☁️
AWS Solutions Architect Associate SAA-C03 Study Notes/
🔶
Amazon VPC/
🔷
Amazon VPC - Main Components
🔷

Amazon VPC - Main Components

  • Region – Geographical area containing multiple Availability Zones (AZs).
  • Availability Zone (AZ) – One or more discrete data centers within a region, with independent power, networking, and connectivity.
  • VPC – The main container for all networking resources in AWS.

Networking

  • Public Subnet – Has a route to an Internet Gateway, allowing direct internet access.
  • Private Subnet – No direct route to the internet, typically for internal-only resources.

Connectivity

  • Internet Gateway (IGW) – Enables internet access for resources in public subnets.
  • NAT Gateway – Allows outbound internet traffic from private subnets while blocking inbound connections.
  • Router – Handles routing between subnets and external networks.
  • Route Table – Contains routing rules defining how traffic is directed.

Security

  • Security Group (SG) – Stateful firewall at the instance level; remembers allowed connections and applies rules to both inbound and outbound traffic.
  • Network ACL (NACL) – Stateless firewall at the subnet level; requires explicit rules for both inbound and outbound traffic.

Compute

  • Public EC2 Instance – EC2 launched in a public subnet with internet access.
  • Private EC2 Instance – EC2 launched in a private subnet without direct internet access.

Monitoring & Logging

  • VPC Flow Logs – Capture IP traffic details for network interfaces, subnets, or the VPC.
  • CloudWatch – Monitors and visualizes metrics and logs.

Additional Services

  • S3 – Can be accessed via an Internet Gateway or through a VPC Endpoint (PrivateLink).
  • DynamoDB – Can be accessed via an Internet Gateway or through a VPC Endpoint.

Hybrid Connectivity

  • Customer Gateway (CGW) – Represents your on-premises network device or software for VPN/DX.
  • VPN Gateway (VGW) – AWS side of a VPN connection.
  • Site-to-Site VPN – Encrypted connection between on-premises and AWS VPC.
  • Direct Connect (DX) – Dedicated physical network connection from your premises to AWS.
  • DX Location – AWS facility where your Direct Connect connection terminates.

VPC Peering & Transit

  • VPC Peering – Direct networking link between two VPCs.
  • Transit Gateway (TGW) – Centralized hub for connecting multiple VPCs and on-premises networks.