| « PreviousNext » | |
   | Did this page help you? Yes | No | Tell us about it... |
Amazon EC2 and Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (Amazon VPC) enables you to define a virtual network in your own logically isolated area within the Amazon Web Services (AWS) cloud, known as a virtual private cloud (VPC). You can launch your AWS resources, such as instances, into your VPC. Your VPC closely resembles a traditional network that you might operate in your own datacenter, with the benefits of using AWS's scalable infrastructure. You can configure your VPC; you can select its IP address range, create subnets, and configure route tables, network gateways, and security settings. You can connect instances in your VPC to the Internet. You can connect your VPC to your own corporate datacenter, making the AWS cloud an extension of your datacenter. To protect the resources in each subnet, you can use multiple layers of security, including security groups and network access control lists. For more information, see Amazon Virtual Private Cloud User Guide.
Benefits of Using a VPC
By launching your instances into a VPC instead of EC2-Classic, you gain the ability to:
Assign static private IP addresses to your instances that persist across starts and stops
Assign multiple IP addresses to your instances
Define network interfaces, and attach one or more network interfaces to your instances
Change security group membership for your instances while they're running
Control the outbound traffic from your instances (egress filtering) in addition to controlling the inbound traffic to them (ingress filtering)
Add an additional layer of access control to your instances in the form of network access control lists (ACL)
Run your instances on single-tenant hardware
Differences Between EC2-Classic and EC2-VPC
Instances run in one of two supported platforms: EC2-Classic and EC2-VPC. Your AWS account is capable of launching instances either into both platforms or only into EC2-VPC, on a region by region basis. If you can launch instances only into EC2-VPC, we create a default VPC for you. Using a default VPC combines the benefits of the advanced features provided by EC2-VPC with the ease of use of EC2-Classic. For more information, see Supported Platforms.
The following table summarizes the differences between instances launched into EC2-Classic, instances launched into a default VPC, and instances launched into a nondefault VPC.
| Characteristic | EC2-Classic | Default VPC | Nondefault VPC |
|---|---|---|---|
|
Public IP address |
Your instance receives a public IP address. |
Your instance launched in a default subnet receives a public IP address. |
Your instance doesn't receive a public IP address. |
|
Private IP address |
Your instance receives a private IP address from the EC2-Classic, default VPC range each time it's started. |
Your instance receives a static private IP address from the address range of your default VPC. |
Your instance receives a static private IP address from the address range of your VPC. |
|
Multiple IP addresses |
You can assign a single IP address to your instance. |
You can assign multiple IP addresses to your instance. |
You can assign multiple IP addresses to your instance. |
|
Elastic IP address |
An EIP is disassociated from your instance when you stop it. |
An EIP remains associated with your instance when you stop it. |
An EIP remains associated with your instance when you stop it. |
|
DNS hostnames |
DNS hostnames are enabled by default. |
DNS hostnames are enabled by default. |
DNS hostnames are disabled by default. |
|
Security group |
A security group can reference security groups that belong to other AWS accounts. You can create up to 500 security groups in each region. |
A security group can reference security groups for your VPC only. You can create up to 100 security groups per VPC. |
A security group can reference security groups for your VPC only. You can create up to 100 security groups per VPC. |
|
Security group association |
You must terminate your instance to change its security group. You can assign an unlimited number of security groups to an instance. |
You can change the security group of your running instance. You can assign up to 5 security groups to an instance. |
You can change the security group of your running instance. You can assign up to 5 security groups to an instance. |
|
Security group rules |
You can add rules for inbound traffic only. You can add up to 100 rules to a security group. |
You can add rules for inbound and outbound traffic. You can add up to 50 rules to a security group. |
You can add rules for inbound and outbound traffic. You can add up to 50 rules to a security group. |
|
Tenancy |
Your instance runs on shared hardware. |
You can run your instance on shared hardware or single-tenant hardware. |
You can run your instance on shared hardware or single-tenant hardware. |
Amazon VPC Documentation
For more information about Amazon VPC, see the Amazon VPC documentation.
| Guide | Description |
|---|---|
|
Provides a hands-on introduction to Amazon VPC. | |
|
Provides detailed information about how to use Amazon VPC. | |
|
Helps network administrators configure your customer gateway. |
