Virtual private cloud (VPC)
VPC (Virtual Private Cloud) is a logically isolated virtual network. This virtual network resembles a traditional network in an on-premise data center.
It allows configuring IP address range, creation of subnets, and configuration of route tables and network gateways. Configuring this manually is complicated, time-consuming and error-prone. Stacktape abstracts this complexity away, and in most cases doesn't require you to worry about VPCs at all.
Certain AWS resources need to be connected to the VPC in order to work (this is enforced by AWS). For stacks that include these resources, Stacktape creates a default VPC.
Communicating with the internet
Resources inside a VPC that are connected only to a private subnet can't communicate with the internet (make outbound requests). Resources that need to communicate with the internet can do that using 2 different approaches:
Being connected to a public subnet
Stacktape creates public subnets for your container workloads and batch jobs by default. This means you can communicate with the internet without any extra effort.
Using NAT Gateway
- A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.
- NAT Gateway are costly (you pay hourly charges, minimum 33$/month) and also data-processing and data-transfer charges.
- Stacktape currently doesn't use a NAT Gateway for any of its resources.
To learn more about NAT Gateways, refer to AWS docs.