- Newest
- Most votes
- Most comments
Hello.
By creating a VPC and creating "private subnets" and "public subnets," you can classify EC2 instances based on whether they have internet connectivity or not.
Also, it is possible to create subnets for each availability zone within a VPC to make EC2 instances redundant.
Therefore, I think the advantage of having a VPC is that it allows the user to configure the network in detail depending on the purpose.
https://docs.aws.amazon.com/vpc/latest/userguide/how-it-works.html
But doesn't have ec2 instance a 'network interface' ?
EC2 also has a network interface.
This ENI will be created in the VPC subnet to perform communication.
To use an analogy, it is like a LAN cable connected to a small L3 switch called a subnet for communication.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html
=>An EC2 instance typically needs to be associated with a Virtual Private Cloud (VPC) for several reasons:
=>Isolation: A VPC provides network isolation for your EC2 instances. It acts as a virtual network in the AWS cloud where you can launch your EC2 instances. This isolation helps in ensuring that your instances are protected from unauthorized access from other networks.
=>Security Groups and Network ACLs: Within a VPC, you can define security groups and network access control lists (ACLs) to control inbound and outbound traffic to and from your EC2 instances. This allows you to set up fine-grained security policies and restrict access as needed.
=>Subnet Configuration: A VPC allows you to divide your virtual network into subnets. Each subnet can be associated with a different availability zone, providing fault tolerance and high availability for your EC2 instances.
=>Connectivity Options: With a VPC, you can establish connections between your EC2 instances and other AWS services, such as databases hosted on Amazon RDS or resources in other VPCs, using VPC peering, VPN, or AWS Direct Connect.
=>Customization: VPCs offer a high degree of customization. You can configure route tables, internet gateways, and NAT gateways to tailor the network configuration according to your specific requirements.
The other answers are good but touching on a few other elements in your question:
In the before times, VPC didn't exist. EC2 instances were all launched with public IP addresses. Our customers wanted to be able to build private networks and select which EC2 instances were exposed to the internet (or other networks). Hence: VPC. This is a better model for customers which doesn't take away the flexibility of having all your EC2 instances with public IP addresses; but also delivers private IP addressing when needed.
As far as "what is VPC" under the hood, this YouTube video is absolutely worth watching. There are quite a few others but this is an excellent starting point.
Relevant content
- asked 2 years ago
- asked 5 months ago
AWS OFFICIALUpdated 3 months ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
So VPC is the 'internal network'. this vpc must be segmented into subnets each ec2 must be attached to a subnet and NOT to the vpc, right?
Strictly speaking, a large private network called VPC is divided into small units called subnets. Therefore, EC2 is launched within a network that divides the VPC into smaller pieces called subnets.