What is Amazon VPC?
Who uses Amazon VPC?
Amazon VPC Integrations
Why developers like Amazon VPC?
Here are some stack decisions, common use cases and reviews by companies and developers who chose Amazon VPC in their tech stack.
I use AWS Lambda because it is the most mature of the major cloud platforms for serverless functions. The fact that you can add VPC configs at the start is huge from a security perspective. However, it does take a lot of work to configure the Amazon VPC to work with AWS Secrets Manager and Lambda. It's also nice because it works so well with Amazon API Gateway
I typically use it to connect with databases to insert and extract information for downstream analytics.
I won't be surprised if one day the majority of workloads run on this service. Not having to manage and maintain infrastructure is truly a blessing.
In 2010 we made the very difficult decision to entirely re-engineer our existing monolithic LAMP application from the ground up in order to address some growing concerns about it's long term viability as a platform.
Full application re-write is almost always never the answer, because of the risks involved. However the situation warranted drastic action as it was clear that the existing product was going to face severe scaling issues. We felt it better address these sooner rather than later and also take the opportunity to improve the international architecture and also to refactor the database in. order that it better matched the changes in core functionality.
PostgreSQL was chosen for its reputation as being solid ACID compliant database backend, it was available as an offering AWS RDS service which reduced the management overhead of us having to configure it ourselves. In order to reduce read load on the primary database we implemented an Elasticsearch layer for fast and scalable search operations. Synchronisation of these indexes was to be achieved through the use of Sidekiq's Redis based background workers on Amazon ElastiCache. Again the AWS solution here looked to be an easy way to keep our involvement in managing this part of the platform at a minimum. Allowing us to focus on our core business.
Rails ls was chosen for its ability to quickly get core functionality up and running, its MVC architecture and also its focus on Test Driven Development using RSpec and Selenium with Travis CI providing continual integration. We also liked Ruby for its terse, clean and elegant syntax. Though YMMV on that one!
Unicorn was chosen for its continual deployment and reputation as a reliable application server, nginx for its reputation as a fast and stable reverse-proxy. We also took advantage of the Amazon CloudFront CDN here to further improve performance by caching static assets globally.
We tried to strike a balance between having control over management and configuration of our core application with the convenience of being able to leverage AWS hosted services for ancillary functions (Amazon SES , Amazon SQS Amazon Route 53 all hosted securely inside Amazon VPC of course!).
Whilst there is some compromise here with potential vendor lock in, the tasks being performed by these ancillary services are no particularly specialised which should mitigate this risk. Furthermore we have already containerised the stack in our development using Docker environment, and looking to how best to bring this into production - potentially using Amazon EC2 Container Service
VPC launched in mid 2009 as a companion product to the existing EC2 offering, though it quickly became considered to be EC2 2.0, as it remedied many of the commonly accepted EC2 downfalls. At face value, the migration didn’t seem conceptually difficult, as VPC was just another software abstraction on top of the same hardware, yet it was much more complex, with a few main issues:
- You cannot migrate a running instance.
- AWS offers no migration plan.
- EC2 and VPC do not share security groups.
This last point lingered in our heads as we tried to come up with a solution. What would it take to make EC2 and VPC talk to each other as if the security groups could negotiate? It seemed insurmountable: we had thousands of running instances in EC2 and we could not take any downtime. We were looking for a solution that would allow us to migrate at our own pace, moving partial and full tiers as needed, with secure communication between both sides.
So, we created Neti, a dynamic iptables-based firewall manipulation daemon, written in Python, and backed by Zookeeper. Amazon VPC
Our architecture is running in Amazon VPC. That's actually what we started with and we're still very happy with. We’re pretty much tied into the entire platform. Amazon VPC
The DB and some servers on a separate sub-net in the VPC. This ensures access to these servers are denied from any other machine than the VPC. Amazon VPC
Amazon VPC's features
- Create an Amazon Virtual Private Cloud on AWS's scalable infrastructure, and specify its private IP address range from any range you choose.
- Divide your VPC’s private IP address range into one or more public or private subnets to facilitate running applications and services in your VPC.
- Control inbound and outbound access to and from individual subnets using network access control lists.
- Store data in Amazon S3 and set permissions such that the data can only be accessed from within your Amazon VPC.
- Assign multiple IP addresses and attach multiple elastic network interfaces to instances in your VPC.
- Attach one or more Amazon Elastic IP addresses to any instance in your VPC so it can be reached directly from the Internet.
- Bridge your VPC and your onsite IT infrastructure with an encrypted VPN connection, extending your existing security and management policies to your VPC instances as if they were running within your infrastructure.