Ensuring Cloud Security with Log360

Amazon VPC: Everything you need to know

With most organizations employing remote work, there has been a sharp increase in cloud adoption. According to a blog post from March, Jared Spataro, corporate vice president for Microsoft 365, said that the company saw a massive 775 percent increase in the use of its cloud services. That being said, the stigma around cloud security is still a matter of concern.

However, public cloud platforms such as Amazon Web Services (AWS) have already provided enterprises solid options to ensure cloud security. With solutions such as Amazon Virtual Private Cloud (Amazon VPC), AWS allows you to seamlessly launch your resources into a virtual cloud space that can be privately accessed, adding layers of security to your cloud resources to keep attackers at bay. (Read more about the Shared Responsibility Model of AWS security.)

This page is all about Amazon VPC. Read on to learn what Amazon VPC is and how to create virtual private clouds (VPCs) to secure your resources online.

What is Amazon VPC?

When a user launches an instance in a public cloud like AWS without any restrictions on traffic, that instance is said to be exposed to the internet. Direct access of a resource through the internet is always a security risk. Hackers can leverage this loophole to enter your network and gain control, and even possibly compromise it. You must secure instances from public access.

Amazon VPC facilitates exactly that by helping you create a virtual network in a secluded portion of the AWS cloud. It allows you to host instances within this network and define access parameters that ensure secured access. With Amazon VPC, you can create subnets, configure route tables, set up network gateways, and define security settings using security groups and network access controllers to provide access to only a specific IP address range.

To summarize, by using Amazon VPC, users can:

  • Launch instances with increased security due to the isolated environment.
  • Have more granular control over who accesses the resources in the cloud.
  • Define custom rules and policies for the virtual network, so that they can set security parameters according to their organization's requirements.
  • Provide an extra layer of security to workloads of data.

Each Amazon account created after 2013 comes with a default VPC that is preconfigured so users can launch instances straight away without having to configure anything. The default VPC is preconfigured with a size /16 IPv4 CIDR block that provides up to 65,536 IPv4 addresses, a size /20 subnet in each availability zone that offers 4,096 addresses per subnet, an internet gateway connected to the VPC, a default security group, and a default NACL.

While the default VPC is great for launching new instances, IAM policies do not apply to it. Creating a VPC allows users to define and customize their virtual network so it abides by the organization's IAM policies, thereby making it more secure and reliable. Now let's see how to create and customize Amazon VPC.

What are the key concepts of Amazon VPC?

Before going over the steps to access Amazon VPC, it's essential to understand the key concepts associated with the product.

VPC

A virtual network dedicated to each respective Amazon account.

Subnet

These are a range of IP addresses in the VPC. They can be either public or private. A private subnet does not have a route to the internet gateway. Currently, the maximum number of subnets allowed per VPC is 200.

Internet gateway

A gateway that allows communication between the VPC resources and the internet. It supports IPv4 and IPv6 ttraffic and reduces the bandwidth constraints on the network traffic.

Route table

Route tables are used to control and direct network traffic. Each subnet in the VPC must be associated with a route table for efficient routing of the subnet.

How do you access Amazon VPC?

Before going over the steps to access Amazon VPC, it’s essential to understand the key concepts associated with the product.

Step 1: Open the AWS Management Console and click VPC under the Networking section.
Step 2: Once the VPC dashboard loads, click on your VPC and choose Create VPC.
Step 3: After the Create VPC window opens up, enter the name of your VPC in the Name tag field and include a range of IPv4 addresses for the VPC (e.g., 10.0.0/16) under CIDR block.
Step 4: Set the Tenancy as either default or dedicated. If you choose Dedicated, the EC2 instances will reside on hardware that is dedicated to you. However, this significantly increases the cost.
Step 5: Once you have entered all of the above fields, click Yes, Create. Wait for a few seconds and you will be able to see the VPC created in your dashboard. After creating the VPC, you can add one or more subnets to an availability zone.

Alternatively, you can also use the VPC Wizard to create a VPC, but doing so will not enable you to define the parameters according to your requirements.

Security is the primary reason to use Amazon VPC. VPC is an isolated division of the AWS public cloud that allows you to deploy AWS resources in a secure manner. Similar to many provisions of AWS, Amazon VPC also helps you reduce the costs associated with a private cloud. VPC is one of the tools you should learn immediately if you want to start using AWS for your business.

Products mentioned on this page:

Recently added chapters

     
 

Get the latest content delivered
right to your inbox!

 

SIEM Basics

     
     

  Zoho Corporation Pvt. Ltd. All rights reserved.