vpc aws

AWS Virtual Private Cloud (VPC) gives you the flexibility to provision logically isolated section of the AWS cloud. Cloud knows no boundaries but there is a need for virtual isolation of your resources. So that you can configure and launch your AWS resources within the virtual network you define.

AWS虚拟私有云（VPC）使您可以灵活地配置AWS云中逻辑上隔离的部分。 云无国界，但需要虚拟隔离资源。 这样您就可以在定义的虚拟网络中配置和启动您的AWS资源。

If you remember that in my post “Amazon EC2 – AWS Elastic Compute Cloud” we launched an EC2 instance within the default VPC. In this topic, we will talk about how to create AWS VPC for various use cases? AWS VPC supports all combinations where you need a public subnet or private subnet or both.

如果您还记得我的文章“ Amazon EC2 – AWS Elastic Compute Cloud ”，我们在默认VPC内启动了EC2实例。 在本主题中，我们将讨论如何为各种用例创建AWS VPC？ AWS VPC支持您需要公共子网或私有子网或两者都需要的所有组合。

什么是Amazon VPC？ (What is Amazon VPC?)

Amazon VPC is an abbreviation for the Amazon Virtual Private Cloud (VPC). It is a networking service that provides an isolated virtual network on the AWS cloud. It enables you to launch AWS resources into the virtual network. AWS VPC is quite similar to the traditional network with the benefits of using the scalable infrastructure of AWS.

Amazon VPC是Amazon Virtual Private Cloud（VPC）的缩写。 它是一项网络服务，可在AWS云上提供隔离的虚拟网络。 它使您可以将AWS资源启动到虚拟网络中。 AWS VPC与传统网络非常相似，具有使用AWS可扩展基础架构的好处。

You can create your own IP address ranges, subnets (public and private), route table, and network gateways etc. You have complete control over your virtual networking environment.

您可以创建自己的IP地址范围，子网（公共和专用），路由表和网络网关等。您可以完全控制虚拟网络环境。

Amazon Virtual Private Cloud (VPC) will look something like below within the AWS cloud:

在AWS云中， Amazon虚拟私有云（VPC）如下所示：

VPC网络组件 (VPC Networking Components )

There are several networking components are used in Amazon Virtual Private Cloud. You may be familiar with most of them since they are components of traditional networking. But the difference here is that they are elastic in nature.

Amazon Virtual Private Cloud中使用了多个网络组件。 您可能对它们中的大多数很熟悉，因为它们是传统网络的组成部分。 但是这里的区别在于它们本质上是弹性的。

Let’s explore a few of many commonly known components:

让我们探索许多众所周知的组件中的一些：

网络接口 (Network Interfaces)

In general, a network interface is the interconnection point between a network and a computer. Network Interfaces on AWS Cloud are elastic and virtual. Virtual network interfaces can include the below attributes:

通常，网络接口是网络和计算机之间的互连点。 AWS Cloud上的网络接口具有弹性和虚拟性。 虚拟网络接口可以包括以下属性：

• A primary IPv4 address (private)
  主IPv4地址（专用）
• A elastic IP per IPv4 address (private)
  每个IPv4地址的弹性IP（专用）
• A mac address
  Mac地址
• One or more private IPv4 address
  一个或多个私有IPv4地址
• One public IPv4 address
  一个公共IPv4地址
• Security Groups
  安全组
• One or more IPv6 address
  一个或多个IPv6地址

Each instance in your AWS VPC has a default network interface also called Primary Network Interface. Default network is assigned a private IPv4 address from within the IPv4 address range of your AWS VPC.

AWS VPC中的每个实例都有一个默认网络接口，也称为主网络接口 。 在您的AWS VPC的IPv4地址范围内，为默认网络分配了私有IPv4地址。

路线表 (Route Tables)

A router table contains the rules which are nothing but the set of rules which determine where network traffic is directed. As shown in the above picture each subnet in VPC is associated with a routing table.

路由器表包含的规则不过是确定网络流量定向到何处的一组规则。 如上图所示，VPC中的每个子网都与路由表关联。

Note: A subnet can be associated with only one routing tables at a time.

