AWS for Cloud Computing

Module 2: AWS Core Services

• Amazon EC2 (Elastic Compute Cloud)

• Amazon S3 (Simple Storage Service)
• Amazon RDS (Relational Database Service)
• Amazon VPC (Virtual Private Cloud)
• Amazon SQS (Simple Queue Service)
• Amazon SNS (Simple Notification Service).
 Amazon VPC (Virtual Private Cloud)
• Amazon VPC or Amazon Virtual Private
Cloud is a service that allows its users to
launch their virtual machines (EC2) in a
protected as well as isolated virtual
environment defined by them.
• In VPC, you have complete control over
your virtual networking environment,
including a selection of your IP address
range, the creation of subnets, and the
configuration of route tables and network
gateways.
• provide multiple layers of security,
including security groups and network
access control lists, to help control access
to Amazon EC2 instances in each subnet.
VPC vs Private Cloud
Types of AWS VPCs in AWS Cloud
1. Default VPC
2. Non-default VPC
• The default VPC is a virtual network that is automatically
created for the customer’s AWS account when EC2 resources are
provisioned for the first time. A non-default (also known as
Customer VPC) is not created automatically when EC2 resources
are provisioned, and the customer must create their own VPC.
• Another significant advantage of Default VPC is that it includes
Internet access by default, as well as an internet gateway and
public subnets with corresponding route tables. This feature is
not enabled by in non-default VPC. In fact, in non-default VPCs,
public IPv4 addresses are not assigned.
 VPC
You can launch AWS resources into a defined virtual

Architecture- VPC network using Amazon Virtual Private Cloud (Amazon

VPC). With user-defined address.
Subnets
To reduce traffic, the subnet will divide the big network into
smaller, connected networks. If the subnet has internet
access then it is called PublicSubnet.
If the subnet doesn’t have internet access then it is called
PrivateSubnet.
A subnet must reside entirely within one Availability Zone.
Route Tables
Route Tables are mainly used to Define the protocol for
traffic routing between the subnets.
Network Access Control Lists
Network Access Control Lists (NACL) for VPC serve as a
firewall by managing both inbound and outbound rules.
There will be a default NACL for each VPC that cannot be
deleted.
Internet Gateway(IGW)
The Internet Gateway (IGW) will make it possible to link
the resources in the VPC to the Internet.
Network Address Translation (NAT)-will enable the
connection between the private subnet and the internet.
Subnet -Private address
• When you create a VPC, you specify a
range of IPv4 addresses in the form of a
Classless Inter-Domain Routing (CIDR)
block (e.g., [Link]/16). This determines
the size of the VPC's private IP address
range.
• Classless Inter-Domain Routing (CIDR)
is a collection of IP standards designed to
optimize the process of allocating IP
addresses by forming unique identifiers.
Some ranges are reserved for private subnet:

•[Link] - [Link] (10/8 prefix)

•[Link] - [Link] (172.16/12 prefix)
•[Link] - [Link] (192.108/16 prefix)
Amazon VPC (Virtual Private Cloud)-Benefits of Amazon VPC
• Isolation: VPC provides logical isolation of your AWS resources, allowing you to create distinct
networks with specific IP address ranges and subnets.
• EC2 Instance security group membership can be changed while it is running.
• Static IPv4 is assigned to Instances that persist across the start and stop.
• Create a layered network of resources.
• A single-tenant hardware option is available to run EC2 Instances.
• Multiple network interfaces can be attached to EC2 Instances.
• Control: You have full control over your VPC, including selection of IP address range, creation of
subnets, configuration of route tables, and network gateways.
• Access Control List (ACL) is an additional security layer to protect Instances.
• Multiple IPv4 can be assigned to your Instances.
• Control both inbound and outbound traffic of Instances.
• Security: VPC allows you to define security groups and network ACLs to control inbound and
outbound traffic to and from your instances.
• Scalability: VPC scales horizontally to accommodate your growing infrastructure needs, with support
for large-scale deployments across multiple Availability Zones.
• Integration: VPC integrates with other AWS services like Amazon EC2, RDS, Lambda, and more,
enabling seamless deployment and management of your cloud resources.
AWS VPC Pricing
• Amazon VPC Traffic Mirroring Pricing
• If you choose to enable traffic mirroring on the Elastic Network Interface (ENI) of Amazon EC2 instances,
you will be charged hourly for each ENI that is enabled with traffic mirroring. If you no longer wish to be
charged for traffic mirroring, simply disable traffic mirroring on EC2 instance ENIs using the AWS
Management Console, command-line interface, or API. The hourly price per ENI is: $0.015
• NAT Gateway Pricing
• NAT Gateway Hourly Charge: NAT Gateway is charged on an hourly basis. For this region, the rate is
$0.045 per hour.
• NAT Gateway Data Processing Charge: 1 GB of data went through the NAT gateway. The NAT Gateway
Data Processing charge is applied and will result in a charge of $0.045.
• Data Transfer Charge: This is the standard EC2 Data Transfer charge. 1 GB of data was transferred from
the EC2 instance to S3 via the NAT gateway. There was no charge for the data transfer from the EC2
instance to S3 as it is Data Transfer Out to Amazon EC2 to S3 in the same region.
• AWS VPN pricing
• If you create an AWS Site-to-Site VPN connection to your Amazon VPC, you are charged for each VPN
connection hour i.e. $0.05 per Site-to-Site VPN connection per hour.