internet therefore we will not assign any ip address to it to do that we will disable public ip we will next look into storage we will keep it as default add text we will keep it as default for configure security group this is another important aspect of a vpc now aws provides us security group which is at the instance level so at the instance level i can mention who all can connect to this instance suppose i mentioned that apart from ssh i would want http and https to be included in the protocol wherein we can communicate with the instance these details at instance level can be mentioned in this section we have just done that and we launch our instance we will now need to create a keypad to communicate with this instance i will use a keypair which i have already created you may also download a new one by clicking a create new keypad or you can click on choose an existing keypad i shall use one of the existing keypad should be noted here you can also create a new keypad you can just name the kneepad keypad and download it for now we will use a already existing keypad so the instance has now been created let us go and have a look at as can be noted here that a instance has been created and the key name is edureka there is no public ip address assigned to it let us name this instance as the private instance now let us launch another instance for our public subnet select next let us follow it here in configure state instance let us have a look here for the network we use our private network vpc network that we created edureka demo in the subnet we need to now create this instance for our public subnet we need to assign a public ip to it so that we can communicate to this instance so for auto assign public ip we will click on enable next we will keep it as default the tag section will be kept as default in configure security group again we may add more rules such as http https and let us launch this instance again let us use the existing keypair that is edurated let us look at the instances which we have created as you may see the status for the newly created instance is still in pending status let us in the meantime name the instance as popular the instant state has changed from pending to running the other thing to be noted here is we had requested aws to assign a public ip to it it has done this so now we can communicate with this instance using this public ip address let us go to our command terminal now and try to communicate with this instance so now i open the terminal in which i have our keypad that is edureka demo how do i connect what is the command to connect to my instance i can go here i want to connect to my public instance i can click on connect and here in the ssh client tab this is the command provided by which i can connect to this instance i shall pass this command in my command terminal and here i have now entered into my instance that is my public instance let me now use the internet from this instance let me ping google.com as you can see it has started communicating with google and is exchanging packets similarly let us now connect to the other instance which we have created which is the private instance it needs to be noted here that the private instance has no ip address so we cannot connect to this but let us try doing that we use again the ssh client provided exit out of our public instance and we paste for our private instance as you may note now it is trying to make a connection with the instance but it is being refused so it is not able to connect yes so you can see this error now connect to host 10.0.1.85 port 2222 connection timer it was not able to connect to that instance it is obvious because there was no ip address assigned to that instance that we have seen that we are not able to connect to our private instance we can try connecting to our private instance through our public instance so what we'll do now is we'll access our public instance in that public instance we will give a certificate which is required to access private instance so we will use the network within our private cloud wherein we will try to connect our public instance with our private instance so let us do that now i connect to my public instance so now we have connected to our public instance so now let us connect to our private instance from our public instance so we take the sudo access of our private instance by writing this comma let us create a blank bam file which will contain the key to connect to our private instance so we have created a new file that is my dot pen file in which we will now insert the key required to connect to our private instance i will copy paste this i go to my command terminal i connect to my public instance yes so i am connected to my public instance let us now take a sudo access to this machine or to this instance we now create a wimp file xs dot pem to connect to our in which we will pass the security key required to connect to our private instance i will copy paste the key which is there in edureka demo to my access.pm file which i am creating i will save this i will now give it the read write access and now i will attempt to connect to my private instance let me modify the key name before passing it on the command line yes okay i misspelled the name of xs it should be a double c let us do that yeah as you may now see that i have changed the ip address i am now logged in into my private instance from my public instance within the vpc let us now bring google from my habit instance so i am telling my private instance to connect to google as you may see now that it is not able to exchange any packets it means that my private instance doesn't have any connection with the internet which is what we want our private instance to be many of our private instances inside our private subnet needs access to the internet it may be because of practical reasons like updating our database or updating our security patch etc so how do we do that for that vpc provides us a concept of nat gateways nat gateway is created so that our private subnets or the instances within our private subnet can get access to the internet it needs to be noted here that private net gateways are one-way access the full form of nat is network address translation devices enables instances in the private subnet to access the internet or other aws resources but it prevents the internet from initiating connections into the instances so it's a one-way communication wherein our private subnet can connect to the internet using this device or using this nat concept how do we do that we need to create a net we create an ad gateway it needs to be noted here or it can be seen from this illustration that the nat gateway is created in the public subnet we need to create edureka that gateway in the public subnet the public subnet of edureka demo we select that we allocate to it a ip address by using the concept of allocate elastic ip address and we create this name