Mastering AWS Networking: VPC Components & Architecture

This document provides a comprehensive curriculum overview for understanding and identifying the core components of an Amazon Virtual Private Cloud (VPC). A VPC is the foundational network layer for AWS resources, providing a logically isolated section of the AWS Cloud.

Prerequisites

Before diving into VPC components, students should possess the following foundational knowledge:

• Basic Networking Concepts: Understanding of IP addressing, the OSI model (specifically Layer 3 and Layer 4), and the purpose of routers and firewalls.
• CIDR Notation: Familiarity with Classless Inter-Domain Routing (e.g., knowing that $10.0.0.0/16 provides 65,536 IP addresses).
• AWS Global Infrastructure: A clear understanding of AWS Regions and Availability Zones (AZs), as VPCs and subnets are mapped to these constructs.

Module Breakdown

Learning Objectives per Module

Module 1: VPC Fundamentals

• Define the scope of a VPC within a Region.
• Assign appropriate CIDR blocks (ranging from /16$to$/28$).

Module 2: Subnetting & Routing

• Create subnets that reside within specific Availability Zones for high availability.
• Configure Route Tables to direct traffic between subnets and external targets.

Module 3: Internet Connectivity

• Attach an Internet Gateway (IGW) to enable public internet access.
• Deploy a NAT Gateway to allow private instances to reach the internet for updates without being reachable from the outside.

Module 4: Network Security

• Design multi-layered security using Security Groups (instance-level) and NACLs (subnet-level).
• Identify the difference between stateful and stateless filtering.

Success Metrics

To demonstrate mastery of this curriculum, the learner should be able to:

1. Architect a 2-Tier Application: Successfully design a VPC with a public web tier and a private database tier.
2. Troubleshoot Connectivity: Identify why an instance cannot reach the internet (e.g., missing IGW, incorrect Route Table, or blocked NACL).
3. Explain Security Flow: Articulate the path of a packet through an NACL and a Security Group to a resource.
4. Passed Mock Scenarios: Correctly identify the most cost-effective connectivity tool (e.g., choosing Peering over Direct Connect for simple VPC-to-VPC communication).

Real-World Application

Understanding VPC components is critical for several career paths:

• Cloud Architects: Designing secure, scalable, and resilient infrastructures that follow the Well-Architected Framework.
• Security Engineers: Implementing "Defense in Depth" by configuring granular firewall rules at both the subnet and instance layers.
• DevOps Engineers: Automating the deployment of network stacks using Infrastructure as Code (IaC) tools like Terraform or AWS CloudFormation.

[!IMPORTANT] Remember: A VPC is regional, but a Subnet is confined to a single Availability Zone. For High Availability (HA), always deploy subnets in at least two AZs.

Component Examples & Scenarios

Scenario A: The Public Web Server

• Component: Public Subnet + Internet Gateway.
• Use Case: A WordPress site that needs to be accessible to everyone on the internet.
• Setup: The Route Table for this subnet has a destination of $0.0.0.0/0$ pointing to the IGW.

Scenario B: The Secure Backend Database

• Component: Private Subnet + NAT Gateway.
• Use Case: A MySQL database that needs to download security patches from the internet but must never accept unsolicited incoming connections.
• Setup: The database lives in a subnet with no route to the IGW. Instead, it routes traffic to a NAT Gateway located in the Public Subnet.

Comparison Table: Security Groups vs. NACLs