Let's understand network security from AWS's perspective. In AWS, we define a network as a VPC, which stands for virtual private cloud. Before creating an EC2 instance, it's mandatory to define a VPC.
In a VPC, we define subnets, which are called network segments. Here, we break VPC and CIDR into multiple private and public subnets, as per the requirement. In AWS, we can have CIDR of maximum size /16.
In AWS, VPC is an isolated network that is separated from other networks and associated with an AWS account. VPC includes the following:
- Subnets
- Route table
- Internet gateway
- Security group and network ACL
Apart from these, VPC also enables you to have a private connection with an AWS network using the following things:
- VPN
- Private link using VPC endpoint network
- Direct Connect
AWS networking best practices are...
