VPC a solution to privatizing your cloud

VPC is a virtually hosted cloud environment like a public cloud but the difference between is that there is a firewall in between enterprise and the cloud environment. Firewall only allows the IP that have been allowed by the subnet i.e. the mucinous user from a different range of IP cannot access into the network.

VPC is a dedicated network for your cloud environment. It is a commercial cloud provider service, costumer can set up the range of IP as per the choice to multiple subnet. Setting up VPC gives user the right to privatize the resources as per the need which increases the control over the security.

Amazon Virtual Private Cloud (VPC) gives you complete control over your virtual networking environment, including resource placement, connectivity, and security. The first step is to create your VPC. Then you can add resources to it, such as Amazon Elastic Compute Cloud (EC2) and Amazon Relational Database Service (RDS) instances. Finally, you can define how your VPCs communicate with each other across accounts, Availability Zones (AZs), or Regions. In the example below, network traffic is shared between two VPCs within each region.

Enterprise can create a hybrid network using VPC i.e. it can setup its resources in such a way that the crucial information or the data stored can be privatized and the other resources can be publicly accessed. This will help improving the security of the data at rest as the only allowed IP can access it and the data will not be available over the internet.

Owning a private cloud is not possible for small and medium size enterprise but configuring a VPC can be an alternative for securing the data at rest. Creating the VPC network helps in monitoring of resources as it gives more administrative rights.

To create a VPC environment you need

1. VPC

2. To configure the subnet

3. To add routs to the route table

4. To configure internet gateway

5. To configure VPC endpoints

Whenever a new VPC is created its route table is automatically created but you need to create subnet and add routes to the route table. The range of IP is set while configuring the subnet the only IP under that range can access the resources allocated with that subnet.

Internet gateway is the service that is used to establish the connection in between your VPC and the internet. Without enabling the internet gateway a VPC cannot communicate with the internet.

VPC working

Figure 1: — VPC environment in cloud for EC2 instance

In figure 1, VPC is created to privatize the EC2 instance and the database that is Amazon Dynamo DB, only the allowed IP can access the EC2 instance and the data base. VPC endpoint ensures that the user who wants to access the resource has the right to access or not if the user is in the IP range that is setup then the user is allowed to access the resource.

Conclusion

VPC helps in achieving more administrative rights and limiting the IP so that the users beyond the IP range cannot get into the network. Due to more administrative rights and the limit of users VPC is more secure then the public cloud

Reference

1. https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html (Paragraph 1 to 5)

2. https://karan-vora-57885.medium.com/is-data-security-a-concern-to-store-data-on-the-cloud-31d877f9e73 (Paragraph 1 to 5)

3. https://aws.amazon.com/vpc/ (VPC environment)

4. https://aws.amazon.com/blogs/aws/new-vpc-endpoints-for-dynamodb/ (VPC working)