Amazon Elastic Compute Cloud
User Guide (API Version 2014-02-01)
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

Amazon EC2 and Amazon Virtual Private Cloud (VPC)

Amazon Virtual Private Cloud (Amazon VPC) enables you to define a virtual network in your own logically isolated area within the Amazon Web Services (AWS) cloud, known as a virtual private cloud (VPC). You can launch your AWS resources, such as instances, into your VPC. Your VPC closely resembles a traditional network that you might operate in your own datacenter, with the benefits of using AWS's scalable infrastructure. You can configure your VPC; you can select its IP address range, create subnets, and configure route tables, network gateways, and security settings. You can connect instances in your VPC to the Internet. You can connect your VPC to your own corporate datacenter, making the AWS cloud an extension of your datacenter. To protect the resources in each subnet, you can use multiple layers of security, including security groups and network access control lists. For more information, see Amazon Virtual Private Cloud User Guide.

Benefits of Using a VPC

By launching your instances into a VPC instead of EC2-Classic, you gain the ability to:

  • Assign static private IP addresses to your instances that persist across starts and stops

  • Assign multiple IP addresses to your instances

  • Define network interfaces, and attach one or more network interfaces to your instances

  • Change security group membership for your instances while they're running

  • Control the outbound traffic from your instances (egress filtering) in addition to controlling the inbound traffic to them (ingress filtering)

  • Add an additional layer of access control to your instances in the form of network access control lists (ACL)

  • Run your instances on single-tenant hardware

Differences Between EC2-Classic and EC2-VPC

Instances run in one of two supported platforms: EC2-Classic and EC2-VPC. Your AWS account is capable of launching instances either into both platforms or only into EC2-VPC, on a region by region basis. If you can launch instances only into EC2-VPC, we create a default VPC for you. A default VPC combines the benefits of the advanced features provided by EC2-VPC with the ease of use of EC2-Classic. For more information, see Supported Platforms.

The following table summarizes the differences between instances launched in EC2-Classic, instances launched in a default VPC, and instances launched in a nondefault VPC.

CharacteristicEC2-ClassicDefault VPCNondefault VPC

Public IP address (from Amazon's public IP address pool)

Your instance receives a public IP address.

Your instance launched in a default subnet receives a public IP address by default, unless you specify otherwise during launch.

Your instance doesn't receive a public IP address by default, unless you specify otherwise during launch.

Private IP address

Your instance receives a private IP address from the EC2-Classic range each time it's started.

Your instance receives a static private IP address from the address range of your default VPC.

Your instance receives a static private IP address from the address range of your VPC.

Multiple private IP addresses

We select a single private IP address for your instance; multiple IP addresses are not supported.

You can assign multiple private IP addresses to your instance.

You can assign multiple private IP addresses to your instance.

Elastic IP address

An EIP is disassociated from your instance when you stop it.

An EIP remains associated with your instance when you stop it.

An EIP remains associated with your instance when you stop it.

DNS hostnames

DNS hostnames are enabled by default.

DNS hostnames are enabled by default.

DNS hostnames are disabled by default.

Security group

A security group can reference security groups that belong to other AWS accounts.

You can create up to 500 security groups in each region.

A security group can reference security groups for your VPC only.

You can create up to 100 security groups per VPC.

A security group can reference security groups for your VPC only.

You can create up to 100 security groups per VPC.

Security group association

You can assign an unlimited number of security groups to an instance when you launch it.

You can't change the security groups of your running instance. You can either modify the rules of the assigned security groups, or replace the instance with a new one (create an AMI from the instance, launch a new instance from this AMI with the security groups that you need, disassociate any Elastic IP address from the original instance and associate it with the new instance, and then terminate the original instance).

You can assign up to 5 security groups to an instance.

You can assign security groups to your instance when you launch it and while it's running.

You can assign up to 5 security groups to an instance.

You can assign security groups to your instance when you launch it and while it's running.

Security group rules

You can add rules for inbound traffic only.

You can add up to 100 rules to a security group.

You can add rules for inbound and outbound traffic.

You can add up to 50 rules to a security group.

You can add rules for inbound and outbound traffic.

You can add up to 50 rules to a security group.

Tenancy

Your instance runs on shared hardware.

You can run your instance on shared hardware or single-tenant hardware.

You can run your instance on shared hardware or single-tenant hardware.

Amazon VPC Documentation

For more information about Amazon VPC, see the Amazon VPC documentation.

GuideDescription

Amazon Virtual Private Cloud Getting Started Guide

Provides a hands-on introduction to Amazon VPC.

Amazon Virtual Private Cloud User Guide

Provides detailed information about how to use Amazon VPC.

Amazon Virtual Private Cloud Network Administrator Guide

Helps network administrators configure your customer gateway.