VPC (Virtual Private Cloud) là mạng ảo cô lập của riêng bạn bên trong AWS — nơi bạn khởi chạy tài nguyên (như EC2 instances) với khả năng kiểm soát dải IP, subnets, routing và bảo mật. Đây là nền tảng mạng cho tài nguyên AWS.
VPC là gì
A VPC is a logically ISOLATED virtual network in AWS that YOU control:
→ define your IP address range (CIDR block, e.g. 10.0.0.0/16)
→ divide it into SUBNETS; control ROUTING and security
→ your resources (EC2, RDS, etc.) live inside it, isolated from other networks
→ Like having your own private network in the cloud.
Các thành phần chính
SUBNET → a segment of the VPC's IP range, placed in one Availability Zone:
PUBLIC subnet → has a route to the internet (via an Internet Gateway) — for
public-facing resources (web servers, load balancers)
PRIVATE subnet → NO direct internet route — for backend resources (databases, app
servers) that shouldn't be publicly reachable
INTERNET GATEWAY → connects the VPC to the internet (for public subnets)
NAT GATEWAY → lets PRIVATE subnet resources reach OUT to the internet (e.g. updates)
without being reachable FROM the internet
ROUTE TABLES → control where traffic goes
SECURITY GROUPS / NACLs → firewalls controlling traffic to resources/subnets
