https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html
🌐 VPC (Virtual Private Cloud): Hướng dẫn chi tiết về Default VPC cho người mới bắt đầu¶
📚 Mục lục¶
- VPC là gì? - Khái niệm cơ bản
- Kiến trúc VPC và Subnet
- Default VPC chi tiết
- So sánh Default VPC vs Custom VPC
- Thực hành với Default VPC
- Bảo mật và hạn chế của Default VPC
- Khi nào nên sử dụng Default VPC
VPC là gì? - Khái niệm cơ bản¶
🏠 Hiểu VPC như một "ngôi nhà" trên cloud¶
Định nghĩa đơn giản: VPC (Virtual Private Cloud) là một mạng riêng ảo mà bạn có thể tạo ra trong AWS, giống như việc xây dựng một ngôi nhà riêng trong một khu đô thị lớn.
Ví dụ thực tế:¶
🏘️ Hình dung VPC như khu dân cư:
AWS Cloud = Thành phố lớn
├── VPC của bạn = Khu dân cư riêng
│ ├── Subnet 1 = Khu A (phòng khách)
│ ├── Subnet 2 = Khu B (phòng ngủ)
│ └── Subnet 3 = Khu C (nhà bếp)
├── VPC của công ty khác = Khu dân cư khác
└── Internet Gateway = Cổng ra vào thành phố
Đặc điểm cốt lõi của VPC:¶
🔐 Tính cô lập (Isolation):
- VPC của bạn hoàn toàn tách biệt với VPC khác
- Không ai có thể truy cập vào VPC của bạn trừ khi được phép
- Giống như rào chắn quanh khu dân cư
🌍 Phạm vi Regional:
- Một VPC chỉ tồn tại trong 1 Region
- Không thể "kéo dài" qua nhiều Region
- Muốn có presence ở nhiều Region = tạo nhiều VPC
🏗️ Kiểm soát hoàn toàn:
- Bạn quyết định ai được vào/ra
- Thiết kế cách các "phòng" kết nối với nhau
- Tự do cấu hình bảo mật theo ý muốn
Tại sao cần VPC?¶
1. Bảo mật và Kiểm soát¶
🛡️ Lợi ích bảo mật:
Không có VPC (shared hosting):
❌ Tài nguyên chung với người khác
❌ Khó kiểm soát access
❌ Rủi ro bảo mật cao
Có VPC (dedicated space):
✅ Tài nguyên hoàn toàn riêng biệt
✅ Kiểm soát chi tiết từng kết nối
✅ Thiết lập firewall rules
✅ Monitor tất cả traffic
2. Tuân thủ quy định pháp luật¶
📋 Compliance requirements:
Ngân hàng/Tài chính:
- Dữ liệu khách hàng phải được cô lập
- Audit trail chi tiết
- Mã hóa end-to-end
Y tế (HIPAA):
- Thông tin bệnh nhân bảo mật
- Access control nghiêm ngặt
- Log mọi hoạt động
GDPR (EU):
- Data residency requirements
- Right to be forgotten
- Data breach notification
3. Kiến trúc phức tạp¶
🏗️ Enterprise architecture:
Multi-tier Application:
- Web servers (public subnet)
- Application servers (private subnet)
- Database servers (isolated subnet)
Microservices:
- Service mesh networking
- Container orchestration
- API gateway integration
Hybrid Cloud:
- On-premises connectivity
- VPN tunnels
- Direct Connect
Kiến trúc VPC và Subnet¶
🏗️ Hiểu về Subnet (Mạng con)¶
Subnet là gì? Subnet là những "phòng" nhỏ bên trong "ngôi nhà" VPC của bạn. Mỗi phòng có một mục đích cụ thể và được đặt ở một "tầng" (Availability Zone) nhất định.
