EventJoin us at AWS re:Invent 2024! Learn how to use MongoDB for AI use cases. Learn more >>

Virtual Private Cloud (VPC) Explained

A virtual private cloud is a flexible and scalable way to securely store and access data and services using the internet gateway. In this article, we will touch upon what VPC is, the benefits of VPC, and how it’s different from a private cloud.

What is a virtual private cloud?

Cloud computing, as we know, refers to the networking facilities like infrastructure, software, or platform, provided remotely over the internet. There are two major types of cloud deployment model: public and private. While in a public cloud, the vendor (like AWS or Azure) hosts the resources, like virtual machines and software, to organizations on a shared basis over publicly available internet. In a private cloud, the organization manages and has exclusive access to the services and data, hosted on the cloud vendor’s infrastructure.

Private Cloud

How a private cloud works


A virtual private cloud is a private network associated with a single cloud account hosted within a public cloud. This means an organization can have a private computing environment in a shared pool of resources. It’s like locking one room of a rented apartment to keep all your confidential items.

Virtual Private Cloud

Virtual Private Cloud is an isolated section in a public cloud


Public clouds contain logically isolated sections, known as availability zones, to host a virtual private cloud. A VPC has a large network and to have more control, the large network is further divided into smaller networks known as subnets. Subnets give the required access and control over the resources in VPC. The main components of a VPC are:

  • IP addresses — VPC instances can have public, private, and elastic IP addresses. Private IP addresses cannot be accessed over the internet and are used to communicate between VPC instances. Public and elastic IPs can be used for communication between instances and the internet.
  • Elastic Network Interface (ENI) — Each instance has a default primary network interface, called the ENI, which has one or more IP addresses, security groups, and a MAC address, and acts as a firewall to connect to private subnets using VPN, while administering other public servers in the usual manner.
  • Route Tables — Every VPC has a default router that routes the traffic to the subnet based on the routes (or rules) defined.
  • Internet Gateway (IGW) — Gateway allows communication between the VPC instances and the internet. For private addresses, the internet gateway provides the Network Address Translation (NAT).
  • NAT — NAT enables the instances of a private subnet to connect to the internet or other services. However, the internet cannot detect or initiate a connection with the instance.
  • Subnets — “Subnet” refers to a set of IP addresses further divided into small groups. Subnetting creates availability zones and isolates one zone from the other zones. Subnet is configured on an IGW to communicate over a virtual private network (VPN) or the internet. Every subnet is linked to a route table to route the traffic.

Basic architecture of VPC

Each VPC consists of Availability zones, subnets and CIDR

What is the difference between a virtual private cloud and a private cloud?

A virtual private cloud is an isolated cloud unit inside a public cloud, which can be accessed only by a single organization. It’s like a private area that no one else can interfere with. The other resources in a public cloud are free for use by multiple tenants (subscribers). In a private cloud, only one subscriber has access over the cloud resources, like the server, virtual machines, applications, and databases. There are no shared resources in a private cloud, whereas since a VPC resides in a public cloud, the resources outside the VPC can be shared by all. In a VPC, resources and servers are handled by the vendor, whereas the organization controls the data and applications through firewalls.

What is the difference between a virtual private cloud and a public cloud?

In a public cloud, all the resources — like virtual machines, databases, and applications — are given on a shared basis and are publicly available. The virtual private cloud resides inside a public cloud, where other than the resources in a VPC, the other resources are publicly available.

The resources inside a VPC are isolated from the other resources. VPCs otherwise work in a similar manner to a private cloud.

Advantages of a virtual private cloud

A virtual private cloud provides flexibility and is scalable at any point. Although private clouds provide more control to the organizations on the resources, they are costly. VPCs cater to the cost component and provide a multi-tenant architecture — with the application and data under the firewall — yet are hosted on a remote cloud server. A VPC provides all the benefits of a private cloud technology, including scalability, security, and flexibility, along with being cost-effective. Some benefits of VPC are:

  • Security — Being a private cloud, a VPC is secure at the instance and subnet levels.
  • Agility — You can deploy resources at any time, scale up and out, and have full control over the network size.
  • Cost-effectiveness — The software, physical servers, and other hardware are managed by the vendor, while the organization can have the benefits of a private cloud.
  • Availability — A VPC offers high availability and redundancy, decreasing the downtime.
  • Flexibility — As cloud resources are deployed on-demand and can be scaled, a VPC is suitable for changing business needs.

When to use a VPC

If your company wants to use public cloud resources and has a limited budget, but also needs some private cloud components, a VPC is a good choice.

MongoDB and VPCs

With MongoDB Atlas, you can directly peer VPCs in your AWS account with the Atlas VPC created for your MongoDB clusters. This way, your application servers will have direct and secure access to MongoDB Atlas managed services, while being isolated from public networks, and your organization can scale the application without managing the database firewall rules.

Conclusion

VPCs are gaining popularity as they’re an affordable alternative for private cloud. VPCs are logically isolated from other virtual networks in a public cloud infrastructure. MongoDB VPC peering provides connection between two VPCs and route traffic using private IP addresses. If your organization needs an isolated unit and virtual network where you can define access rules, subnets, IP addresses, and preferred configurations to communicate with external resources, choose a VPC.

FAQs

What is the difference between a VPN and VPC?

A virtual private network (VPN) is used to access a private network using the internet (or a public infrastructure). A VPN ensures the security and privacy of data through various encryption methods — for example, accessing your company’s network (intranet) from your home.

A virtual private cloud (VPC) is a cloud service that is used to host applications and can be scaled on-demand. VPC allows remote access to any number of virtual machines and servers on the cloud. It’s not restricted by hardware constraints. For example, a company can store confidential data in a VPC while sharing other services in a public cloud.

Is a VPC a server?

No, a VPC is an isolated cloud environment that can have virtual storage, computing resources, and servers in a multi-tenant cloud environment. AWS and Azure are some popular VPC providers.

What is the difference between EC2 and VPC?

EC2 is a service running on AWS. It’s a virtual machine that gives scalability, flexibility, and compute power. EC2 instances run on a single, flat network shared with multiple customers.

A VPC is a logically isolated cloud environment that provides resources like servers, storage, and compute, over a virtual network. A VPC is associated with a single AWS account.

What is a VPC example?

A good example of a VPC could be a public website or web application, where the organization can select the VPC with one subnet for accessing specific resources.

Is a VPC a SaaS?

VPC is not a SaaS, but it can help build SaaS applications through network peering. This enables private access to services across VPC networks in different projects or organizations.

How many VPCs can you have?

AWS allows you to have multiple VPCs in an account. Within a VPC, you can have 50 active VPC peering connections by default, which you can extend up to 125.