logoStacktape docs

Virtual private cloud (VPC)

Overview and basic concepts

  • VPC (Virtual Private Cloud) is a logically isolated virtual network. This virtual network resembles a traditional network in an on-premise data center.

  • It allows configuring IP address range, creation of subnets, and configuration of route tables and network gateways. Configuring this manually is complicated, time-consuming and error-prone. Stacktape abstracts this complexity away, and in most cases doesn't require you to worry about VPCs at all.

Default VPC

  • Certain AWS resources need to be connected to the VPC in order to work (this is enforced by AWS). For stacks that include these resources, Stacktape creates a default VPC and connects the VPC-requiring resources to it.

Communicating with the internet from VPC

  • Resources inside a VPC that are connected only to a private subnet can't communicate with the internet (make outbound requests). Resources that need to communicate with the internet can do that using 2 different approaches:

Being connected to a public subnet

  • Container workloads and batch jobs are connected to the public subnet by default. This means you can communicate with the internet without any extra effort.
  • However, lambda functions can't be connected to the public subnet.

Using a NAT Gateway

  • A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.
  • NAT Gateway are costly (you pay hourly charges, minimum 33$/month) and also data-processing and data-transfer charges.
  • Stacktape currently doesn't use a NAT Gateway for any of its resources.
  • To learn more about NAT Gateways, refer to AWS docs.