Kiến trúc VPC Multi-AZ:¶
🏢 VPC Architecture Example:
Region: us-east-1 (N.Virginia)
VPC CIDR: 10.0.0.0/16 (65,536 IP addresses)
├── AZ-1 (us-east-1a)
│ ├── Public Subnet: 10.0.1.0/24 (254 IPs)
│ └── Private Subnet: 10.0.4.0/24 (254 IPs)
│
├── AZ-2 (us-east-1b)
│ ├── Public Subnet: 10.0.2.0/24 (254 IPs)
│ └── Private Subnet: 10.0.5.0/24 (254 IPs)
│
└── AZ-3 (us-east-1c)
├── Public Subnet: 10.0.3.0/24 (254 IPs)
└── Private Subnet: 10.0.6.0/24 (254 IPs)
Tại sao cần nhiều Subnet?¶
1. Phân tách chức năng (Separation of Concerns)¶
🎯 Subnet Usage Patterns:
Public Subnets:
Purpose: Tài nguyên cần truy cập từ Internet
Examples:
- Load Balancers
- Web servers
- Bastion hosts
- NAT Gateways
Private Subnets:
Purpose: Tài nguyên nội bộ, không cần Internet access
Examples:
- Application servers
- Database servers
- Internal APIs
- Background processing
Database Subnets:
Purpose: Cô lập hoàn toàn database layer
Examples:
- RDS instances
- ElastiCache clusters
- Document databases
2. Bảo mật theo tầng (Defense in Depth)¶
🛡️ Security Layers:
Internet → Public Subnet:
- WAF (Web Application Firewall)
- DDoS protection
- SSL termination
Public → Private Subnet:
- Network ACLs
- Security Groups
- Application-level authentication
Private → Database Subnet:
- Database authentication
- Encryption at rest
- Query-level authorization
3. High Availability (Tính sẵn sàng cao)¶
⚡ HA Design Pattern:
Load Balancer:
- Deployed across multiple AZs
- Automatic failover
- Health checks
Application Tier:
AZ-1: App Server 1, App Server 2
AZ-2: App Server 3, App Server 4
AZ-3: App Server 5, App Server 6
Database Tier:
AZ-1: Primary database
AZ-2: Standby replica
AZ-3: Read replica
Benefits:
- Single AZ failure = Minimal impact
- Automatic traffic redistribution
- Zero-downtime deployments
CIDR và IP Address Planning:¶
Hiểu về CIDR notation:¶
📊 CIDR Examples:
10.0.0.0/16:
- Network: 10.0.0.0
- Subnet mask: 255.255.0.0
- Total IPs: 65,536
- Usable IPs: 65,531 (AWS reserves 5)
10.0.1.0/24:
- Network: 10.0.1.0
- Subnet mask: 255.255.255.0
- Total IPs: 256
- Usable IPs: 251 (AWS reserves 5)
AWS Reserved IPs in each subnet:
- .0: Network address
- .1: VPC router
- .2: DNS server
- .3: Future use
- .255: Broadcast (not used but reserved)
Best Practices cho IP Planning:¶
💡 IP Planning Strategy:
Small Organization (< 1000 instances):
VPC: 10.0.0.0/16
Public subnets: 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24
Private subnets: 10.0.11.0/24, 10.0.12.0/24, 10.0.13.0/24
Medium Organization (< 10,000 instances):
VPC: 10.0.0.0/16
Public subnets: 10.0.0.0/20, 10.0.16.0/20, 10.0.32.0/20
Private subnets: 10.0.128.0/20, 10.0.144.0/20, 10.0.160.0/20
Large Organization (> 10,000 instances):
Multiple VPCs with VPC Peering
VPC-1: 10.0.0.0/16 (Production)
VPC-2: 10.1.0.0/16 (Staging)
VPC-3: 10.2.0.0/16 (Development)
Default VPC chi tiết¶
🎯 Đặc điểm của Default VPC¶
Default VPC là "ngôi nhà có sẵn" mà AWS tặng bạn khi mở tài khoản. Nó được thiết kế để bạn có thể sử dụng ngay lập tức mà không cần cấu hình gì.