let us go and look whether in what state it is as you can see we have created a nand gateway it has been assigned inside vpc edureka demo under the public subnet and it has been assigned a private ip address now we need to go to the route table and update our route table for the private subnet of private rt what we need to do is we need to give it a route 0.0.0 0 and connect it to the nat gateway you may see here that in the drop down the nat gateway which we have created therefore what we have done now is we have created a nat gateway inside our public subnets we are now connecting or providing a route for our private subnet to connect to this nat gateway this nat gateway now will be connected to our ig or internet gateway and can access the internet let us do it we have created our routes and updated our route table let us see whether our private subnet can get access to internet as it has been routed via the i am in my private instance right now i tried pinging google.com before nat gateway it did not receive any information back from google because it couldn't connect to or it couldn't ping that website now let us do it again before that let us check whether nat gateway has become like it is still in pending mode let us wait before its status changes yes so now the nat gateway is available let us try pinging google.com perfect as you can see now the private subnet is able to access google.com why because we have created a nand gateway this night gateway is connected to the internet gateway for now the private subnet or the instances within the private subnet can access the internet via nat gateway this gives us the practical gateway wherein we can update our private instances also it is very important to let you all know that once we have done or completed our demo it is prudent to delete all the instances otherwise you may be charged for the same let us do that so that we can repeat whatever we have done the first thing which we need to do is delete our instances so we have created two instances let us delete them i am doing this so that we can repeat whatever we have done we had created two instances one instance in our private subnet that is private instance and the other instance that is public instance in our public subnet let us delete one by one we go to instant state and we terminate the instance let us do it similarly for our public instance instant state and terminate our instance so what we have done now is we have terminated our instances within the public and private subnet now the whole thing is we need to delete our whole bpc so the first thing which we need to do is we need to delete our nat gateway let us delete the that gateway which we created we go to actions and we click on delete get and we type in delete it has been deleting it will get into delete stage once we delete our nat gateway which was used to access internet by the private subnet let us go and delete our internet gateway before we delete our internet gateway we need to delete it from our route tables otherwise it may not allow us to delete it we go here we go to our routes we edit our routes and we delete our internet gateway edit routes and this has already been deleted that gateway so it is giving us the error we delete that part also once the internet gateways have been detached let us now delete the first detach it from our vpc it has detached from our vpc now we can go to our vpc we don't need not delete our subnets one by one what we can do is we can now delete our whole ppc so we delete our vpc we need to type in delete here in the delete the vpc is being deleted with this we have deleted all our instances within our subnets and we have deleted the vpc which we have created as we did in our hands-on we had given to each of the instances a security group we had mentioned ssh http and https therefore security groups are working at an instance level security group is required to control the inbound and outbound traffic of your ec2 instance it acts as a firewall at the instance level and not at the subnet level so basically we are assigning the security groups or we are assigning in layman terms who are can access our ec2 instances aws also provides us with an extra layer of security by the name network acl network as xs control list it is one of the feature in aws as you can see here this is the default acl list on nacl list which has been created we can assign network acl to each of the subnet which we created it is an additional security layer controls inbound and outbound traffic rules at a subnet level so it means that at the subnet level we can have one more layer of security which will then overpower the rules which we had for our instances or the security groups which we have assigned for our instances it allows us both along and deny rules therefore the basic difference between network acl and security groups is network acl are stateless it responds to the allowed outbound traffic and are subjected to the rules of inbound traffic security groups on their other hand are stateful they respond to the allowed outbound traffic and can flow regardless of inbound rules importantly nacl are defined per subnet it is an extra layer of security security group have to be defined at an instance level and every instance can have a different set of security groups lastly a subnet can be assigned only one nacl and if not associated explicitly it can be associated implicitly with the default nacl whereas in security group an instance can be assigned five security groups and each security groups has 50 rules now let us understand about another important concept that is vpc peering this is one of the ways by which we can connect different vpcs as you may all understand in enterprise there will not be only a single vpc different groups within the same enterprise for example the data analytics group and say the data science group may have different vpcs they may want to communicate between each other aws provides us a service known as vpc peering by which we can connect one to one all the vpcs within the aws it may be in the same region or it may be in different regions we can define the rules by which vpc pairing can connect within different vpcs this has an advantage wherein we don't need to connect two vpcs through a public network it can be done using vpc pairing vpc pairing allows us to connect one vpc to another vpc via direct network raw using private ip address you could pair with vpcs with other aws account it can be paired with other aws account as well as with other vpcs on the same account it has to be noted here there is another service which is known as transit gateway which can also be used in order to connect various vpcs but that is a different topic of discussion so now in this diagram we illustrate how a vpc pairing typically occurs here you may see that there are two vpc with two different ip addresses assigned we need to have a connection between