Amazon Virtual Private Cloud

Amazon Virtual Private Cloud
Amazon Virtual Private Cloud
Original author(s)	Amazon.com, Inc.
Developer(s)	Amazon.com
Initial release	September 25, 2009 (2009-09-25)
Development status	Active
Operating system	Microsoft Windows Linux FreeBSD
Available in	English
Type	Virtual Private Server
License	Proprietary software
Website	aws.amazon.com/vpc/

Amazon Virtual Private Cloud (VPC) is a commercial cloud computing service that provides users a virtual private cloud, by "provision[ing] a logically isolated section of Amazon Web Services (AWS) Cloud".^[1] Enterprise customers are able to access the Amazon Elastic Compute Cloud (EC2) over an IPsec based virtual private network.^[2]^[3] Unlike traditional EC2 instances which are allocated internal and external IP numbers by Amazon, the customer can assign IP numbers of their choosing from one or more subnets.^[4] By giving the user the option of selecting which AWS resources are public facing and which are not, VPC provides much more granular control over security. For Amazon it is "an endorsement of the hybrid approach, but it's also meant to combat the growing interest in private clouds".^[5]

Comparison to private clouds

Amazon Virtual Private Cloud aims to provide a service similar to the private cloud solution provided by private cloud solutions such as OpenStack or HPE Helion Eucalyptus. The service provided is more comprehensive than either of those packages, however typically a private cloud would install PaaS systems such as OpenShift application hosting or a Database and Hadoop systems which would provide the alternative solutions they needed. Cloud security experts have warned however that there can be compliance risks, such as a loss of control or service cancellation in using public resources^[6] which do not exist with in house systems. If transaction records are requested from Amazon about a VPC using a National security letter they may not even be legally allowed to inform the customer of the breach of the security of their system. This would be true even if the actual VPC resources were in another country.^[7] The API used by AWS only partly compatible with that of HPE Helion Eucalyptus and is not compatible with other private cloud systems so migration from AWS to an in house solution may be difficult if there was a need to move to an in house cloud. This has led to warnings of the possibility of lock in to cloud solutions.^[6]

IP Addressing

Initially, users are able to choose a range of IP addresses for their VPC. Within this range, users can assign various private and public IPv4 (not IPv6)^[8] addresses to instances in the VPC in order to communicate with the Internet and other instances of VPCs. These addresses are assigned to specific instances rather than the user's entire VPC account.^[9] Assignment of Public IP addresses is not possible, instead the address is assigned and unassigned in certain cases, causing the address of an instance to change. When a consistent IP address is needed, a third type of IP Address, Elastic IP addresses, can be used in place of Public IP addresses.^[9]

Connectivity

AWS VPC allows users to connect to the Internet, a user's corporate data center, and other users' VPCs.^[8]

Users are able to connect to the Internet by adding an Internet Gateway to their VPC, which assigns the VPC a public IPv4 Address.^[10]

Users are able to connect to a data center by setting up a Hardware Virtual Private Network connection between the data center and the VPC. This connection allows the user to "interact with Amazon EC2 instances within a VPC as if they were within [the user's] existing network."^[8]

Users are able to route traffic from one VPC to another VPC using private IP addresses, and are able to communicate as if they were on the same network. Peering can be achieved by connecting a route between two VPC's on the same account or two VPC's on different accounts in the same region. VPC Peering is a one-to-one connection, but users are able to connect to more than one VPC at a time.^[11]

Privacy

AWS VPC's security is two-fold: firstly, AWS VPC uses security groups as a firewall to control traffic at the instance level, while it also uses network access control lists as a firewall to control traffic at the subnet level.^[12] As another measure of privacy, AWS VPC provides users with the ability to create "dedicated instances" on hardware, physically isolating the dedicated instances from non-dedicated instances and instances owned by other accounts.^[13]

Pricing

AWS VPC is free, with users only paying for the consumption of EC2 resources. However, if choosing to access VPC via a Virtual Private Network (VPN), there is a charge. As with standard EC2 instances, users are able to purchase Reserved Instances, however VPC EC2 Reserved Instance discounts will not be applied to standard EC2 instances, as opposed to standard EC2 Reserved Instances which do apply to VPC instances.^[14]

VPN Connection Pricing

$0.05 per VPN Connection-hour
$0.048 per VPN Connection-hour for connections to the Tokyo region

VPC Peer Connections Pricing

$0.01 per GB of data transferred^[15]

Limits

The following is a list of the initial limitations of AWS VPC, and upon request many of the limitations can be extended.

Component	Limit
VPCs per region	5
Subnets per VPC	200
Internet gateways per region	5
Virtual private gateways per region	5
Customer gateways per region	50
VPN connections per region	50
Route tables per VPC	200
Entries per route table	50
Elastic IP addresses per region for each AWS account	5
Security groups per VPC	100
Rules per security group	50
Security groups per network interface	5
Network ACLs per VPC	200
Rules per network ACL	20
BGP Advertised Routes per VPN Connection	100
Active VPC peering connections per VPC	50
Outstanding VPC peering connection requests	25
Expiry time for an unaccepted VPC peering connection request	1 week (168 hours)

^[16]

References

External links

Seamlessly Extending the Data Center - Introducing Amazon Virtual Private Cloud - blog post by Amazon CTO Werner Vogels

Amazon.com

People

Current	Jeff Bezos Tony Hsieh Werner Vogels Gregg Zehr

Former	Rick Dalzell Brian McBride Ram Shriram Tom Szkutak Brian Valentine Christopher North

Facilities

Products
and services

Websites	A9.com AbeBooks Alexa Internet Amapedia Askville BookFinder CDNow China Curse The Book Depository Dash Diapers.com Digital Photography Review Endless.com Fresh Goodreads Internet Movie Database Box Office Mojo Withoutabox Junglee.com Local Marketplace Payments PlanetAll Shelfari Twitch.tv Wireless Woot.com Zappos

Web services	AMI CloudFront DynamoDB EBS EC2 MTurk Product Advertising API RDS S3 SES SimpleDB SQS VPC Silk Glacier Storywriter

Digital	Alexa Appstore Audible Inc. ComiXology Amazon Drive Echo Video Prime Kindle Kindle Fire Fire HD Fire HDX Fire TV Fire Phone Kindle Store Lexcycle LoveFilm Mobipocket Music Reflexive Entertainment Fire OS Amazon Digital Game Store

Technology	1-Click Carbonado Dynamo Gurupa Lab126 Double Helix Games Obidos Liquavista

Publishing	Amazon Publishing Amazon Studios Breakthrough Novel Award Best Books of the Year Kindle Direct Publishing

Investments	43 Things Amie Street (Songza) LibraryThing LivingSocial Sellaband

Other

This article is issued from Wikipedia - version of the 11/7/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.