Cấu hình cố định của Default VPC:¶
📋 Default VPC Specifications:
CIDR Block: 172.31.0.0/16
- Luôn luôn là dải IP này, không thay đổi
- Cung cấp 65,536 địa chỉ IP
- Không trùng với IP private thông thường (10.x.x.x, 192.168.x.x)
Number of Subnets:
- Tự động tạo 1 subnet cho mỗi AZ trong Region
- us-east-1: 6 subnets (6 AZs)
- us-west-2: 4 subnets (4 AZs)
- ap-southeast-1: 3 subnets (3 AZs)
Subnet CIDR Pattern:
- AZ-a: 172.31.0.0/20 (4,096 IPs)
- AZ-b: 172.31.16.0/20 (4,096 IPs)
- AZ-c: 172.31.32.0/20 (4,096 IPs)
- AZ-d: 172.31.48.0/20 (4,096 IPs)
- AZ-e: 172.31.64.0/20 (4,096 IPs)
- AZ-f: 172.31.80.0/20 (4,096 IPs)
Internet Connectivity sẵn có:¶
🌐 Default Internet Setup:
Internet Gateway (IGW):
- Tự động attached vào Default VPC
- Cho phép kết nối two-way với Internet
- Không có additional cost
Route Table:
- Main route table tự động cấu hình
- Default route: 0.0.0.0/0 → Internet Gateway
- Local route: 172.31.0.0/16 → local
Auto-assign Public IP:
- Mọi subnet đều enable auto-assign public IP
- EC2 instances tự động có public IP
- Có thể truy cập từ Internet ngay lập tức
So sánh Default VPC giữa các Region:¶
🌍 Regional Consistency:
us-east-1 (N.Virginia):
- AZs: 6 (a, b, c, d, e, f)
- Subnets: 6
- CIDR: 172.31.0.0/16
ap-southeast-1 (Singapore):
- AZs: 3 (a, b, c)
- Subnets: 3
- CIDR: 172.31.0.0/16
eu-west-1 (Ireland):
- AZs: 3 (a, b, c)
- Subnets: 3
- CIDR: 172.31.0.0/16
Consistency:
✅ Same CIDR block across all regions
✅ Same auto-configuration
✅ Same default security settings
❌ Different number of subnets (based on AZ count)
Default Security Configuration:¶
🔒 Security Settings:
Default Security Group:
Name: "default"
Inbound Rules:
- Allow all traffic from same security group
- Block all traffic from Internet by default
Outbound Rules:
- Allow all traffic to anywhere (0.0.0.0/0)
Default Network ACL:
Inbound Rules:
- Allow all traffic (0.0.0.0/0)
Outbound Rules:
- Allow all traffic (0.0.0.0/0)
🚨 Security Implications:
- Instances can communicate with each other freely
- Outbound Internet access allowed by default
- Inbound Internet access blocked by security group
- Network ACL is permissive (not restrictive)
So sánh Default VPC vs Custom VPC¶
📊 Bảng so sánh chi tiết¶
🆚 Default VPC vs Custom VPC:
Ease of Use:
Default VPC: ⭐⭐⭐⭐⭐
- Ready to use immediately
- No configuration needed
- Perfect for beginners
Custom VPC: ⭐⭐⭐
- Requires planning and setup
- Need to understand networking
- More complex initial setup
Flexibility:
Default VPC: ⭐⭐
- Fixed CIDR block
- Limited customization
- Cannot change fundamental settings
Custom VPC: ⭐⭐⭐⭐⭐
- Choose your own CIDR
- Full control over all settings
- Unlimited customization
Security:
Default VPC: ⭐⭐⭐
- Basic security
- All subnets are public-facing
- Good for development/testing
Custom VPC: ⭐⭐⭐⭐⭐
- Private by default
- Granular security controls
- Production-ready security
Cost:
Default VPC: ⭐⭐⭐⭐⭐
- No additional VPC charges
- Minimal data transfer costs
- Cost-effective for simple setups
Custom VPC: ⭐⭐⭐⭐
- May need NAT Gateways ($45/month each)
- Additional data transfer costs
- More expensive for complex architectures
Khi nào sử dụng từng loại:¶
Default VPC - Use Cases:¶
✅ Ideal for:
Learning & Development:
- AWS certification study
- POC (Proof of Concepts)
- Personal projects
- Quick prototyping
Simple Applications:
- Single-tier applications
- Development environments
- Testing environments
- Internal tools
Time-constrained Projects:
- Hackathons
- Rapid prototyping
- Demo applications
- MVPs with simple requirements
Custom VPC - Use Cases:¶
✅ Required for:
Production Environments:
- Enterprise applications
- Customer-facing services
- Compliance-sensitive data
- Mission-critical systems
Complex Architectures:
- Multi-tier applications
- Microservices
- Hybrid cloud setups
- Multi-region deployments
Security Requirements:
- Financial services
- Healthcare applications
- Government systems
- PCI DSS compliance
Specific Networking Needs:
- Custom IP ranges
- VPN connections
- Network peering
- Advanced routing
Thực hành với Default VPC¶
