Schedule a Call
a
M
Get In Touch
Virtual Private Cloud

AWS Virtual Private Cloud

If whatever is being launched on AWS needs to be private, the Virtual Private Cloud (VPC) provides enough functionality for such a task. It grants full control over the virtual network environment from resource allocation to security and is simple to start up. There are options for choosing the IP range, creating subnets, and configuring route tables. The only connections to this network are completely user-defined.

What is the Virtual Private Cloud and What’s its Purpose?

The AWS VPC lets users provision isolated segments of the cloud to form a private network.  As stated, there is a range of controls and variables to adjust with this network including the IP address ranges, subnets, route tables, and network gateways.  There is also the option for a hardware VPN (virtual private network) to further incorporate a physical datacenter into the system.  While everything on a subnet can be made publicly accessible, back-end systems such as servers and databases can be made completely private with external access tightly controlled.

What is the Virtual Private Cloud and What’s its Purpose?

The AWS VPC lets users provision isolated segments of the cloud to form a private network.  As stated, there is a range of controls and variables to adjust with this network including the IP address ranges, subnets, route tables, and network gateways.  There is also the option for a hardware VPN (virtual private network) to further incorporate a physical datacenter into the system.  While everything on a subnet can be made publicly accessible, back-end systems such as servers and databases can be made completely private with external access tightly controlled.

Main Features

Flow Logs

Every action to any connected S3 (Simple Storage Service) or CloudWatch instances, provides a distinct view of traffic patterns, anomalies, dependencies, and data leaks, making troubleshooting network connection and configuration easier.  Metadata retains who accessed the TCP connections, including the source of access and the intended destination.  The flow logs are also a necessary component for meeting certain compliance requirements.

 

IP Address Manager

This is the dedicated service for accessing, monitoring, and adjusting all IP addresses associated with the AWS workloads.  IP address assignments tied to the VPC are automated, removing the need for spreadsheet planning applications.  The monitoring side of the address manager provides users with an unimpeded view of the network with metrics for IP usage.

 

IP Addressing

Resources on the VPC need to communicate internally more efficiently and be able to move resources over the internet.  The VPC can support both IPv4 and IPv6 addressing protocols to bridge the gap.  In a VPC, there are options for generating IPv4-only, IPv6-only, and cross-protocol subnets for EC2 instances to launch with.  There are further options for the modification of Amazon’s provided IP addresses or for users to utilize their own IP addresses to be assigned to the network. 

 

Ingress Routing

The VPC also provides inbound and outbound traffic controls from either a public or private gateway to an EC2 instance’s elastic network interface on its way to actually reaching the intended workloads.

 

Network Access Analysis

Along with the monitoring tools mentioned above, there are analysis tools for inspecting access points as required by network security and compliance regulations.  Along with adjusting requirements for the network, this helps to identify access points that don’t meet specified requirements.  It lays out how the network taps into user resources and identifies weak points in the network security that need improvements.

 

Network Access Control List

In conjunction with the Network Access Analysis, this optional whitelist is effectively an additional firewall for controlling inward and outward flow.  It does come with rules that can be modified for what to catch or ignore.

 

Traffic Mirroring

Issues like security anomalies, operational insight, compliance, understanding security controls, and troubleshooting become a lot easier if a snapshot of traffic can be extracted for closer analysis.  VPC does provide the option to look at traffic to EC2 instances and copy them for export to analyze further.  Mirroring provides direct access to network packets flowing through the VPC.

Main Features

Flow Logs

Every action to any connected S3 (Simple Storage Service) or CloudWatch instances, provides a distinct view of traffic patterns, anomalies, dependencies, and data leaks, making troubleshooting network connection and configuration easier.  Metadata retains who accessed the TCP connections, including the source of access and the intended destination.  The flow logs are also a necessary component for meeting certain compliance requirements.

 

IP Address Manager

This is the dedicated service for accessing, monitoring, and adjusting all IP addresses associated with the AWS workloads.  IP address assignments tied to the VPC are automated, removing the need for spreadsheet planning applications.  The monitoring side of the address manager provides users with an unimpeded view of the network with metrics for IP usage.

 

IP Addressing

Resources on the VPC need to communicate internally more efficiently and be able to move resources over the internet.  The VPC can support both IPv4 and IPv6 addressing protocols to bridge the gap.  In a VPC, there are options for generating IPv4-only, IPv6-only, and cross-protocol subnets for EC2 instances to launch with.  There are further options for the modification of Amazon’s provided IP addresses or for users to utilize their own IP addresses to be assigned to the network. 

 

Ingress Routing

The VPC also provides inbound and outbound traffic controls from either a public or private gateway to an EC2 instance’s elastic network interface on its way to actually reaching the intended workloads.

 

Network Access Analysis

Along with the monitoring tools mentioned above, there are analysis tools for inspecting access points as required by network security and compliance regulations.  Along with adjusting requirements for the network, this helps to identify access points that don’t meet specified requirements.  It lays out how the network taps into user resources and identifies weak points in the network security that need improvements.