注意：子网一次只能与一个路由表关联。

To understand the routing table, you must go through the networking basics like routing, routing table, priority etc.

要了解路由表，您必须了解网络基础知识，例如路由，路由表，优先级等。

互联网网关 (Internet Gateways)

Internet gateways enable access to the Internet for your VPC. These allow your instances in VPC to communicate to the Internet. An Internet Gateway on AWS supports both IPv4 and IPv6 traffic.

Internet网关使您的VPC可以访问Internet。 这些允许您的VPC中的实例与Internet通信。 AWS上的Internet网关同时支持IPv4和IPv6通信。

It’s a redundant, highly available, and horizontally scaled VPC component on AWS cloud. TO enable the access to the Internet you must attach the Internet gateway to the VPC.

它是AWS云上的冗余，高可用性和水平扩展的VPC组件。 要启用对Internet的访问，必须将Internet网关连接到VPC。

Let’s understand this with the help of the below diagram: Subnet 1 in the VPC is associated with a custom route table that points all internet-bound IPv4 traffic to an internet gateway. The elastic IP address of instance enables communication with the internet.

让我们借助下图来了解这一点：VPC中的子网1与一个自定义路由表相关联，该表将所有Internet绑定的IPv4流量都指向Internet网关。 实例的弹性IP地址可以与Internet通信。

NAT网关 (NAT Gateway)

NAT is an abbreviation for Network Address Translation. If you are using a private subnet in your VPC then you would need the NAT device to connect to the Internet. NAT Gateway prevents the Internet to initiate communication.

NAT是网络地址转换的缩写。 如果您在VPC中使用专用子网，则需要NAT设备连接到Internet。 NAT网关阻止Internet启动通信。

NAT gateway is paid service on AWS cloud. You will be charged hourly for this. I would suggest checking the VPC Pricing before opting to this.

NAT网关是AWS云上的付费服务 。 您需要每小时为此付费。 我建议在选择此选项之前先检查VPC定价 。

Let’s understand NAT Gateways from the below diagram:

让我们从下图了解NAT网关：

弹性IP位址 (Elastic IP Address)

An elastic IP address is the static IP address. Which are designed for dynamic cloud computing. AWS supports Elastic IP for IPv4 address only. As I mentioned in network interfaces, an Elastic IP address is a property of network interfaces.

弹性IP地址是静态IP地址 。 专为动态云计算而设计。 AWS仅支持IPv4地址的弹性IP。 正如我在网络接口中提到的那样，弹性IP地址是网络接口的属性。

You can update a network interface to attach the Elastic IP address to the instance.

您可以更新网络接口以将弹性IP地址附加到实例。

Note: If you create an Elastic IP address then it will be associated with your account. You can release the Elastic IP address from your account.

注意：如果创建弹性IP地址，则它将与您的帐户关联。 您可以从帐户中释放弹性IP地址。

VPC配置类型 (VPC Configuration Types)

AWS offers four types of VPC configurations.

AWS提供了四种类型的VPC配置。

具有单个公共子网的VPC (VPC with a Single Public Subnet)

具有公共和私有子网的VPC (VPC with Public and Private Subnets)

具有公用和专用子网以及硬件VPN访问的VPC (VPC with Public and Private Subnets and Hardware VPN Access)

仅具有专用子网和硬件VPN访问的VPC (VPC with a Private Subnet Only and Hardware VPN Access)

VPC入门 (Getting Started with VPC)

In the below exercise, we will create a VPC and Subnet with IPv4 CIDR block. Though, AWS provides you a default VPC when you launch an EC2 Instance. The purpose of this is to create your own VPC and Subnets and use them.