🛠️ Lab 1: Khám phá Default VPC¶
Bước 1: Kiểm tra Default VPC hiện tại¶
# Sử dụng AWS CLI để list VPCs
aws ec2 describe-vpcs --profile general-admin
# Tìm Default VPC
aws ec2 describe-vpcs \
--filters "Name=isDefault,Values=true" \
--profile general-admin
Expected Output:
{
"Vpcs": [
{
"CidrBlock": "172.31.0.0/16",
"DhcpOptionsId": "dopt-12345678",
"State": "available",
"VpcId": "vpc-12345678",
"OwnerId": "123456789012",
"InstanceTenancy": "default",
"IsDefault": true,
"Tags": []
}
]
}
Bước 2: Kiểm tra Subnets¶
# List all subnets trong Default VPC
aws ec2 describe-subnets \
--filters "Name=vpc-id,Values=vpc-12345678" \
--profile general-admin
# Check số lượng subnets theo AZ
aws ec2 describe-availability-zones \
--profile general-admin
Bước 3: Kiểm tra Internet Gateway¶
# List Internet Gateways
aws ec2 describe-internet-gateways \
--filters "Name=attachment.vpc-id,Values=vpc-12345678" \
--profile general-admin
Lab 2: Deploy ứng dụng đơn giản trong Default VPC¶
Tạo EC2 instance trong Default VPC:¶
🖥️ EC2 Instance Configuration:
Instance Details:
AMI: Amazon Linux 2
Instance Type: t3.micro
Key Pair: Create new or use existing
Network Settings:
VPC: Default VPC (auto-selected)
Subnet: Default subnet in AZ-1a
Auto-assign Public IP: Enable (default)
Security Group:
Name: web-server-sg
Rules:
- HTTP (port 80): 0.0.0.0/0
- SSH (port 22): Your IP only
- HTTPS (port 443): 0.0.0.0/0
User Data Script:¶
```bash name=install-web-server.sh
!/bin/bash¶
yum update -y yum install -y httpd systemctl start httpd systemctl enable httpd
Create simple web page¶
cat <
🚀 Welcome to My AWS Web Server!
Server Information:
Instance ID: $(curl -s http://169.254.169.254/latest/meta-data/instance-id)
Availability Zone: $(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone)
Public IP: $(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)
Private IP: $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
🎯 This server is running in AWS Default VPC!
Deploy time: $(date)
EOF
#### **Test connectivity:**
```bash
# Test from local machine
curl http://[PUBLIC-IP]
# SSH to instance
ssh -i your-key.pem ec2-user@[PUBLIC-IP]
# Check networking from inside instance
curl http://169.254.169.254/latest/meta-data/
Lab 3: Xóa và tạo lại Default VPC¶
⚠️ Cảnh báo quan trọng:¶
🚨 Before Deleting Default VPC:
Backup checklist:
- [ ] List all EC2 instances in Default VPC
- [ ] Check for RDS instances
- [ ] Verify Load Balancers
- [ ] Document any custom security groups
- [ ] Note down any custom route tables
Impact of deletion:
- All resources in Default VPC will lose connectivity
- Cannot launch instances without VPC selection
- Need to specify VPC/subnet for all future launches
Xóa Default VPC:¶
📋 Deletion Process:
Via AWS Console:
1. VPC Dashboard → Your VPCs
2. Select Default VPC
3. Actions → Delete VPC
4. Type "delete" to confirm
Via AWS CLI:
# First, terminate all instances
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0
# Delete VPC
aws ec2 delete-vpc --vpc-id vpc-12345678
Tạo lại Default VPC:¶
🔄 Recreation Process:
Via AWS Console:
1. VPC Dashboard → Your VPCs
2. Actions → Create Default VPC
3. Confirm creation
Via AWS CLI:
aws ec2 create-default-vpc --profile general-admin
Verification sau khi tạo lại:
# Verify new Default VPC
aws ec2 describe-vpcs \
--filters "Name=isDefault,Values=true" \
--profile general-admin
# Check new subnets
aws ec2 describe-subnets \
--filters "Name=defaultForAz,Values=true" \
--profile general-admin
Bảo mật và hạn chế của Default VPC¶
🚨 Các vấn đề bảo mật¶
1. Tất cả Subnets đều Public¶
⚠️ Public Subnet Risks:
Auto-assign Public IP:
Problem: Tất cả instances tự động có public IP
Risk: Expose unnecessary attack surface
Impact: Increased vulnerability to internet-based attacks
Internet Gateway:
Problem: Direct internet connectivity for all subnets
Risk: No network-level isolation
Impact: Harder to implement defense-in-depth
Example Attack Scenario:
1. Attacker scans public IP ranges
2. Finds open port on EC2 instance
3. Exploits vulnerability in application
4. Gains direct access to production system
