In simple words VPC or Virtual Private Cloud is a local area network (LAN) but on a cloud with much more features to provide better security to our application.
Before we get into VPC we need to understand what problem does it solves:
Here is an example of corporate Datacenter. There would be a network layout laid out by the network team which will connect to all the switches and routers and will create their own IP schemes. And we place our servers into those subnets.
Here router is connected to switches and each switch will have its seperate Local Area Network. Each subnet has its own IP range(172.20.1.0/24). Also each machine inside that subnet would have the same range.
Every subnet can communicate with each other if they are connected via a router. If you do not want one subnet to communicate with other subnet, then you can place a NACL(shown in diagram), which will allow/stop the communication between the subnet based on the IP address.
However, when AWS came into market, people were able to create instance and create their data on S3. Due to this there were more questions being asked like, how to decide the IP schemes, how to ensure security, the instance were on few subnets which were able to connect to each other. How to create our own personal network ?
Then AWS came up with VPC.
Architecture of VPC
VPC is simlar to our corporate datacentre. We create a VPC/ Virtual LAN and we create subnets in that as a part of the bigger network and then we place our instances in those subnets. Post that we can decide whether it would be a public or a private network.
Based on the type of network we can provide NACL. NACL is a firewall, just like security group is for the instance. NACL is for the subnets. All these things can be done via VPC to provide more security to our network.
Whenever we create a subnet, a subnet is created in a zone. So as to provide high availability for the network and instances, we can place our instance in different zones.
