Now that we’ve learned the basic concepts of networking, let’s see how AWS implements it.

On AWS, we can create Virtual Private Clouds (VPCs) for our internal networks. A Virtual Private Cloud is a virtual private network in Amazon’s data centers that only you have access to. Within this VPC, all your instances and services can communicate with each other, but other AWS customers cannot see them.

VPCs always use IPv4 addresses from the three private IPv4 ranges we learned about in the last lesson. If we create a new VPC, we can specify which IPv4 address range to use by providing a CIDR block.

VPCs span across all availability zones in a region.

Note: VPCs are always free on AWS, but some additional components like gateways cost extra.

Three-tier architecture

In this chapter, we’ll implement a typical three-tier-architecture using VPCs and subnets.

Each tier has a distinct function:

  • The first tier, the presentation layer, is the only publicly reachable component (our ALB load balancers) and therefore resides in a public subnet within our VPC.

  • The second tier, the logic layer, consists of our WordPress EC2 instances and is located in the private subnet.

  • The third tier, the data layer, describes our RDS databases and resides in the private subnet as well.

Building up an application in such a tiered architecture increases security because the public surface area is smaller, and each tier can only access the next one.

Get hands-on with 1200+ tech skills courses.