Amazon Virtual Private Cloud Documentation
Overview
Amazon Virtual Private Cloud (VPC) gives you control over your virtual networking environment including resource placement, connectivity, and security. Amazon VPC lets you launch AWS resources in a logically isolated virtual network that you define. You have control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 for most resources in your VPC, helping you to secure your resources and applications.
Amazon VPC makes it easier for you to customize your VPC's network configuration. You can create a public-facing subnet for your web servers that have access to the internet. It also lets you place your backend systems, such as databases or application servers, in a private-facing subnet with no internet access. Amazon VPC lets you to use multiple layers of security, including security groups and network access control lists, to help you control access to Amazon Elastic Compute Cloud (Amazon EC2) instances in each subnet.
Features
Amazon VPC provides features that you can use to increase and monitor the security for your virtual private cloud:
Flow Logs
You can monitor your VPC flow logs delivered to Amazon S3 or Amazon CloudWatch to help you: a) gain operational visibility into your network dependencies and traffic patterns, b) detect anomalies and prevent data leakage, or c) troubleshoot network connectivity and configuration issues.
IP Address Manager (IPAM)
IPAM makes it easier for you to plan, track, and monitor IP addresses for your AWS workloads. IPAM can assist you in obtaining an operational view of your network by outlining your IP usage across multiple accounts and VPCs.
IP Addressing
You can use IP addresses to enable resources in your VPC to communicate with each other and with resources over the internet. Amazon VPC supports both the IPv4 and IPv6 addressing protocols. In a VPC, you can create IPv4-only, dual-stack, and IPv6-only subnets and launch Amazon EC2 instances in these subnets.
Ingress Routing
This enables you to route incoming and outgoing traffic flowing to/from an Internet Gateway (IGW) or Virtual Private Gateway (VGW) to a specific EC2 instance’s Elastic Network Interface.
Network Access Analyzer
Network Access Analyzer helps you verify that your network on AWS conforms to your network security and compliance requirements.
Network Access Control List
A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.
Network Manager
Network Manager provides you tools and features designed to help you manage and monitor your network on AWS associated with connectivity management, network monitoring and troubleshooting, IP management, and network security and governance.
Reachability Analyzer
Reachability Analyzer is a static configuration analysis tool that enables you to analyze and debug network reachability between two resources in your VPC.
Security Groups
Security groups act as a firewall for associated Amazon EC2 instances, helping to control both inbound and outbound traffic at the instance level. When you launch an instance, you can associate it with one or more security groups that you've created.
Traffic Mirroring
VPC traffic mirroring enables you to copy network traffic from an elastic network interface of Amazon EC2 instances and then send the traffic to out-of-band security and monitoring appliances for deep packet inspection.
Lattice
This service helps you connect, monitor, and secure communications between your applications. You can define policies for network traffic management, access, and monitoring to connect compute services in a simplified and consistent way across instances, containers, and serverless applications.
For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.