1
00:00:00,000 --> 00:00:01,768
‫[Instructor] Okay, so first let's get

2
00:00:01,768 --> 00:00:03,989
‫an introduction to VPC and subnets.

3
00:00:03,989 --> 00:00:07,520
‫So VPC is a virtual private cloud,

4
00:00:07,520 --> 00:00:09,410
‫which means it's a private network

5
00:00:09,410 --> 00:00:12,260
‫that is within the AWS cloud

6
00:00:12,260 --> 00:00:15,150
‫that allows you to deploy your resources within it.

7
00:00:15,150 --> 00:00:17,440
‫And a VPC is a regional resource.

8
00:00:17,440 --> 00:00:19,960
‫So if you have two AWS regions,

9
00:00:19,960 --> 00:00:22,030
‫they will have two different VPC.

10
00:00:22,030 --> 00:00:25,070
‫So VPC is represented like this.

11
00:00:25,070 --> 00:00:26,260
‫Inside of your VPC,

12
00:00:26,260 --> 00:00:28,400
‫which is just a logical construct.

13
00:00:28,400 --> 00:00:29,510
‫You have subnets,

14
00:00:29,510 --> 00:00:32,530
‫and subnets allow you to partition your network

15
00:00:32,530 --> 00:00:34,110
‫inside your VPC,

16
00:00:34,110 --> 00:00:38,780
‫and subnets are defined at the availability zone level.

17
00:00:38,780 --> 00:00:40,839
‫So we have one AZ,

18
00:00:40,839 --> 00:00:42,830
‫So ACs in this example.

19
00:00:42,830 --> 00:00:45,010
‫And we can have multiple subnets.

20
00:00:45,010 --> 00:00:45,843
‫So the first subnet

21
00:00:45,843 --> 00:00:48,410
‫that I'm going to create is a public subnet.

22
00:00:48,410 --> 00:00:50,321
‫And as you can see the public subnet

23
00:00:50,321 --> 00:00:54,520
‫is a subnet that is accessible from the internet.

24
00:00:54,520 --> 00:00:55,550
‫So that's subnets,

25
00:00:55,550 --> 00:01:00,420
‫can access the World Wide Web and also can be accessed.

26
00:01:00,420 --> 00:01:02,170
‫From the World Wide Web,

27
00:01:02,170 --> 00:01:05,210
‫okay, so then we have another kind of subnets,

28
00:01:05,210 --> 00:01:06,773
‫called a private subnet,

29
00:01:06,773 --> 00:01:09,270
‫and the private subnet is a subnet

30
00:01:09,270 --> 00:01:13,260
‫that is not accessible from the internet's okay.

31
00:01:13,260 --> 00:01:15,100
‫And how do we define this,

32
00:01:15,100 --> 00:01:17,600
‫we'll see this in the next slide.

33
00:01:17,600 --> 00:01:22,270
‫So to define access to the Internet and between subnets,

34
00:01:22,270 --> 00:01:24,060
‫we're going to use router tables.

35
00:01:24,060 --> 00:01:26,090
‫So within your VPC,

36
00:01:26,090 --> 00:01:27,750
‫you're going to define a bunch of write tables,

37
00:01:27,750 --> 00:01:29,790
‫which is going to define how your network flows

38
00:01:29,790 --> 00:01:31,890
‫between all the different subnets.

39
00:01:31,890 --> 00:01:33,060
‫So remember,

40
00:01:33,060 --> 00:01:36,980
‫everything is at a high level in this whole section,

41
00:01:36,980 --> 00:01:38,420
‫so we won't do any hands on

42
00:01:38,420 --> 00:01:41,018
‫but try to remember these concepts,

43
00:01:41,018 --> 00:01:42,410
‫you'll see if it should make sense to you very soon.

44
00:01:42,410 --> 00:01:44,690
‫So we have an easy to instance in a public subnet,

45
00:01:44,690 --> 00:01:47,340
‫and that one has access to the internet.

