AWS VPC For Beginner

Recently my wife was working on a project where she was trying to use AWS platform for her workloads.She was trying to create a website using AWS. Since it was her first exposure to cloud she was lost when she started encountering terms like-VPC,subnets,security groups etc.She asked me to help her in understanding the concepts in the easiest possible way.I tried to help her by applying all of my working knowledge of AWS. But,I failed couple of times to help her visualize these concepts and relate them to real world objects.Then I devised a strategy which was an instant hit.

I started comparing India with AWS. I told her to think about India as the entire AWS cloud space.India consists of several regions-East,West,South,North,North-East,South-West etc.Similarly AWS is also divided in to several physical regions across the world.I told her to compare each region of the country to a AWS Region.

To stay in the country people need to get citizenship of the country.By now she started getting the bits and parts.She could relate the process of getting Citizenship as the process of creating an Account in AWS. A person who is citizen of the country can choose to settle down and build his house in any of the region.Like wise,having an account in AWS enables a person to build his resources(read VM,servers) in a region of his choice.

Before building a house a person first needs to own a plot of land i.e. his private property.He buys a plot of land in a specific part of the region and gets the land registered with an address.We can relate the private property to AWS VPC and the allocated address as block of IP addresses.Technically,AWS VPC stands for Virtual private cloud.It is allocated an IP CIDR range when created.A VPC can be created in one region only.Inside the VPC resources like VMs,Servers can be created in most secured way.

Once the person owns a private piece of land,he starts building rooms of his choice.He builds rooms where guests are allowed.He also builds rooms where only family members are allowed.We can compare the rooms as subnets. Rooms where guests are allowed are comparable to public subnets while other rooms are same as private subnets. In AWS public subnets are the ones with internet connectivity.Any resources created in a public subnet can be reached from internet.While private subnets are the ones with most secured and valuable resources.Resources like public application servers are created in public subnets while resources like database are created within private subnets.

Once the house is built,the person is now worry about any intruders into his campus.He starts devising his security road map.He put a security guard at the entrance.He gave him a list of people who are only allowed inside the campus.Also,he gave a list in which he specified list of people who can leave the campus to the owner approved destination.For example,only people belonging to a specific part of the region can visit the campus. Similarly,only the person who wants to visit the grocery shop can leave the campus. This can be related to creating route tables in AWS VPC.Route tables contains the IP address for destination and also contains information about the targets.For example,if some one wants to leave for market,i.e. destination,he must leave via a specific gate i.e. target.The route table contains the address of the destination(IP range) and logical name of the target(e.g. Internet gateway).

He further wants to strengthen his security.After a outsider gets entry into the campus,he might visit any of the rooms.But the owner wants to decide who can enter which room.He created access list for each room based on the source from where the visitors have come.For example,person who comes for repairing the gas leakage in the kitchen should only be allowed inside the kitchen nowhere else.This can be compared with NACLs or Network access control list in AWS. We can create access control list and mention specific source address to allow or deny access to a subnet.

He is still not satisfied with his current security posture.He doesn't want any one entering into his kitchen to open the refrigerator and eat his cookies.He creates some rules such that person coming from a particular source or room can only open the refrigerator.In other sense he creates some security groups with specific rules.He attaches them to his resources like refrigerator, gas stove and all. Similarly,secuirty groups can be created in AWS to control who can access which resources at much granular level.Security groups allow to create rules by providing protocols like SSH,RDP,port numbers like 22,3306 etc.Also it helps in specifying IP addresses or other security groups for white listing the source of the traffics.

After this much explanation,my wife went back to her desk and started building her own VPC. She came back half and hour later,she had created an EC2(will cover this in next blog) machine.She had created a security group by allowing SSH connection from her IP.Demonstrated it to me after logging into it.

I felt good that my mission was accomplished.At the same time,for my own surprises I was able simplify the concepts I used to struggle with as beginner.This article might not be that useful for people with good AWS knowledge.But it might help some one like my wife who is an absolute beginner.