VPC

• Expanding the VPC's IP address capacity

  • It's NOT possible to change/modify the IP address range of an existing VPC or subnet

  • You can do one of the following

    • Add an additional IPv4 CIDR block as a secondary CIDR to your VPC.

    • Create a new VPC with your preferred CIDR block and then migrate the resources from your old VPC to the new VPC (if applicable)

  • You cannot disable IPv4 support for your VPC and subnet

  • You can have both IPv4 and IPv6, but not just IPV6 in your VPC

• VPC sharing

  • Allows multiple AWS accounts (within Same AWS Organization) to create their application resources, such as EC2 , RDS, Redshift clusters, and Lambda functions, into shared, centrally-managed virtual private clouds (VPCs)

  • Use case:

    • EC2 from “Test Account” want to access Redshift cluster in “Prod Account”

• VPC Flow Logs

  • capture information about the IP traffic going to and from network interfaces in your VPC

  • VPC Flow log data can be published to

    • Amazon CloudWatch Logs,

    • Amazon S3

  • Flow logs can be used for

    • Monitoring the traffic that is reaching your instance

    • Diagnosing overly restrictive security group rules

    • Determining the direction of the traffic to and from the network interfaces

NAT Gateway

• NAT Gateway is resilient within a single-AZ (loss of AZ is loss of NAT Gateway)

• Must create multiple NAT Gateway in multiple AZ for fault-tolerance

• Launched in Public subnet, can be used by private instance to connect (routes need to be added) to internet