46
00:01:47,340 --> 00:01:50,280
‫And we have a situ instance in the private subnet.

47
00:01:50,280 --> 00:01:52,690
‫And then one does not have access to the internet

48
00:01:52,690 --> 00:01:54,810
‫or the internet does not have access to it.

49
00:01:54,810 --> 00:01:55,643
‫The reason being,

50
00:01:55,643 --> 00:01:57,620
‫we want it to be more secure and more private.

51
00:01:57,620 --> 00:02:02,010
‫Okay,so if we look at bigger diagram for VPC,

52
00:02:02,010 --> 00:02:04,300
‫we have our cloud infrastructure.

53
00:02:04,300 --> 00:02:08,480
‫And we have one region, within the region we have a VPC.

54
00:02:08,480 --> 00:02:11,160
‫And the VPC has a set of IP ranges.

55
00:02:11,160 --> 00:02:12,930
‫So it's called a cider range.

56
00:02:12,930 --> 00:02:16,870
‫And this is just a range of IP allowed within your VPC.

57
00:02:16,870 --> 00:02:18,780
‫And we have two AZ in this example.

58
00:02:18,780 --> 00:02:20,210
‫So in the first AZ,

59
00:02:20,210 --> 00:02:21,647
‫I'm going to have, a the public subnet

60
00:02:21,647 --> 00:02:22,480
‫and the private subnets.

61
00:02:22,480 --> 00:02:23,690
‫And we can launch

62
00:02:23,690 --> 00:02:26,560
‫our EC2 instances in each subnet we want.

63
00:02:26,560 --> 00:02:28,060
‫And in the AZ two,

64
00:02:28,060 --> 00:02:30,620
‫with a public subnet and a private subnet.

65
00:02:30,620 --> 00:02:33,032
‫So this is what the VPC looks like at a high level.

66
00:02:33,032 --> 00:02:37,450
‫And this is very common in the VPC that is created for you.

67
00:02:37,450 --> 00:02:40,600
‫When you use your cloud on AWS.

68
00:02:40,600 --> 00:02:42,270
‫You only have public subnets.

69
00:02:42,270 --> 00:02:44,030
‫You don't have private subnets.

70
00:02:44,030 --> 00:02:46,010
‫We have one public subnets per AZ

71
00:02:46,010 --> 00:02:46,900
‫and you have one VPC

72
00:02:46,900 --> 00:02:49,240
‫in each and every region that's created for you.

73
00:02:49,240 --> 00:02:51,500
‫It's called the default VPC.

74
00:02:51,500 --> 00:02:53,490
‫Okay, next in your network.

75
00:02:53,490 --> 00:02:55,200
‫We talked about public and private subnet,

76
00:02:55,200 --> 00:02:57,420
‫but we're going to go one step deeper.

77
00:02:57,420 --> 00:03:00,220
‫And talk about internet gateways and Nat gateways.

78
00:03:00,220 --> 00:03:02,920
‫So, if we go back to the same diagram,

79
00:03:02,920 --> 00:03:04,670
‫say we have an easy to instance,

80
00:03:04,670 --> 00:03:06,220
‫in the public subnets.

81
00:03:06,220 --> 00:03:08,140
‫What makes the subnet really public?

82
00:03:08,140 --> 00:03:10,810
‫How can it access the internet?

83
00:03:10,810 --> 00:03:11,643
‫Well for this,

84
00:03:11,643 --> 00:03:13,840
‫we use an internet gateway.

85
00:03:13,840 --> 00:03:17,460
‫Our internet gateway will help our VPC instances

86
00:03:17,460 --> 00:03:20,510
‫in our subnets to connect to the internet.

87
00:03:20,510 --> 00:03:23,940
‫So here's your internet gateway, it lives in your VPC.

88
00:03:23,940 --> 00:03:25,490
‫And so the public subnets

89
00:03:25,490 --> 00:03:28,870
‫will have a route to the internet gateway.

