logoStacktape docs

Virtual private cloud (VPC)


  • VPC (Virtual Private Cloud) is a logically isolated virtual network. This virtual network resembles a traditional network in an on-premise data center.

  • It allows configuring IP address range, creation of subnets, and configuration of route tables and network gateways. Configuring this manually is complicated, time-consuming and error-prone. Stacktape abstracts this complexity away, and in most cases doesn't require you to worry about VPCs at all.

  • Certain AWS resources need to be connected to the VPC in order to work (this is enforced by AWS). For stacks that include these resources, Stacktape creates a default VPC.

Communicating with the internet

Resources inside a VPC that are connected only to a private subnet can't communicate with the internet (make outbound requests). Resources that need to communicate with the internet can do that using 2 different approaches:

Being connected to a public subnet

Stacktape creates public subnets for your container workloads and batch jobs by default. This means you can communicate with the internet without any extra effort.

Using NAT Gateway

  • A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.
  • NAT Gateway are costly (you pay hourly charges, minimum 33$/month) and also data-processing and data-transfer charges.
  • Stacktape currently doesn't use a NAT Gateway for any of its resources.

To learn more about NAT Gateways, refer to AWS docs.