Transcription of Amazon Virtual Private Cloud - AWS Documentation
1 Amazon Virtual Private CloudUser GuideAmazon Virtual Private Cloud User GuideAmazon Virtual Private Cloud : User GuideCopyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights 's trademarks and trade dress may not be used in connection with any product or service that is not Amazon 's, in any mannerthat is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon . All other trademarks notowned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored Virtual Private Cloud User GuideTable of ContentsWhat Is Amazon VPC?
2 1 Amazon VPC Concepts .. 1 VPCs and 1 Supported Platforms .. 1 Default and Nondefault 2 Accessing the Internet .. 2 Accessing a Corporate or Home network .. 4 Accessing Services Through AWS PrivateLink .. 5 How to Get Started with Amazon VPC .. 6 Using Amazon VPC with Other AWS Services .. 7 Accessing Amazon VPC .. 7 Pricing for Amazon VPC .. 8 Amazon VPC Limits .. 8 PCI DSS Compliance .. 8 Getting Started .. 9 Getting Started with IPv4 .. 9 Step 1: Create the VPC .. 10 Step 2: Create a Security Group .. 12 Step 3: Launch an Instance into Your VPC.
3 14 Step 4: Assign an Elastic IP Address to Your Instance .. 15 Step 5: Clean 17 Getting Started with IPv6 .. 17 Step 1: Create the VPC .. 18 Step 2: Create a Security Group .. 20 Step 3: Launch an Instance .. 21 Scenarios and Examples .. 24 Scenario 1: VPC with a Single Public Subnet .. 24 Overview .. 24 Routing .. 26 Security .. 27 Implementing Scenario 1 .. 29 Scenario 2: VPC with Public and Private Subnets (NAT) .. 31 Overview .. 32 Routing .. 34 Security .. 36 Implementing Scenario 2 .. 39 Implementing Scenario 2 with a NAT Instance.
4 42 Scenario 3: VPC with Public and Private Subnets and AWS Managed VPN Access .. 43 Overview .. 44 Routing .. 46 Security .. 48 Implementing Scenario 3 .. 51 Scenario 4: VPC with a Private Subnet Only and AWS Managed VPN Access .. 56 Overview .. 56 Routing .. 58 Security .. 58 Implementing Scenario 4 .. 59 Example: Create an IPv4 VPC and Subnets Using the AWS CLI .. 62 Step 1: Create a VPC and Subnets .. 62 Step 2: Make Your Subnet Public .. 62 Step 3: Launch an Instance into Your Subnet .. 64 Step 4: Clean 66 Example: Create an IPv6 VPC and Subnets Using the AWS CLI.
5 66 Step 1: Create a VPC and Subnets .. 67iiiAmazon Virtual Private Cloud User GuideStep 2: Configure a Public Subnet .. 68 Step 3: Configure an Egress-Only Private Subnet .. 70 Step 4: Modify the IPv6 Addressing Behavior of the Subnets .. 71 Step 5: Launch an Instance into Your Public Subnet .. 71 Step 6: Launch an Instance into Your Private Subnet .. 72 Step 7: Clean 74 VPCs and 76 VPC and Subnet 76 VPC and Subnet 79 VPC and Subnet Sizing for 79 Adding IPv4 CIDR Blocks to a VPC .. 80 VPC and Subnet Sizing for 83 Subnet Routing.
6 83 Subnet Security .. 84 Connections with Your Local network and Other VPCs .. 84 Working with VPCs and Subnets .. 85 Creating a VPC .. 85 Creating a Subnet in Your VPC .. 86 Associating a Secondary IPv4 CIDR Block with Your VPC .. 87 Associating an IPv6 CIDR Block with Your VPC .. 88 Associating an IPv6 CIDR Block with Your Subnet .. 88 Launching an Instance into Your Subnet .. 88 Deleting Your Subnet .. 89 Disassociating an IPv4 CIDR Block from Your VPC .. 89 Disassociating an IPv6 CIDR Block from Your VPC or Subnet .. 90 Deleting Your VPC.
7 91 Default VPC and Default 92 Default VPC 92 Default 93 Availability and Supported Platforms .. 94 Detecting Your Supported Platforms and Whether You Have a Default VPC .. 94 Viewing Your Default VPC and Default Subnets .. 95 Launching an EC2 Instance into Your Default VPC .. 96 Launching an EC2 Instance Using the Console .. 96 Launching an EC2 Instance Using the Command Line .. 96 Deleting Your Default Subnets and Default VPC .. 96 Creating a Default VPC .. 97 Creating a Default Subnet .. 98IP Addressing .. 99 Private IPv4 Addresses.
8 100 Public IPv4 Addresses .. 100 IPv6 Addresses .. 101IP Addressing Behavior for Your Subnet .. 102 Working with IP Addresses .. 102 Modifying the Public IPv4 Addressing Attribute for Your Subnet .. 102 Modifying the IPv6 Addressing Attribute for Your Subnet .. 103 Assigning a Public IPv4 Address During Instance Launch .. 103 Assigning an IPv6 Address During Instance Launch .. 104 Assigning an IPv6 Address to an Instance .. 105 Unassigning an IPv6 Address From an Instance .. 105 API and Command Overview .. 105 Migrating to 106 Example: Enabling IPv6 in a VPC With a Public and Private 107 Step 1: Associate an IPv6 CIDR Block with Your VPC and Subnets.
9 110 Step 2: Update Your Route Tables .. 111 Step 3: Update Your Security Group Rules .. 111 Step 4: Change Your Instance Type .. 112ivAmazon Virtual Private Cloud User GuideStep 5: Assign IPv6 Addresses to Your Instances .. 113 Step 6: (Optional) Configure IPv6 on Your Instances .. 113 Security .. 120 Comparison of Security Groups and network ACLs .. 120 Security Groups .. 121 Security Group Basics .. 122 Default Security Group for Your VPC .. 123 Security Group Rules .. 123 Differences Between Security Groups for EC2-Classic and EC2-VPC.
10 125 Working with Security Groups .. 126 network ACLs .. 130 network ACL Basics .. 130 network ACL Rules .. 130 Default network ACL .. 131 Custom network ACL .. 132 Ephemeral Ports .. 136 Working with network ACLs .. 137 Example: Controlling Access to Instances in a Subnet .. 140 API and Command Overview .. 142 Recommended network ACL Rules for Your VPC .. 143 Recommended Rules for Scenario 1 .. 144 Recommended Rules for Scenario 2 .. 146 Recommended Rules for Scenario 3 .. 153 Recommended Rules for Scenario 4 .. 159 Controlling Access.
