AWS VPC (Virtual Private Cloud) is a logically isolated network within the AWS cloud where you can launch your AWS resources securely.
A stateful firewall keeps track of the state of active connections, automatically allowing return traffic.
Traffic in a VPC flows through the following components: Route Tables, Internet Gateway (IGW), Network ACLs and Security Groups.
For a 2-tier architecture, distribute subnets across multiple Availability Zones for redundancy.
To restrict outbound internet access for a specific subnet, remove the route pointing to 0.0.0.0/0 (default route) in the subnet's route table.
Use a NAT Gateway to allow instances in a private subnet to access the internet.
A Load Balancer distributes incoming traffic across multiple targets, such as EC2 instances, containers or IP addresses, ensuring better fault tolerance and high availability.
ASGs automatically adjust the number of EC2 instances based on demand using scaling policies and health checks. This helps save costs.
To create a scalable architecture, create a VPC with public and private subnets, place a Load Balancer in the public subnet, deploy application servers in the private subnets using an Auto Scaling Group.
While Security Groups control access at the instance level, NACLs provide an additional layer of subnet-level security.