Amazon VPC のアイコン

Amazon VPC Essential2009年〜

Build a logically isolated virtual network on AWS

About 2 min read

What It Does

Amazon VPC (Virtual Private Cloud) lets you build a logically isolated virtual network within the AWS cloud. You can freely configure IP address ranges, subnets, route tables, and network gateways, with the same level of control as an on-premises network. Many AWS services including EC2, RDS, and Lambda run inside a VPC.

Use Cases

Web application network architecture (web servers in public subnets, databases in private subnets), VPN connections to on-premises, network isolation between microservices, and network controls for compliance requirements.

Everyday Analogy

Think of designing floors in an office building. Within the building (VPC), you partition floors (subnets), set up a reception desk (internet gateway), and control access to each floor with security gates (security groups).

What Is VPC?

Amazon VPC lets you build your own dedicated virtual network on AWS. When you create an AWS account, a default VPC is automatically created in each region, but for production environments, designing a custom VPC tailored to your requirements is standard practice. Your VPC is completely isolated from other accounts' VPCs.

Subnets and Routing

Within a VPC, you create public and private subnets. Public subnets have a route to the internet gateway and are accessible from the outside. Private subnets have no direct internet access and are where you place databases and internal services. To access the internet from private subnets, use a NAT Gateway.

Security

VPC security is controlled in two layers: security groups and network ACLs. Security groups are instance-level stateful firewalls that define allow rules only. Network ACLs are subnet-level stateless firewalls that can define both allow and deny rules. VPC Flow Logs record network traffic for auditing and troubleshooting. For practical security knowledge, technical books on Amazon are helpful.

Getting Started

In the VPC console, select "Create VPC" and specify a CIDR block (e.g., 10.0.0.0/16). Choosing "VPC and more" creates subnets, route tables, internet gateway, and NAT Gateway all at once. Best practice is to place subnets in 2+ Availability Zones for a Multi-AZ configuration.

Things to Watch Out For

  • VPC CIDR blocks can be expanded after creation but not shrunk. Allocate a generous range with future growth in mind
  • NAT Gateway incurs hourly and data processing charges. Consider NAT instances or VPC endpoints to reduce costs
  • Default VPCs are convenient but use custom VPCs for production environments for better security and network design
共有するXB!

Related Services

Amazon EC2 iconAmazon EC2A compute service that provides virtual servers in the cloudElastic Load Balancing iconElastic Load BalancingA service that automatically distributes traffic across multiple servers for high availability and fault toleranceAWS Transit Gateway iconAWS Transit GatewayA network hub that connects multiple VPCs and on-premises networks in a hub-and-spoke topologyAWS PrivateLink iconAWS PrivateLinkConnect privately from your VPC to AWS services and third-party services without traversing the internet

Related Articles

The Fastest Container Deployment with AWS App Runner - From Source Code to Production in MinutesJust specify source code or a container image to get an HTTPS endpoint up and running. Learn the differences from ECS/Fargate and how to connect to private resources using VPC connectors.AWS Availability Zone Design - How Physical Separation and Fault Isolation Create a Reliability AdvantageExamine the design philosophy behind AWS AZs as physically independent data center clusters, compare them with Azure and GCP availability zones, and analyze the differences in fault isolation maturity through real-world incident examples.AWS First-Mover Advantage and Economies of Scale - What 18 Years of Accumulation Since 2006 Really MeansExamine the first-mover advantage AWS has built since creating the public cloud market in 2006, comparing service breadth, API stability, and ecosystem depth against Azure and GCP.AWS Global Network Backbone - How Private Submarine Cables and 600+ PoPs Deliver Superior ConnectivityExplore the advantages of AWS's global network built on private submarine cables, dedicated fiber, and 600+ edge locations, compared with GCP's Premium Tier and Azure's network design.The Depth of AWS Networking Services - Enterprise Network Design with VPC, Transit Gateway, and PrivateLinkThis article examines AWS networking services centered on VPC, Transit Gateway, PrivateLink, Direct Connect, and Network Firewall, comparing them with Azure VNet/ExpressRoute and GCP VPC/Cloud Interconnect to explain the flexibility advantages in enterprise network design.

More in This Category

Amazon API Gateway iconAmazon API Gateway PopularA fully managed service for creating, publishing, managing, and monitoring APIsAWS App Mesh iconAWS App Mesh SpecializedA service mesh that controls and monitors communication between microservicesAWS Cloud Map iconAWS Cloud Map SpecializedA service discovery service for application resourcesAmazon CloudFront iconAmazon CloudFront EssentialA CDN service that delivers content at high speed from edge locations around the worldAWS Direct Connect iconAWS Direct Connect PopularA service that provides a dedicated network connection between on-premises and AWS for stable, low-latency connectivityElastic IP Address iconElastic IP Address SpecializedA static public IPv4 address that you associate with EC2 instancesElastic Load Balancing iconElastic Load Balancing EssentialA service that automatically distributes traffic across multiple servers for high availability and fault toleranceAWS Global Accelerator iconAWS Global Accelerator SpecializedA service that improves application availability and performance using the AWS global network

Similar Articles and Services

Amazon VPCA service for building a logically isolated virtual network within the AWS cloud, giving you full control over IP address ranges, routing, and securityAmazon VPC Network Design - Subnet Architecture and NAT Gateway OptimizationLearn how to design public/private subnet separation, layered security group management, and reduce NAT Gateway costs with Gateway VPC Endpoints.The Depth of AWS Networking Services - Enterprise Network Design with VPC, Transit Gateway, and PrivateLinkThis article examines AWS networking services centered on VPC, Transit Gateway, PrivateLink, Direct Connect, and Network Firewall, comparing them with Azure VNet/ExpressRoute and GCP VPC/Cloud Interconnect to explain the flexibility advantages in enterprise network design.Cross-Account Resource Sharing with AWS RAM - Sharing VPC Subnets and Transit GatewaysLearn how to share VPC subnets and Transit Gateways across accounts to centralize IP address space management and reduce VPC peering connections.AWS PrivateLinkA networking feature that enables private connectivity from within a VPC to AWS services and third-party services without traversing the internet