Virtual private cloud (VPC)
Overview and basic concepts
VPC (Virtual Private Cloud) is a logically isolated virtual network. This virtual network resembles a traditional network in an on-premise data center.
It allows configuring IP address range, creation of subnets, and configuration of route tables and network gateways. Configuring this manually is complicated, time-consuming and error-prone. Stacktape abstracts this complexity away, and in most cases doesn't require you to worry about VPCs at all.
- Certain AWS resources need to be connected to the VPC in order to work (this is enforced by AWS). For stacks that include these resources, Stacktape creates a default VPC and connects the VPC-requiring resources to it.
Communicating with the internet from VPC
- Resources inside a VPC that are connected only to a private subnet can't communicate with the internet (make outbound requests). Resources that need to communicate with the internet can do that using 2 different approaches:
Being connected to a public subnet
- Container workloads and batch jobs are connected to the public subnet by default. This means you can communicate with the internet without any extra effort.
- However, lambda functions can't be connected to the public subnet.
Using a NAT Gateway
- A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.
- NAT Gateway are costly (you pay hourly charges, minimum 33$/month) and also data-processing and data-transfer charges.
- Stacktape currently doesn't use a NAT Gateway for any of its resources.
- To learn more about NAT Gateways, refer to AWS docs.