Learning AZ, Regions, VPC, subnet and CIDR using Earth example🌍

DevOps Cloud world is like planet Earth 🌍

Earth has Countries, States, Cities 🌐
Cloud has Regions, Availability zones, Data Centers ⛅

Earth has a Home for you, your own space 🏡
Cloud has VPC for you, your own space 📦

Each country has one default Flag 🇮🇳
Each Region has one default VPC 🗳

The home is partitioned into small Rooms 🎛
VPC is partitioned into small Subnets 💠

Each State is mapped to a Pincode 🔢
Each AZ is mapped to a Subnet ❇

If a Country has 12 states, it gonna have its 12 capitals, mapped to the 12 states, inside a one default Country ◀

If a Region has 6 AZ, it gonna have 6 subnets, mapped to those 6 AZs inside 1 default VPC ⏪

Each Room in a Home is mapped to a certain range of services it gives like kitchen, bathroom, hall, bedroom

Each VPC has a CIDR block with an IP range, and each subnet in that VPC is allocated & mapped to that IP range 🕴🏻

For if a VPC has 2 subnets & a CIDR IP range of 1–100,

Then the 2 subnets, will have IP range from 0–50 & 51–100

Each good/product is kept in the bathroom, bedroom, and kitchen as per the service range of that place like soap in the bathroom and rice in the kitchen🍚 🛏

Each Server created in, each subnet has its IPs as per the IP range allocated to the subnet they fall in.

The VPC when created, has a CIDR block of IPs (ex: 10.77.0.0/16)

Now the servers we create inside the Subnet which is inside this VPC

Will have IPs, from range like 10.77.0.5, another ec2 server will have ip like 10.77.0.6 and so on

A subnet is of 2 types: Private and Public Subnet

As we know, a VPC contains many Subnets.

If a VPC is a default one, it will be having 1 or more subnets and
the subnet will be having both local & IGW parts to communicate with the internet.

That’s why when you create an EC2 server in AWS, without doing anything, you can SSH to that server because it has by default an option, ready for communicating with the internet by its default created route tables, subnet type & IGW.

But if a VPC is created by you, then you need to create its subnet, route table & IGW as well.

Now a Public subnet has both local and internet communication options in its route table

But a private subnet has only availability to connect to local target, not the internet world, so it needs a Nat Gateway to initiate a connection to the internet, but an SSH from outside to it, is not available due to security part as private subnet can contain a DB of a project that doesn’t need to be open to the internet

IMP: Public subnet can connect to local as well out world by IGW
But private subnet can only connect to local targets, not internet world

Create a NAT gateway, but attach it to the public subnet, as IGW is allowed in the only public subnet to connect to the internet

Once NAT is created in a public subnet
Go to the Private Subnet route table, edit & attach this NAT gateway, not the “IGW” to the private subnet

Bcz If you add IGW in the route of a private subnet, then it becomes a public subnet, which we don’t want.

And that's all at the moment, this topic can go a lot much deeper, but I wanted to give you all a surface level of VPC, Subnet, Route Table, CIDR, NAT, IGW and all.

If I made any mistake in a try, to sync with the example, do let me know.

If you feel, I made sense in a positive & clear way, do let me know either here or let's connect on Linkedin 🙋🏻‍♂️

And, If you want any personal suggestions or a one-to-one call with me, will be more than happy to have one🌿🌾

Let me know here or on Linkedin !!

Now, Take a deep breath and Go get it🌏

Have awesome learning ahead to all !!

#cloud #learning #vpc #subnetting #CIDR #devops #AWS #Docker #Kubernetes #Terraform #Devops #Skills #Roadmap #WeMakeDevs #WeMakeDevs