2. Overly Permissive Network ACLs¶
🔓 Network ACL Issues:
Default NACL Rules:
Inbound: Allow ALL traffic from 0.0.0.0/0
Outbound: Allow ALL traffic to 0.0.0.0/0
Security Problems:
- No port-level filtering
- No protocol restrictions
- Cannot implement network segmentation
Best Practice Violation:
- Should deny by default
- Should allow only necessary traffic
- Should implement least privilege
3. Shared Security Group Pattern¶
🔐 Security Group Concerns:
Default Security Group:
- All instances use same security group
- Self-referencing rules allow internal communication
- Difficult to implement proper micro-segmentation
Problems:
Web Server ↔ Database Server:
Current: Full communication allowed
Should be: Only port 3306 MySQL allowed
App Server ↔ Cache Server:
Current: All ports accessible
Should be: Only Redis port 6379
Thực tế Security Incidents:¶
Case Study 1: Exposed Database¶
📰 Real-world Example:
Scenario:
- Developer launches RDS in Default VPC
- RDS gets public IP automatically
- Security group misconfigured
- Database exposed to internet
Timeline:
Day 1: RDS launched in default subnet
Day 3: Port 3306 accidentally opened to 0.0.0.0/0
Day 7: Automated scanner finds exposed database
Day 8: Data breach discovered
Damage:
- 100,000 customer records stolen
- $500,000 GDPR fine
- 6 months to recover reputation
Prevention with Custom VPC:
- Database in private subnet
- No internet gateway access
- Security groups with specific rules only
Case Study 2: Lateral Movement Attack¶
🎯 Attack Chain:
Initial Compromise:
- Web server compromised via application vulnerability
- Attacker gains shell access to EC2 instance
Lateral Movement:
Default VPC allows easy movement:
1. Scan other instances in same security group
2. Access database server directly
3. Extract sensitive data
4. Access internal APIs
Impact Amplification:
- Single point of compromise
- No network segmentation
- Full environment access
Custom VPC Prevention:
- Web servers in public subnet
- App servers in private subnet
- Database in isolated subnet
- Strict security group rules
Compliance và Audit Issues:¶
📋 Compliance Challenges:
PCI DSS Requirements:
❌ Default VPC violations:
- No network segmentation
- Overly broad access rules
- No traffic monitoring
✅ Custom VPC compliance:
- Isolated cardholder data environment
- Restricted network access
- Comprehensive logging
SOC 2 Requirements:
❌ Default VPC issues:
- Insufficient access controls
- No change management for network
- Limited monitoring capabilities
✅ Custom VPC benefits:
- Granular access controls
- Change tracking for network configs
- Detailed network monitoring
HIPAA Requirements:
❌ Default VPC problems:
- PHI potentially exposed to internet
- No proper access logging
- Insufficient encryption controls
✅ Custom VPC solutions:
- Private subnets for PHI storage
- Comprehensive audit trails
- Network-level encryption
Khi nào nên sử dụng Default VPC¶
🎯 Appropriate Use Cases¶
1. Learning và Development¶
📚 Educational Purposes:
AWS Certification Study:
✅ Perfect for:
- Learning EC2 basics
- Understanding security groups
- Practicing CLI commands
- Quick lab setups
Benefits:
- No networking knowledge required
- Focus on service features
- Rapid iteration
- Cost-effective learning
Personal Projects:
✅ Good for:
- Portfolio websites
- Personal blogs
- Side projects
- Hobby applications
Considerations:
- Not handling sensitive data
- Limited user base
- Non-commercial use
2. Proof of Concepts (POC)¶
🧪 POC Requirements:
Time-constrained Evaluation:
Scenario: "Evaluate AWS in 2 weeks"
Solution: Use Default VPC for rapid deployment
Benefits:
- Immediate productivity
- Focus on application logic
- Quick win demonstration
- Minimal learning curve
Technology Evaluation:
Examples:
- Testing new database engines
- Evaluating container platforms
- Comparing machine learning services
- Performance benchmarking
3. Development Environments¶
🔧 Dev Environment Strategy:
Individual Developer Workspaces:
Each developer gets:
- Separate AWS account
- Default VPC for isolation
- Full admin access
