VPC
Definition
A Virtual Private Cloud (VPC) is a logically isolated network environment within a public cloud, allowing users to define and control a virtualized network infrastructure. It provides the ability to segment resources, manage traffic flow, and enhance security by using subnets, route tables, and network gateways. VPCs enable users to securely connect their cloud resources to on-premises networks or the internet while maintaining control over IP address ranges and network configurations.
Secure Settings Example
resource "aws_vpc" "secure_vpc" {
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "secure-vpc"
}
}
resource "aws_security_group" "secure_sg" {
vpc_id = aws_vpc.secure_vpc.id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["203.0.113.0/24"] # Restrict SSH access to specific IP range
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "secure-sg"
}
}
Insecure Settings Example
resource "aws_vpc" "insecure_vpc" {
cidr_block = "10.0.0.0/16"
enable_dns_support = false
enable_dns_hostnames = false
tags = {
Name = "insecure-vpc"
}
}
resource "aws_security_group" "insecure_sg" {
vpc_id = aws_vpc.insecure_vpc.id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"] # Open SSH access to the entire internet
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "insecure-sg"
}
}