Within a region, you’re able to create VPCs. Each VPC contain subnets (networks). Each subnet must be mapped to an AZ. It’s common to have a public ip and private ip subnet. It’s common to have many subnets per AZ.
- Load Balancers
- Static Websites
- Files
- Public Authentication Layers
Private Subnets usually contain:
- Web application servers
- Databases
Public and Private subnets can communicate if they’re in the same VPC
- VPC & Regions aren’t much asked at the developer associate exam
- All new accounts come with a default VPC
- It’s possible to use a VPN to connect to a VPC
- VPC flow logs allow you to monitor the traffic within, in and out of your VPC (useful for security, performance, audit)
- VPC are per Account per Region
- Subnets are per VPC per AZ
- Some AWS resources can be deployed in VPC while others can’t
- You can peer VPC (within or across accounts) to make it look like they’re part of the same network