them vpc pairing is the service which we are opting for we update the security groups to ensure that the traffic to and fro from the vpc peer is not restricted as can be seen in this illustration the peering request has been accepted by the blue group now there is a two-way connection between these two groups or these two vpc to activate the vpc pairing connection the acceptor must accept the appearing request as has been accepted by the blue group here the request expires after seven days if there is no action taken on the request once this peering request has been accepted then we can create routes to connect the various instances between this two groups now we can update our route table once the peering request has been accepted update the route table of both the vpcs to enable the flow of traffic between them now that we have understood how a vpc is created what is vpc pairing the other most important service of vpc is vpn and direct connect at enterprise level as can be seen in the illustration the enterprise may have a data center which needs to communicate to a vpc the existing data center may be keeping a copy of their data in their vpc or may have additional space in the vpc in short the existing data centers of the enterprise needs to connect with the virtual private cloud of that enterprise so how do we do that we can do it in two ways one is virtual private network well the concept of virtual gateway exists this virtual gateway and the customer gateway can connect with each other then two tunnels the blue lines here shows the two tunnels or the uh the internet connection by which the existing data center has been connected to our vpc vpn is a service that helps to connect your ppc to your data center through ipsec internet protocol security protocol so as we may all know in layman the transfer year takes place with internet protocol security or rather it takes place in an encrypted form the security year is much more higher than connecting with the vpc via public network it is a secure connection between your on-premise equipment and your vpcs it needs to be noted here the blue lines here denote internet now what if this internet connection is patchy or the speed is not up to the mark also there is still some level of breach of security which may take place on these connections to avoid this aws is providing with the service within vpc known as direct connect so what is direct connect gateway direct connect is a network service that provides a dedicated network connection from your premises to aws without using the internet so how does it happen it happens in such way that there are vendors who provide for each region direct connect pub now the customers data center can connect to this direct connect gateway there are third party vendors who can lay down these lines in short the direct connect gateway are connected to the endpoints of the region with high quality fiber that speed can go up to 100 gbps and these are connected directly to the customers the data centers it provides us the advantage wherein we have higher speed of connectivity between the customer data center and the vpc on the cloud it provides us with a dedicated line which gives us higher speed of connectivity between the customer data center and the vpc so what are the features direct connect features private connectivity to amazon vpc the speed is having high elasticity from one gpps to 10 gbps connections connections and virtual interfaces are managed easily enhance security through 802 dot iqv lands it reduces the bandwidth cost and consistent network performance all of the major larger enterprises go with this feature of ppc it is compatible with all aws services let us summarize the difference between vpn and direct connect vpn it can be connected via the internet in a secure way in direct connect will be connected via dedicated lines without the internet vpn is suitable for small workloads direct connect are suitable for large and medium workloads in vpn we have the bandwidth constraints in direct connect we have virtually no bandwidth constraints in vpn only resources inside vpc can be used while in direct connect all resources of aws such as s3 dynamo db and vpc can be used in vpn the connectivity and speed is not stable while in direct connect the connectivity and speed is stable let us end this session by recommending you 4 best ppc practices certain best practices are we need to design or architect our vpc thinking about mid to long term horizon we need to maintain proper logs of what is the outflow and the inflow of connections with our vpc we can monitor our vpc using services like amazon cloud watch we need to have proper use of all the availability zones of our vpc this acts as a backup in case one of the availability zones are not available due to certain issues also importantly we need to study more in detail about the security aspects such as security groups and nacl the network addresses which we assign to our vpc should also be looked into in details so that it supports the growth of our vpc from mid to long term horizon with this we recommend you to go through these official documentation from aws on vpc so before ending today's session let us summarize what we learned today we had a session where we learned about the basics of bpc what and why we understood what is the subnet we also did a hands-on where we created a vpc in one of the region and we created two subnets that is a private subnet and a public subnet we understood how route tables are updated we created an internet gateway and assigned it to our public subnet later we also learned about nat gateway which is critical in order to connect our private subnets with the internet gateway and eventually with the internet we also learned about vpc peering post that we discussed about vpn and direct connection i hope this instigates all of you to learn more about the one of the most important topics of aws that is virtual private cloud i wish you all the best thank you i hope you have enjoyed listening to this video please be kind enough to like it and you can comment any of your doubts and queries and we will reply them at the earliest do look out for more videos in our playlist and subscribe to edureka channel to learn more happy learning you

Info

Channel: edureka!

Views: 43,441

Rating: 4.9129381 out of 5

Keywords: yt:cc=on, aws vpc, aws vpc tutorial, Amazon Virtual Private Cloud, VPC, vpc aws tutorial, aws tutorial for beginners, amazon vpc, aws vpc deep dive, aws training videos, what is aws vpc, aws certified solutions architect associate level, aws tutorial, aws vpc peering, aws vpc endpoint, aws vpc setup, aws vpc configuration, vpc fundamentals, Amazon VPC and Subnets, Amazon VPC Best Practices, aws edureka, edureka, aws cloud practitioner, aws cloud, aws essentials, learn aws

Id: b1b6JTYnbjU

Channel Id: undefined

Length: 54min 58sec (3298 seconds)

Published: Sat Oct 10 2020