EC2 Networking
Explore how to configure Amazon EC2 networking covering VPCs, public and private subnets, elastic network interfaces, and IP addressing options. Understand how to secure instances using stateful security groups and best practices for inbound and outbound traffic control. This lesson equips you with the knowledge to design flexible and secure network architectures for cloud applications.
Amazon EC2 instances operate within a Virtual Private Cloud (VPC), a logically isolated network in AWS. Within a VPC, we define subnets, which segment our IP address space. These subnets can be either public or private, depending on whether they are connected to an internet gateway.
EC2 instances in public subnets can communicate with the internet if assigned a public IP and properly configured with security groups and route tables. Those in private subnets are typically isolated from the internet and access external services via NAT gateways or instances.
To facilitate internal and external communication, every EC2 instance is associated with an elastic network interface (ENI), which provides network connectivity and manages IP addressing.
IP addressing: Public, private, and elastic IPs
When launching EC2 instances, we deal with three types of IPs:
Private IPs are always assigned. We use private IPs for communication within our VPC (e.g., between tiers of an app).
Public IPs are assigned optionally. These are ephemeral and change if the instance is stopped. These are used for short-term or non-critical internet ...