在下面的练习中，我们将创建一个具有IPv4 CIDR块的VPC和子网。 但是，当您启动EC2实例时，AWS为您提供默认的VPC。 这样做的目的是创建自己的VPC和子网并使用它们。

创建一个VPC (Creating a VPC)

Let’s create the VPC using the AWS VPC wizard:

让我们使用AWS VPC向导创建VPC：

1. Login and Open AWS Management Console
   登录并打开AWS管理控制台
2. You can directly copy and paste the URL https://console.aws.amazon.com/vpc/ in the address of your browser once logged in.
   登录后，您可以直接将URL https://console.aws.amazon.com/vpc/复制并粘贴到浏览器的地址中。
3. Find the “VPC” in service tab and click on the link given.
   You will see the below screen:
   
   

   Launch Vpc

   在服务选项卡中找到“ VPC”，然后单击给定的链接。
   您将看到以下屏幕：
   

   启动Vpc

步骤1：选择VPC配置 (Step 1: Select a VPC Configuration)

Now, you will see the below screen, choose the required VPC configurations. I’m going to create a VPC with a single public subnet.

现在，您将看到以下屏幕，选择所需的VPC配置。 我将创建一个具有单个公共子网的VPC。

Click on the “Select” button.

点击“选择”按钮。

步骤2：具有单个公共子网的VPC (Step 2: VPC with a Single Public Subnet)

In below screen, the first section defines a VPC IPv4 CIDR block. The second section defines public subnet.

在下面的屏幕中，第一部分定义了VPC IPv4 CIDR块。 第二部分定义公共子网。

Click on “Create VPC” button.

点击“创建VPC”按钮。

步骤3：查看VPC (Step 3: View VPC )

You will see the below screen on completion of creation on the VPC.

在VPC上完成创建后，您将看到以下屏幕。

You can go to the VPC Dashboard and see you VPC is listed in the summary. If you click on your VPC then you will see the below details which you filled during creation.

您可以转到VPC仪表板，然后在摘要中看到VPC。 如果单击VPC，则将看到在创建过程中填写的以下详细信息。

步骤4：查看子网 (Step 4: View Subnet )

Let’s see the public subnet which we created along with the VPC. See the description of the subnet that your public subnet is associated with the VPC you created.

让我们看看我们与VPC一起创建的公共子网。 请参阅您的公共子网与您创建的VPC关联的子网描述。

步骤5：查看路由表 (Step 5: View Route Table)

You can check the subnet route table as well.

您也可以检查子网路由表。

步骤6：查看Internet网关 (Step 6: View Internet Gateway)

From the left panel click on the “Internet Gateways” and you will see the below screen.

在左侧面板中，单击“ Internet网关” ，您将看到以下屏幕。

Your VPC is attached with the Internet gateway which will allow all your resources of the VPC to communicate to the internet.

您的VPC随附有Internet网关，它将使您的VPC的所有资源都可以与Internet通信。

Quick Tip: The details are more than enough to get started with VPC, Subnet, Internet Gateway and Router Table etc. I know that for a beginner to understand all of this will take a little time. You will get used to the vocabulary when you will actually use this in an application.

快速提示：详细信息对于使用VPC，子网，Internet网关和路由器表等来说已经足够了。我知道，对于初学者而言，了解所有这些将花费一些时间。 当您在应用程序中实际使用该词汇表时，您将习惯该词汇表。

删除您的VPC (Deleting your VPC)

Deleting VPC will delete several associated objects to it. Make sure that your review all of them before clicking on the “Delete VPC” button.

删除VPC将删除与其相关的多个对象。 在单击“删除VPC”按钮之前，请确保已检查所有内容。

AWS will also delete these objects associated with the VPC for the region:

AWS还将删除该地区与VPC关联的以下对象：

1. Subnets
   子网路
2. Security Groups
   安全组
3. Network ACLs
   网络ACL
4. Internet Gateways
   互联网网关
5. Egress Only Internet Gateways
   仅出口Internet网关
6. Route Tables
   路线表
7. Network Interfaces
   网络接口
8. Peering Connections
   对等连接
9. Endpoints
   终点

You are good to go, just click the “Delete VPC” button and you wait for a while. You will see this screen:

一切顺利，只需单击“删除VPC”按钮，然后等待一会儿。 您将看到以下屏幕：

AWS中VPC和子网的限制 (Limits of VPC and Subnets in AWS)

There are certain limits of the use of VPC and Subnets. AWS has listed them as below:

VPC和子网的使用有一定的限制。 AWS列出了以下内容：

翻译自: https://www.journaldev.com/25368/aws-vpc-virtual-private-cloud

vpc aws