You create internal private networks, you can create multiple of them like 10.2.0.0/16 so that systems which are related are correlated in network.
10.2.0.0/24When you launch a VM you launch it into a subnet and not directly into VPC so you have to have subnets in your VPC’s. So what you do is that your VPC is cross multiple availability zones and each subnet is in each availability zone.- Subnets are specific to an availability zone.
- Traffic flow from one vpc to somewhere else is with routing to and from the internet - internet gateway allows 2 different networks to share traffic.
- route table - such that traffic routed to vpc goes to gateway.
- internet <-> our gateway <-> our subnet.
Network access control list, firewall for subnets.
“Firewall” for a machine.
Routing –> NACL –> Security groups.