Gartner's Magic Quadrant for Cloud Infrastructure as a Service, Worldwide June 2017. |
- Up to four Availability Zones for high availability and disaster recovery. Availability Zones are geographically distributed within a region and spaced for best insulation and stability in the event of a natural disaster. AWS recommends maximizing your use of Availability Zones to isolate a data center outage.
- Separate subnets for unique routing requirements. AWS recommends using public subnets for external-facing resources and private subnets for internal resources. For each Availability Zone, this Quick Start provisions one public subnet and one private subnet by default.
- Additional layer of security. AWS recommends using network access control lists (ACLs) as firewalls to control inbound and outbound traffic at the subnet level. This Quick Start provides an option to create a network ACL protected subnet in each Availability Zone. These network ACLs provide individual controls that you can customize as a second layer of defense.
- Independent routing tables configured for every private subnet to control the flow of traffic within and outside the Amazon VPC. The public subnets share a single routing table, because they all use the same Internet gateway as the sole route to communicate with the Internet.
- Highly available NAT gateways, where supported, instead of NAT instances. NAT gateways offer major advantages in terms of deployment, availability, and maintenance.
- Spare capacity for additional subnets, to support your environment as it grows or changes over time.
Internet Gateway --- Router --- Route Table --- Network ACL --- Subnet --- Security Group --- Instance
VPC with Public & Private Subnet(s) |
AWS Console |
AWS Services |
EC2 Console |
VPC Console |
VPC Wizard 1 |
VPC Wizard 2 |
VPC Wizard 3 |
AWS IAM Console |
IAM Set Permissions |
Add Group with two Permissions - EC2 Full and read only |
AWS IAM User Create review |
Deny access for S3 |
Scenario | Usage |
---|---|
Use the VPC wizard to create a VPC for running a single-tier, public-facing web application such as a blog or simple web site.
|
|
Use the VPC wizard to create a VPC for running a public-facing web application, while still maintaining non-publicly accessible back-end servers in a second subnet.
|
|
Use the VPC wizard to create a VPC for extending your data center into the cloud, and also directly access the Internet from your VPC.
|
|
Use the VPC wizard to create a VPC for extending your data center into the cloud, and leverage Amazon's infrastructure without exposing your network to the Internet.
|
|
Use the AWS CLI to create a VPC and and a public and private subnet.
|
|
Use the AWS CLI to create a VPC with an associated IPv6 CIDR block, and a public and private subnet each with an associated IPv6 CIDR block.
|