|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
Amazon Virtual Private Cloud ( Amazon VPC) lets you define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud.
Within this virtual private cloud, you can launch AWS resources such as, ELB load balancers and EC2 instances, that have private (RFC 1918) IP addresses in the classless inter-domain routing (CIDR) range of your choice (for example, 10.0.0.0/16). For more information about CIDR notation and what "/16" means, see Classless Inter-Domain Routing on Wikipedia.
You can create a VPC that spans multiple Availability Zones then add one or more subnets in each Availability Zone. A subnet in Amazon VPC is a subdivision within an Availability Zone defined by a segment of the IP address range of the VPC. Using subnets you can group your AWS resources based on your security and operational needs. A subnet resides entirely within the Availability Zone it was created in.
To enable communication between the Internet and the instances in your subnets, you must create and attach an Internet gateway (IGW) to your VPC. An Internet gateway enables your resources within the subnets to connect to the Internet through the Amazon EC2 network edge. If a subnet's traffic is routed to an Internet gateway, the subnet is known as a public subnet. If a subnet's traffic is not routed to an Internet gateway, the subnet is known as a private subnet. Use a public subnet for resources that must be connected to the Internet, and a private subnet for resources that need not be connected to the Internet.
To use load balancers to monitor and route traffic to your EC2 instances launched within VPC, you must create your load balancer within the same VPC as your EC2 instances. When you create your load balancer in VPC, you attach subnets that has your EC2 instances. Because a subnet is created for an Availability Zone, specifying the subnet ensures that the load balancer is configured to listen to requests in the corresponding Availability Zone.
When you attach your load balancer to a subnet, this defines the subnet that traffic must enter to forward the request to registered instances. The registered instances do not need to be in the same subnet that you attach to the load balancer. To ensure that your load balancer can scale properly, specify that the CIDR block of the subnet to which you attach the load balancer has at least a /27 bitmask (e.g., 10.0.0.0/27). You should also have at least 20 free IP addresses in the subnet where you attach the load balancer.
Elastic Load Balancing on Amazon VPC works essentially the same way as it does on Amazon EC2 and supports the same set of features. There is, however, a significant difference between the way the security groups function on Amazon VPC and Amazon EC2. In Amazon EC2, Elastic Load Balancing provides a special Amazon EC2 source security group that you can use to ensure that a back-end Amazon EC2 instance receives traffic only from Elastic Load Balancing. You cannot modify the source security group. Within Amazon VPC, you have control over the security groups assigned to your load balancer. Having control over your load balancer's security groups allows you to choose the ports and protocols to accept. For example, in Amazon VPC you can open Internet Control Message Protocol (ICMP) connections for the load balancer to respond to ping requests (however, ping requests will not be forwarded to any registered instances).
Elastic Load Balancing also supports dedicated EC2 instances with a tenancy attribute launched within a Amazon VPC. For information on dedicated tenancy instances, see Using EC2 Dedicated Instances in the Amazon Virtual Private Cloud User Guide.
IPv6 support is not currently available for load balancers in Amazon VPC.