 

Network Access Control List

In conjunction with the Network Access Analysis, this optional whitelist is effectively an additional firewall for controlling inward and outward flow.  It does come with rules that can be modified for what to catch or ignore.

 

Traffic Mirroring

Issues like security anomalies, operational insight, compliance, understanding security controls, and troubleshooting become a lot easier if a snapshot of traffic can be extracted for closer analysis.  VPC does provide the option to look at traffic to EC2 instances and copy them for export to analyze further.  Mirroring provides direct access to network packets flowing through the VPC.

Pricing Model

Pricing does become particularly complicated for this service in particular.  Creating or using the VPC itself generates no additional charge, but there is a collection of optional fees for features and services such as customization, monitoring, and security.  The rates when applied to other AWS utilities such as EC2 still utilizes the base rates of those other services.  Otherwise connecting the VPC to a corporate datacenter and using the optional hardware will bill by the hour and per GB used in transfers with pricing varying depending on the region (partial hours will count as full hours).

 

NAT Gateway

As outlined, using the NAT gateway into the VPC will charge per gateway hour used.  Additional equivalent rates apply to each GB processed through the gateway regardless of start or endpoint.  There are also standard AWS data transfer charges applied for all data that goes through the gateway.  When the gateway is no longer needed and needs to be removed from the monthly bill, it is only a matter of deleting the gateway through the AWS Management Console, AWS Command Line Interface, or API.

 

IP Access Manager

There is an hourly rate for each active IP address tampered with using the manager (an active IP requires being attached to an EC2 instance or Elastic Network Interface).  This service tracks and monitors all IP addresses assigned to resources within the VPC whether they are part of an IP Access Manager IP address pool or not.  Any that might have been made in the past and aren’t within the active address pool are still subject to billing.  Deleting the address via AWS Management Console, AWS Command Line Interface, or the API will remove billing completely for the IP address.

 

Traffic Mirroring and Analysis

The rates for each of the different analysis services do wildly vary for different tasks on top of the regional differences.  All are still dependent on the number of active sessions each service has and the number of hours they are active.

Pricing Model

Pricing does become particularly complicated for this service in particular.  Creating or using the VPC itself generates no additional charge, but there is a collection of optional fees for features and services such as customization, monitoring, and security.  The rates when applied to other AWS utilities such as EC2 still utilizes the base rates of those other services.  Otherwise connecting the VPC to a corporate datacenter and using the optional hardware will bill by the hour and per GB used in transfers with pricing varying depending on the region (partial hours will count as full hours).

 

NAT Gateway

As outlined, using the NAT gateway into the VPC will charge per gateway hour used.  Additional equivalent rates apply to each GB processed through the gateway regardless of start or endpoint.  There are also standard AWS data transfer charges applied for all data that goes through the gateway.  When the gateway is no longer needed and needs to be removed from the monthly bill, it is only a matter of deleting the gateway through the AWS Management Console, AWS Command Line Interface, or API.

 

IP Access Manager

There is an hourly rate for each active IP address tampered with using the manager (an active IP requires being attached to an EC2 instance or Elastic Network Interface).  This service tracks and monitors all IP addresses assigned to resources within the VPC whether they are part of an IP Access Manager IP address pool or not.  Any that might have been made in the past and aren’t within the active address pool are still subject to billing.  Deleting the address via AWS Management Console, AWS Command Line Interface, or the API will remove billing completely for the IP address.

 

Traffic Mirroring and Analysis

The rates for each of the different analysis services do wildly vary for different tasks on top of the regional differences.  All are still dependent on the number of active sessions each service has and the number of hours they are active.

Dolan Cleary

Dolan Cleary

I am a recent graduate from the University of Wisconsin - Stout and am now working with AllCode as a web technician. Currently working within the marketing department.


LinkedIn

Related Articles

Top Software as a Service Companies in 2024

Top Software as a Service Companies in 2024

Spending for public cloud usage continues to climb with every year. In 2023, nearly $600 billion was spent world-wide with a third of that being taken up by SaaS. By comparison, Infrastructure as a Service only takes up $150 billion and Platform as a Service makes up $139 billion. On average, companies use roughly 315 individual SaaS applications for their operations and are gradually increasing on a yearly basis. SaaS offers a level of cost efficiency that makes it an appealing option for consuming software.

AWS Graviton and Arm-architecture Processors

AWS Graviton and Arm-architecture Processors

AWS launched its new batch of Arm-based processors in 2018 with AWS Graviton. It is a series of server processors designed for Amazon EC2 virtual machines. The EC2 AI instances support web servers, caching fleets, distributed data centers, and containerized microservices. Arm architecture is gradually being rolled out to handle enterprise-grade utilities at scale. Graviton instances are popular for handling intense workloads in the cloud.

What is Tiered Pricing for Software as a Service?

What is Tiered Pricing for Software as a Service?

Tiered Pricing is a method used by many companies with subscription models. SaaS companies typically offer tiered pricing plans with different services and benefits at each price point with typically increasing benefits the more a customer pays. Striking a balance between what good rates are and the price can be difficult at times.