90
00:03:28,870 --> 00:03:30,660
‫So your public subnets for example,

91
00:03:30,660 --> 00:03:33,020
‫your EC2 instance in that public subnet,

92
00:03:33,020 --> 00:03:35,210
‫has a route to your internet gateway.

93
00:03:35,210 --> 00:03:37,900
‫And your internet gateway knows how to talk

94
00:03:37,900 --> 00:03:38,770
‫to the internet's,

95
00:03:38,770 --> 00:03:42,250
‫and that's what makes a subnet a public subnet.

96
00:03:42,250 --> 00:03:43,140
‫So public subnets,

97
00:03:43,140 --> 00:03:46,531
‫will have a route direct route to an internet gateway.

98
00:03:46,531 --> 00:03:48,740
‫So now let's take another example.

99
00:03:48,740 --> 00:03:51,430
‫We have our EC2 instance in the private subnets

100
00:03:51,430 --> 00:03:54,290
‫and we want it to also be able to access the internet

101
00:03:54,290 --> 00:03:57,310
‫for example to get updates for software's,

102
00:03:57,310 --> 00:04:00,232
‫but we don't wanna it to be accessible from the internet

103
00:04:00,232 --> 00:04:02,632
‫Don't wanna the internet to be able to reach out

104
00:04:04,261 --> 00:04:05,094
‫to websites on our private subnet.

105
00:04:05,094 --> 00:04:07,967
‫For example, for this we use what's called a NAT gateway,

106
00:04:07,967 --> 00:04:11,280
‫or NAT instance, they do the same thing.

107
00:04:11,280 --> 00:04:15,010
‫They provide nets for your private subnets.

108
00:04:15,010 --> 00:04:17,970
‫But the NAT gateways are managed by AWS,

109
00:04:17,970 --> 00:04:18,950
‫so you don't have to worry

110
00:04:18,950 --> 00:04:21,330
‫about provisioning them and scaling them.

111
00:04:21,330 --> 00:04:23,757
‫Whereas the NAT instances are self managed.

112
00:04:23,757 --> 00:04:27,530
‫And they both allow your instances in your private subnets

113
00:04:27,530 --> 00:04:29,954
‫to access the internet while remaining private.

114
00:04:29,954 --> 00:04:32,180
‫So how does it work,

115
00:04:32,180 --> 00:04:34,170
‫we are going to deploy a NAT gateway

116
00:04:34,170 --> 00:04:37,160
‫or in that instance, in our public subnets.

117
00:04:37,160 --> 00:04:39,180
‫And then we're going to create a route

118
00:04:39,180 --> 00:04:43,440
‫from the private subnet to the NAT instance or gateway.

119
00:04:43,440 --> 00:04:46,990
‫And then that has a route to the internet gateway,

120
00:04:46,990 --> 00:04:48,400
‫because it's in the public subnet,

121
00:04:48,400 --> 00:04:51,170
‫and therefore your private subnets can access

122
00:04:51,170 --> 00:04:54,330
‫through the nuts all the way to the internet.

123
00:04:54,330 --> 00:04:57,470
‫And that's the whole point of Nat gateways.

124
00:04:57,470 --> 00:05:00,210
‫So this is a typical infrastructure.

125
00:05:00,210 --> 00:05:04,120
‫In AWS and the NAT gateways NAT instances

126
00:05:04,120 --> 00:05:06,530
‫will come at play later in this course,

127
00:05:06,530 --> 00:05:09,730
‫when we talk about lambda functions okay,

128
00:05:09,730 --> 00:05:11,520
‫but try to remember this,

129
00:05:11,520 --> 00:05:14,180
‫this is a very simple diagram and feel free again

130
00:05:14,180 --> 00:05:16,240
‫to revisit the section later in this course

131
00:05:16,240 --> 00:05:17,830
‫maybe it will make a lot more sense,

132
00:05:17,830 --> 00:05:20,030
‫but still I wanna to introduce concepts to you.

133
00:05:20,030 --> 00:05:23,030
‫So,I will see you in the next lecture for more UBC concepts.