Virtual private cloud (VPC)
VPC (Virtual Private Cloud) is a logically isolated virtual network.
It allows configuring IP address range, creation of subnets, and configuration of route tables and network gateways. Configuring this manually is complicated, time-consuming and error-prone. Stacktape abstracts this complexity away, and in most cases doesn't require you to worry about VPCs at all. This virtual network resembles a traditional network in on-premise data centers.
Certain AWS resources need to be connected to the VPC in order to work (this is enforced by AWS). For stacks that include these resources, Stacktape creates a default VPC.
Communicating with the internet
Resources inside a VPC that are connected only to a private subnet can't communicate with the internet (make outbound requests). Resources that need to communicate with the internet can do that using 2 different approaches:
Being connected to a public subnet
Stacktape creates public subnets for your container workloads and batch jobs by default. This means you can communicate with the internet without any extra effort.
Using NAT Gateway
- A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.
- NAT Gateway are costly (you pay hourly charges, minimum 33$/month) and also data-processing and data-transfer charges.
- Stacktape currently doesn't use a NAT Gateway for any of its resources.
To learn more about NAT Gateways, refer to AWS docs.