| Next » | |
   | Did this page help you? Yes | No | Tell us about it... |
What is Amazon VPC?
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
Topics
Amazon VPC Concepts
As you get started with Amazon VPC, you should understand the key concepts of this virtual network, and how it is similar to or different from your own networks. This section provides a brief description of the key concepts for Amazon VPC.
Amazon VPC is the networking layer for Amazon EC2. If you're new to Amazon EC2, go to What is Amazon EC2? in the Amazon Elastic Compute Cloud User Guide to get a brief overview.
VPCs and Subnets
A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC. You can configure your VPC; you can select its IP address range, create subnets, and configure route tables, network gateways, and security settings.
A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a subnet that you select. Use a public subnet for resources that must be connected to the Internet, and a private subnet for resources that won't be connected to the Internet.
To protect the AWS resources in each subnet, you can use multiple layers of security, including security groups and network access control lists (ACL). For more information, see Security in Your VPC.
Supported Platforms
There are two supported platforms into which you can launch instances: EC2-Classic and EC2-VPC. For more information, see Supported Platforms in the Amazon Elastic Compute Cloud User Guide.
A default VPC combines the benefits of the advanced features provided by EC2-VPC with the ease of use of EC2-Classic. If you have a default VPC and don't specify a subnet when you launch an instance, the instance is launched into your default VPC. You can launch instances into your default VPC without needing to know anything about Amazon VPC.
For more information, see Your Default VPC and Subnets.
Accessing the Internet
You control how the instances that you launch into a VPC access resources outside the VPC.
Each instance that you launch into a default subnet has a private IP address and a public IP address. These instances can communicate with the Internet through an Internet gateway. An Internet gateway enables your instances to connect to the Internet through the Amazon EC2 network edge. Your default VPC includes an Internet gateway.
Each instance that you launch into a nondefault subnet has a private IP address, but no public IP address. These instances can communicate with each other, but can't access the Internet or other AWS products, such as Amazon Simple Storage Service (Amazon S3).
You can enable Internet access for an instance launched into a nondefault subnet by attaching an Internet gateway to its VPC (if its VPC is not a default VPC) and associating an Elastic IP address with the instance.
Alternatively, to allow an instance in your VPC to initiate outbound connections to the Internet but prevent unsolicited inbound connections from the Internet, you can use a network address translation (NAT) instance. NAT maps multiple private IP addresses to a single public IP address. A NAT instance has an Elastic IP address and is connected to the Internet through an Internet gateway. You can connect an instance in a private subnet to the Internet through the NAT instance, which routes traffic from the instance to the Internet gateway, and routes any responses to the instance.
For more information about routing and NAT in your VPC, see Route Tables and NAT Instances.
Accessing a Corporate or Home Network
You can optionally connect your VPC to your own corporate data center using an IPsec hardware VPN connection, making the AWS cloud an extension of your data center.
A VPN connection consists of a VPG attached to your VPC and a customer gateway located in your data center. A VPG is the VPN concentrator on the Amazon side of the VPN connection. A customer gateway is a physical device or software appliance on your side of the VPN connection.
For more information, see Adding a Hardware Virtual Private Gateway to Your VPC.
Working with Amazon VPC
AWS provides several ways to work with Amazon VPC:
AWS Management Console
Command line interface
API actions
AWS Management Console
You can use the AWS Management Console to perform tasks related to Amazon VPC, such as creating and deleting VPCs, subnets, and gateways. For more information about the Amazon VPC console, see Getting Started with Amazon VPC.
Command Line Interface
The command line interface for Amazon VPC provides a set of simple commands that use a Java runtime environment. The commands for Amazon VPC are part of the Amazon EC2 API tools interface. For more information about getting started with the command line interface, see Setting Up the Amazon EC2 Command Line Tools in the Amazon Elastic Compute Cloud User Guide. For more information about the commands for Amazon EC2 and Amazon VPC, see List of API Tools by Function in the Amazon Elastic Compute Cloud Command Line Reference.
API
The Amazon VPC actions are part of the Amazon EC2 WSDL, and Amazon VPC uses the Amazon EC2 web service endpoint. Request authentication for the Amazon VPC API actions works the same way that it does for the Amazon EC2 API actions. For more information about how to use the API actions, see Making API Requests in the Amazon Elastic Compute Cloud User Guide. For more information about the Amazon EC2 and Amazon VPC API actions, see List of Actions by Function in the Amazon Elastic Compute Cloud API Reference.
How You're Charged for Amazon VPC
There's no additional charge for using Amazon VPC. You pay the standard rates for the instances and other Amazon EC2 features that you use. If you choose to create a hardware VPN connection, you pay for each hour that the VPN is connected to your VPC. For more information, see Amazon VPC Pricing and Amazon EC2 Pricing.
Amazon VPC Limits
There are limits to the number of Amazon VPC components that you can provision. You can request an increase in these limits. For more information about these limits, and how to request an increase, see Amazon VPC Limits.
What's Next?
To get a hands-on introduction to Amazon VPC, complete the tutorial Getting Started with Amazon VPC.
To learn about the basic scenarios for Amazon VPC, see Scenarios for Using Amazon VPC. You can configure your VPC and subnets in other ways to suit your needs. For more information about other scenarios, see Amazon Virtual Private Cloud Connectivity Options.
To learn about using Amazon VPC with other AWS products, see the following documentation.
| Product | Relevant Topic |
|---|---|
|
Amazon EC2 | |
|
Amazon RDS | |
|
Auto Scaling | |
|
Elastic Load Balancing | |
|
Amazon EMR | |
|
Elastic Beanstalk |
The following table lists related resources that you'll find useful as you work with this service.
| Resource | Description |
|---|---|
A whitepaper that provides an overview of the options for network connectivity. | |
|
A central starting point to find documentation, code samples, release notes, and other information to help you create innovative applications with AWS. | |
|
A community-based forum for discussing technical questions related to Amazon VPC. | |
|
A high-level overview of the current release. | |
|
The home page for AWS Technical Support. | |
|
The primary web page for information about AWS Premium Support, a one-on-one, fast-response support channel to help you build and run applications on AWS Infrastructure Services. | |
|
A central contact point for inquiries concerning AWS billing, accounts, and events. |
