In the previous post, we setup an EC2 instance. I wanted to play around with the configurations available here.
This is the host we created in the last post.
The instance type and AMI is as selected during creation. The ec2 instance has what is called an elastic network interface (eth0) - it represents a virtual network card associated with the ec2 instance.
We can modify subnet settings to ensure that instances launched in a subnet do not include a public IPv4 address.
There are additional details about VPC, subnet and so on. Let's dive into what they mean.
The EC2 instance is created in the default VPC. All EC2 instances are created by default in the default VPC.
This AWS resource is referred to as a network interface in the AWS Management Console and the Amazon EC2 API. Every instance in a VPC has a default network interface, called the primary network interface. You cannot detach a primary network interface from an instance. You can create and attach additional network interfaces. The maximum number of network interfaces that you can use varies by instance type. A Network Interface can include A primary private IPv4 address from the IPv4 address range of your VPC One or more secondary private IPv4 addresses from the IPv4 address range of your VPC One Elastic IP address (IPv4) per private IPv4 address One public IPv4 address One or more IPv6 addresses One or more security groups A MAC address A source/destination check flag A description
The public IPv4 address is assigned from Amazon's pool of public IPv4 addresses.
When you launch an instance, the IP address is assigned to the primary network
interface that's created.
When you create a network interface, it inherits the public IPv4 addressing
attribute from the subnet. If you later modify the public IPv4 addressing attribute
of the subnet, the network interface keeps the setting that was in effect when
it was created.
The EC2 instance is created in the default VPC. All EC2 instances are created by default in the default VPC.
AWS provides a default VPC for each region. The host was created in 1e availability zone.
The subnet is created under the default VPC. Each subnet is associated with an AZ. This once is for instance associated with us-east-1e.
A subnet or subnetwork is a sub-section of a network. In most cases, the subnet includes all the computers setup in a specific location. In case of AWS, all the EC2 instances setup in the same Availability zone under the VPC would associate with one subnet.
The default subnets are all public subnets - A public subnet is a sub-network that has access to the internet.
What we see here is the Route table. Every Subnet has a route table. The route table defines the routes to determine where the traffic is to be routed. We can think of it as something similar to the router we have at home. The Internet Gateway on the other hand knows how to communicate with the internet. We can think of it as something similar to the modem we use to connect to the internet.
We could setup a private subnet. That would be a subnet without internet access. This subnet would be one without an Internet Gateway mapping in its route table. Such a subnet would allow the instances within it to communicate with other hosts in the VPC. But it wouldn't be able to connect to anything outside the VPC.
The setup could be explained with this diagram:
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources
into a virtual network that you've defined. This virtual network closely
resembles a traditional network that you'd operate in your own data center
VPC is a virtual network dedicated to your AWS account. It is logically isolated
from other virtual networks in the AWS Cloud. You can launch your AWS resources,
such as Amazon EC2 instances, into your VPC
The subnets are all default subnets (associated with default vpc)
We could setup a private subnet. That would be a subnet without internet access. This subnet would be one without an Internet Gateway mapping in its route table. Such a subnet would allow the instances within it to communicate with other hosts in the VPC. But it wouldn't be able to connect to anything outside the VPC.
The setup could be explained with this diagram:
- AWS allows the creation of VPC similar to what you would get in a datacenter (or similar to the private network you have at your home)
- Every AWS Account comes with a default VPS setup for each region. This default VPC spans across all the Availability Zones for that region. So if you create an application and deploy it across multiple AZs, the EC2 instances would have no problem communicating with each other.
- The networking setup that spans across an AZ in a VPC is called a subnet or a sub network. Each subnet consists of a Route Table. The route table tells how to route messages to any destination.
- So Instance 2 in above diagram is capable of communicating with Instance 1 (same subnet) and Instance 3 (different subnet within same VPC). The route table includes this information
- Instance 1 and Instance 2 can also communicate across the internet. This is possible because the hosts are in a Subnet that is connected to an Internet Gateway. (This information is also present in the Route table).
- Instance 3 cannot communicate with internet. This is because Subnet 2 is a private subnet. It is not connected to an Internet Gateway.
Thank you for sharing this. who want to learn online courses. visit:IT Certification Online
ReplyDelete