Virtual Private Cloud (VPC)

A Virtual Private Cloud provides an isolated virtual network within the public cloud, giving you control over your network environment similar to a traditional data centre but with cloud scalability.

VPC components:

• Subnets: Segments that can be public or private
• Route tables: Rules determining traffic direction
• Internet gateway: Enables public internet access
• NAT gateway: Allows private resources to access the internet outbound only
• Security groups: Instance-level firewall rules
• Network ACLs: Subnet-level firewall rules
• VPC endpoints: Private connections to cloud services

Design best practices:

• Choose an IP range large enough for growth (/16 gives 65,536 addresses)
• Create subnets in at least 2 availability zones
• Place web servers in public subnets, databases in private subnets
• Apply least-privilege security group rules
• Enable VPC flow logs for monitoring
• Use private hosted zones for internal DNS

Connectivity options:

• VPN: Encrypted tunnel to on-premises network
• Direct Connect/ExpressRoute: Dedicated network connection
• VPC Peering: Connect VPCs within or across accounts
• Transit Gateway: Central hub for multiple VPCs

Cloud provider VPC services:

• AWS VPC: Most feature-rich
• Azure Virtual Network (VNet): Microsoft's equivalent
• Google Cloud VPC: Global by default