Any place of purpose, a Home, Office, Institution or Community Centre - All exists for one purpose and the space is designed or divided to suit the needs of performing the tasks & activities, relevant to the purpose. Organized into Rooms, Hallway, Labs etc and likewise is your AWS VPC Subnets
Well, after deciding on a Region to host, an isolated logical network area for the workloads, then comes the most happening place, which is AWS VPC Subnets. Any AWS resource(s), as per the architecture, will be hosted in the designated Virtual Private Network. But the isolation of
i) what resources are public facing i.e., End Users or Public can access ?
A website or any service/application for end users to access
ii) What resources are privately owned & maintained ?
Resources like DB instance, any logical backend, or any resource performing compute or storage with confidential data that has to be retained in private
iii) How new revisions or changes to current architecture or evolution in architecture fits into the existing model ?
New resource additions into the network like storage, lamda, compute for new domains/systems that needs to be logically separate but yet communicate with each other has also to be accounted
iv) How scaling is accommodated ?
Basically all resources get an IP address private and/or public associated with it, so that the resource/compute service can be accessed. The definition of CIDR range allows you scale in your current design and with vision & experience scaling can be achieved
v) How high availability is enforced by hosting resources in multiple availability zones ?
In order to honour high availability, resources has to be hosted in multiple availability zones and this is achieved by creating subnets in each AZ of the Region your resources are hosted
vi) How resources are secured with access & ports ?
All resources in the subnets are classified for access by the external sources by way of ports & protocols. For example, SSH access with port 22
vii) How internet access is controlled or operated ?
Having Internet Gateway in any subnet not only makes the subnet Public but also denotes that resources in that subnet can access internet. Subnets without IG are Private and has no access to internet
viii) How connectivity to on-premise via VPN is established with resources on cloud to communicate ?
A Virtual Private Gateway is created for Subnets to connect to VPN connection
ix) What if the resources are held in private without any connectivity to outer world ?
Subnets will be defined without an Internet Gateway & with no reference to IGW. These are isolated network subnets
All above pointers are controlled by right placement of resources in right subnets
Happy knowing of Subnets !!
Top comments (0)