Amazon_VPC_Notes
Amazon_VPC_Notes
Contents
What are the components of Amazon VPC? ...............................................................................3
What IP address ranges are assigned to a default Amazon VPC? .................................................3
Can I delete a default VPC? .......................................................................................................3
How many default subnets are in a default VPC? .......................................................................3
How many VPCs, subnets, Elastic IP addresses, and internet gateways can I create? ..................4
Subnet sizing ............................................................................................................................4
Amazon VPC quotas: ................................................................................................................5
DHCP option set.......................................................................................................................6
What are the components of Amazon VPC?
Amazon VPC comprises a variety of objects that will be familiar to customers with existing
networks:
• A Virtual Private Cloud: A logically isolated virtual network in the AWS cloud. You define a
VPC’s IP address space from the ranges you select.
• Subnet: A segment of a VPC’s IP address range where you can place groups of isolated
resources.
• Internet Gateway: The Amazon VPC side of a connection to the public Internet.
• NAT Gateway: A highly available, managed Network Address Translation (NAT) service for
your resources in a private subnet to access the Internet.
• Virtual private gateway: The Amazon VPC side of a VPN connection.
• Peering Connection: A peering connection enables you to route traffic via private IP
addresses between two peered VPCs.
• VPC Endpoints: Enables private connectivity to services hosted in AWS, from within your
VPC without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or
firewall proxies.
• Egress-only Internet Gateway: A stateful gateway that provides egress-only access for IPv6
traffic from the VPC to the Internet.
References:
[1] https://aws.amazon.com/vpc/faqs/#:~:text=to%20your%20VPC.,Q.,0.0%2F16.
[2] https://docs.aws.amazon.com/vpc/latest/userguide/configuresubnets.html
Subnet sizing
The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in
the VPC) or a subset of the CIDR block for the VPC (to create multiple subnets in the VPC). The
allowed block size is between a /28 netmask and /16 netmask. If you make more than one subnet in
a VPC, the CIDR blocks of the subnets cannot overlap.
For example, creating a VPC with CIDR block 10.0.0.0/24 supports 256 IP addresses. You can break
this CIDR block into two subnets, each supporting 128 IP addresses. One subnet uses CIDR block
10.0.0.0/25 (for addresses 10.0.0.0 10.0.0.127), and the other uses CIDR block 10.0.0.128/25 (for
addresses 10.0.0.128 10.0.0.255).
AWS recommends that you specify a CIDR block (of /16 or smaller) from the private IPv4 address
ranges as specified in RFC 1918. Here are the address blocks you can get started with:
Note: The allowed block size is between a /28 netmask and /16 netmask.
The first four IP addresses and the last IP address in each subnet CIDR block are not available for
your use, and they cannot be assigned to a resource, such as an EC2 instance. For example, in a
subnet with CIDR block 10.0.0.0/24, the following five IP addresses are reserved:
References:
[1] https://docs.aws.amazon.com/vpc/latest/userguide/howitworks.html#vpcprivateipv4addresses
[2] https://www.linkedin.com/pulse/awsiprangesyouramazonvpcnealdavis/
[3] https://docs.aws.amazon.com/vpc/latest/userguide/configuresubnets.html
[1] https://docs.aws.amazon.com/vpc/latest/userguide/amazonvpclimits.html
DHCP option set
A DHCP option set is a group of network configurations used by EC2 instances in your VPC to
communicate over your virtual network.
Each VPC in a Region uses the same default DHCP option set unless you choose to create a
custom DHCP option set, or if you disassociate all option sets from your VPC.
o Each VPC in a Region uses the same default DHCP option set, which contains the
following network configurations:
o Domain name: The domain name that a client should use when resolving
hostnames via the Domain Name System.
o Domain name servers: The DNS servers that your network interfaces will use for
domain name resolution.
o If you use the default option set, the Amazon DHCP server uses the network
configurations stored in the default option set. When you launch an instance into
your VPC, the instance interacts with the DHCP server(1), interact with the Amazon
DNS server (2), and connect to other devices in the network through your VPC's
router (3). The instances can interact with the Amazon DHCP server at any time to
get their IP address lease and additional network configurations.
• Custom DHCP option set
o You can create your own DHCP option set in Amazon VPC. This enables you to
configure the following network configurations:
o Domain name: The domain name that a client should use when resolving
hostnames via the Domain Name System.
o Domain name servers: The DNS servers that your network interfaces will use for
domain name resolution.
o NTP servers: The NTP servers that will provide the time to the instances in your
network.
o NetBIOS name servers: For EC2 instances running a Windows OS, the NetBIOS
computer name is a friendly name assigned to the instance to identify it on the
network. A NetBIOS name server maintains a list of mappings between NetBIOS
computer names and network addresses for networks that use NetBIOS as their
naming service.
o NetBIOS node type: For EC2 instances running a Windows OS, the method that the
instances use to resolve NetBIOS names to IP addresses.
o If you use a custom option set, instances launched into your VPC use the network
configurations in the custom DHCP option set (1), interact with nonAmazon DNS,
NTP, and NetBIOS servers (2), and then connect to other devices in the network
through your VPC's router (3).
References:
[1] https://docs.aws.amazon.com/vpc/latest/userguide/DHCPOptionSetConcepts.html