fbpx
An Introduction to AWS Networking – Virtual Private Cloud An Introduction to AWS Networking – Virtual Private Cloud
Cloud computing is one of the major trends in computing today and has been for many years. Public cloud providers have... An Introduction to AWS Networking – Virtual Private Cloud

Cloud computing is one of the major trends in computing today and has been for many years. Public cloud providers have transformed the start-up industry and what it means to launch a service from scratch. We no longer need to build our own infrastructure; we can pay public cloud providers to rent a portion of their resources for our infrastructure needs. In this article, we will take a look at one of the most important concepts in AWS networking: Virtual Private Cloud. 

Amazon Web Services (AWS https://aws.amazon.com/) was the first company to offer IaaS public cloud services and was the clear leader in the space by market share in 2019. If we define the term SoftwareDefined Networking (SDN) as a group of software services working together to create network constructs, we can make the argument that AWS is the worlds largest implementer of SDN. They utilize the massive scale of their global network, data centers, and servers to offer an amazing array of networking services. 

This article is an excerpt from the book Mastering Python Networking, Third Edition by Eric Chou, a completely updated and revised edition of the bestselling guide to Python Networking, updated to Python 3 and including the latest on network data analysis, Cloud Networking, Ansible 2.8, and new libraries. 

Amazon Virtual Private Cloud 

Amazon virtual private cloud (Amazon VPC) enables customers to launch AWS resources in a virtual network dedicated to the customers account. It is truly a customizable network that allows you to define your own IP address range, add and delete subnets, create routes, add VPN gateways, associate security policies, connect EC2 instances to your own data center, and much more. 

In the early days when VPC was not available, all EC2 instances in the AZ were on a single, flat network that was shared among all customers. How comfortable would the customer be with putting their information in the cloud? Not very, Id imagine. Between the launch of EC2 in 2007 and the launch of VPC in 2009, VPC functions were some of the most requested features of AWS. 

Since December 2013, all EC2 instances are VPC-only; you can no longer create an EC2 instance that is non-VPC (EC2-Classic), nor would you want to. If we use a launch wizard to create our EC2 instance, it will automatically be put into a default VPC with a virtual internet gateway for public access. In my opinion, only the most basic use cases should use the default VPC. In most cases, we should define our own non-default, customized VPC. 

Creating VPC using AWS console 

Lets create the following VPC using the AWS console in us-east-1: 

VPC is AWS region-bound, and the subnets are AZ-based. Our first VPC will be based in us-east-1; the three subnets will be allocated to two different AZs in 1a and 1b. 

Using the AWS console to create the VPC and subnets is pretty straightforward, and AWS provides a number of good tutorials online. I have listed the steps with the associated locations of each on the VPC dashboard: 

Introduction to AWS Networking

The first two steps are point-and-click processes that most network engineers can work through, even without prior experience. By default, the VPC only contains the local route, 10.0.0.0/16. Now, we will create an internet gateway and associate it with the VPC: 

Introduction to AWS Networking

We can then create a custom route table with a default route pointing to the internet gateway, which will allow for internet access. We will associate this route table with our subnet in us-east-1a10.0.0.0/24, thus allowing it to be public-facing: 

Lets use the Boto3 Python SDK to see what we have created; I used the tag mastering_python_networking_demo as the tag for the VPC, which we can use as the filter: 

#!/usr/bin/env python3  
import json, boto3  

region = 'us-east-1' 

vpc_name = 'mastering_python_networking_demo'  

ec2 = boto3.resource('ec2', region_name=region) 

client = boto3.client('ec2')  

filters = [{'Name':'tag:Name''Values':[vpc_name]}]  

vpcs = list(ec2.vpcs.filter(Filters=filters)) 

for vpc in vpcs: 

    response = client.describe_vpcs( 

                 VpcIds=[vpc.id,] 

                ) 

    print(json.dumps(response, sort_keys=True, indent=4)) 

This script will allow us to programmatically query the region for the VPC we created: 

(venv) $ python Chapter10_1_query_vpc.py 

{ 

    "ResponseMetadata": { 

        <skip> 

        "HTTPStatusCode": 200, 

        "RequestId""9416b03f-<skip> ", 

        "RetryAttempts": 0 

    }, 

    "Vpcs": [ 

        { 

            "CidrBlock""10.0.0.0/16", 

            "CidrBlockAssociationSet": [ 

                { 

                    "AssociationId""vpc-cidr-assoc-<skip>", 

                    "CidrBlock""10.0.0.0/16", 

                    "CidrBlockState": { 

                        "State""associated" 

                    } 

                } 

            ], 

            "DhcpOptionsId""dopt-<skip>", 

            "InstanceTenancy""default", 

            "IsDefault": false, 

            "OwnerId""<skip>", 

            "State""available", 

            "Tags": [ 

                { 

                    "Key""Name", 

                    "Value""mastering_python_networking_demo" 

                } 

            ], 

            "VpcId""vpc-<skip>" 

        } 

    ] 

} 

If we created EC2 instances and put them in different subnets as is, the hosts would be able to reach each other across subnets. You may be wondering how the subnets can reach one another within the VPC since we only created an internet gateway in subnet 1a? In a physical network, the network needs to connect to a router to reach beyond its own local network. 

It is not so different in VPC, except it is an implicit router with a default routing table of the local network, which in our example is 10.0.0.0/16. This implicit router was created when we created our VPC. Any subnet that is not associated with a custom routing table is associated with the main table. 

In this article, we covered AWS Virtual Private Cloud overview. Explore the power of Python libraries to tackle difficult network problems efficiently and effectively, including pyATS, Nornir, and Ansible 2.8 with Mastering Python Networking, Third Edition by Eric Chou. 

About the Author 

Eric Chou is a seasoned technologist with over 20 years of experience. He has worked on some of the largest networks in the industry while working at Amazon, Azure, and other Fortune 500 companies. Eric is passionate about network automation, Python, and helping companies build better security postures. Eric is also the primary inventor for two U.S. patents in IP telephony. He shares his deep interest in technology through his books, classes, and blog, and contributes to some of the popular Python open-source projects. 

ODSC Community

ODSC Community

The Open Data Science community is passionate and diverse, and we always welcome contributions from data science professionals! All of the articles under this profile are from our community, with individual authors mentioned in the text itself.

1