Skip to main content
HashnodeSohag's Notes

Command Palette

Search for a command to run...

Decoding AWS Network Lingo: A Beginner's Guide to VPCs, Subnets, and Gateways

Updated
6 min read
Decoding AWS Network Lingo: A Beginner's Guide to VPCs, Subnets, and Gateways
S
Sohag Hasan

WhoAmI => notes.sohag.pro/author

Part of seriesDevOps

What are these VPCs, Subnets, and Gateways?

Have you ever felt overwhelmed by the alphabet soup of AWS networking terms? You're not alone! As a cloud newcomer, understanding terms like VPC, CIDR, and NAT Gateway can feel like learning a foreign language. In this beginner-friendly guide, I'll break down these intimidating acronyms into simple concepts you can relate to in everyday life.

VPC (Virtual Private Cloud)

What it is: A VPC is your own private section of the AWS cloud where you can place your resources (like servers and databases).

Real-life analogy: Think of a VPC as your own private property or gated community. Just like you'd build different structures on your property (house, garage, garden shed), you can place different AWS resources in your VPC. And just as you decide who can enter your property, you control who can access your VPC.

Why it matters: VPCs isolate your resources from other AWS customers, providing security and organization. You get to define your own network rules, just like you would set house rules for your home.

CIDR (Classless Inter-Domain Routing)

What it is: CIDR is a method for allocating IP addresses and routing network traffic.

Real-life analogy: Imagine a postal system where CIDR is like zip codes. Just as zip codes help organize mail delivery to specific areas, CIDR blocks help organize network traffic to specific parts of your cloud infrastructure.

Example: A CIDR notation like 10.0.0.0/16 means you have addresses ranging from 10.0.0.0 to 10.0.255.255 – that's 65,536 IP addresses! A smaller block like 10.0.1.0/24 gives you 256 addresses.

Why it matters: CIDR helps you organize your network logically and ensures you have enough IP addresses for your needs without wasting them.

AZ (Availability Zone)

What it is: An isolated location within an AWS Region that contains data centers.

Real-life analogy: Think of AZs as separate power grids in a city. If one power grid fails due to a storm, the others can continue operating independently. Similarly, if one AZ has issues, your applications in other AZs can continue running.

Why it matters: Using multiple AZs protects your applications from outages in a single location – it's like not putting all your eggs in one basket.

Subnet

What it is: A subnet is a segment of a VPC's IP address range where you can place groups of resources.

Real-life analogy: If your VPC is a large office building, subnets are like different departments or floors. You might have the HR department on one floor, engineering on another, and marketing on a third.

Example: In our VPC with CIDR 10.0.0.0/16, we might create subnets like:

  • Marketing department: 10.0.1.0/24 (256 addresses)

  • Engineering department: 10.0.2.0/24 (256 addresses)

Why it matters: Subnets help organize your resources and apply different security rules to different groups of resources.

Public vs. Private Subnets

What they are: Public subnets can send and receive traffic directly from the internet, while private subnets cannot.

Real-life analogy: Public subnets are like the reception area of a building – accessible to visitors from outside. Private subnets are like secure back offices that only employees can access.

Why they matter: This separation helps maintain security. You keep customer-facing applications in public subnets while keeping sensitive data and backend systems in private subnets.

IGW (Internet Gateway)

What it is: An IGW allows resources in your VPC to connect to the internet.

Real-life analogy: An IGW is like the main entrance and exit of your building. It's the doorway through which people (or data) can come in from the public street (internet) or go out to it.

Why it matters: Without an IGW, resources in your VPC would be isolated from the internet – like a building with no doors to the outside world.

NAT (Network Address Translation) Gateway

What it is: A NAT Gateway allows resources in private subnets to access the internet while preventing the internet from initiating connections to those resources.

Real-life analogy: A NAT Gateway is like a security guard at a service entrance. Employees can go out to run errands (access the internet), but random people can't enter through this door (the internet can't initiate connections).

Example: Your database server in a private subnet needs to download updates. The NAT Gateway allows it to access the download server on the internet, but doesn't allow external users to connect directly to your database.

Why it matters: NAT Gateways provide a secure way for private resources to access the internet without exposing them to potential attacks.

Route Table

What it is: A route table contains a set of rules (routes) that determine where network traffic is directed.

Real-life analogy: Think of a route table as a GPS navigation system that tells data packets which way to go to reach their destination.

Example: Your route table might say "to reach the internet, go through the IGW" or "to reach this private subnet, go this way."

Why it matters: Route tables ensure your network traffic flows the right way, just like road signs ensure drivers take the correct routes.

Elastic IP

What it is: A static, public IPv4 address that you can allocate to your AWS account and associate with resources.

Real-life analogy: An Elastic IP is like a permanent phone number that stays the same even if you change phones. Even if your underlying AWS resources change, the Elastic IP remains constant.

Why it matters: When you need a fixed address for your resources (like a website domain pointing to your server), an Elastic IP ensures it doesn't change.

Putting It All Together

Imagine you're building a simple e-commerce website:

  1. You create a VPC (your digital property) with a CIDR block of 10.0.0.0/16.

  2. You create subnets in multiple AZs for redundancy:

    • Public subnets for your web servers

    • Private subnets for your database and application servers

  3. You attach an IGW to your VPC so your web servers can serve content to your customers.

  4. You set up a NAT Gateway so your private resources can download updates.

  5. You configure route tables to direct traffic appropriately:

    • Public subnets route internet traffic through the IGW

    • Private subnets route internet traffic through the NAT Gateway

This setup ensures your website is both accessible to customers and secure from attacks.

Conclusion

Understanding AWS networking terms doesn't have to be complicated. By relating these concepts to everyday objects and situations, you can build a mental model that makes cloud networking more approachable. As you continue your AWS journey, you'll become more comfortable with these terms and how they work together to create secure, reliable network architectures.

Remember, even AWS experts started as beginners. Take it one acronym at a time, and soon you'll be speaking AWS networking fluently!

#aws#networking#architecture
90 views

Comments

Join the discussion

No comments yet. Be the first to comment.

DevOps

Part 3 of 30
Up next

Laravel Meets AWS ECS: Automate Deployments Like a CI/CD Ninja!

Setting Up a CI/CD Pipeline for Laravel Applications with AWS ECS In today's fast-paced development environment, implementing a robust Continuous Integration and Continuous Deployment (CI/CD) pipeline is essential for delivering high-quality applicat...

More from this blog

Sohag's Notes

79 posts

Tech Lead at MobyPay | Certified Laravel Developer | PHP JS GO | DevOps Enthusiast | Open to projects