- Cost controls via budgets
Benefits:
- Rapid environment setup
- No networking bottlenecks
- Self-service capabilities
- Isolated testing
Example Setup:
Developer: john@company.com
Account: dev-john-123456789
Environment: Default VPC
Resources: Full access within budget
❌ When NOT to use Default VPC¶
1. Production Workloads¶
🚫 Production Exclusions:
Customer-facing Applications:
Reasons to avoid:
- Security vulnerabilities
- No disaster recovery
- Limited monitoring
- Compliance violations
Financial Services:
Regulatory requirements:
- PCI DSS compliance
- SOX compliance
- Data encryption standards
- Network segmentation
Healthcare Applications:
HIPAA requirements:
- PHI protection
- Access logging
- Encryption in transit/rest
- Audit capabilities
2. Multi-tier Applications¶
🏗️ Complex Architecture Needs:
3-tier Web Application:
Web Tier: Public subnet, internet-facing
App Tier: Private subnet, internal only
DB Tier: Isolated subnet, no internet
Default VPC problems:
- All tiers in public subnets
- No proper isolation
- Security group limitations
- No fine-grained control
Microservices Architecture:
Requirements:
- Service mesh networking
- Container orchestration
- API gateway integration
- Cross-service authentication
Default VPC limitations:
- Insufficient network controls
- No service discovery
- Limited load balancing options
🔄 Migration Strategy¶
From Default VPC to Custom VPC:¶
📋 Migration Planning:
Phase 1: Assessment (Week 1)
- [ ] Inventory all resources in Default VPC
- [ ] Document current network dependencies
- [ ] Identify security requirements
- [ ] Plan new VPC architecture
Phase 2: Design (Week 2)
- [ ] Design Custom VPC topology
- [ ] Plan IP addressing scheme
- [ ] Design security group strategy
- [ ] Create migration timeline
Phase 3: Build (Week 3-4)
- [ ] Create Custom VPC
- [ ] Set up subnets and routing
- [ ] Configure security groups
- [ ] Test connectivity
Phase 4: Migration (Week 5-6)
- [ ] Create new resources in Custom VPC
- [ ] Migrate data and configurations
- [ ] Update DNS and load balancers
- [ ] Decommission Default VPC resources
Phase 5: Validation (Week 7)
- [ ] End-to-end testing
- [ ] Performance validation
- [ ] Security assessment
- [ ] Documentation update
Migration Tools và Techniques:¶
🛠️ Migration Approaches:
Blue-Green Deployment:
Blue: Current Default VPC environment
Green: New Custom VPC environment
Switch: DNS/Load Balancer cutover
Benefits:
- Zero downtime migration
- Easy rollback capability
- Risk mitigation
- Parallel testing
Lift and Shift:
Process:
1. Create AMI snapshots
2. Launch in Custom VPC
3. Update configurations
4. Switch traffic
Considerations:
- Application state management
- Database migration
- Integration dependencies
Gradual Migration:
Approach:
- Migrate non-critical services first
- Test extensively
- Move critical services last
- Maintain hybrid setup temporarily
💡 Tóm tắt và Điểm mấu chốt¶
Key Takeaways:¶
🎯 Nguyên tắc sử dụng Default VPC:
✅ DO sử dụng khi:
- Học AWS và certification
- POC và prototype nhanh
- Development environment cá nhân
- Testing và experimentation
- Budget hạn chế
- Thời gian setup ngắn
❌ DON'T sử dụng khi:
- Production workloads
- Multi-tier applications
- Compliance requirements
- Sensitive data processing
- Enterprise environments
- Customer-facing services
Next Steps cho người mới:¶
📋 Learning Path:
Week 1: Default VPC Mastery
- [ ] Explore Default VPC trong nhiều regions
- [ ] Deploy simple applications
- [ ] Practice with security groups
- [ ] Understand networking basics
Week 2: Custom VPC Foundation
- [ ] Learn về CIDR và subnetting
- [ ] Understand routing concepts
- [ ] Study NAT Gateways
- [ ] Practice VPC design
Week 3: Advanced Networking
- [ ] VPC Peering
- [ ] Transit Gateway
- [ ] Direct Connect
- [ ] VPN connections
Week 4: Security Deep Dive
- [ ] Network ACLs vs Security Groups
- [ ] Flow Logs analysis
- [ ] VPC Endpoints
- [ ] AWS PrivateLink
Common Mistakes to Avoid:¶
⚠️ Frequent Pitfalls:
Misconceptions:
❌ "Default VPC is production-ready"
❌ "Security groups are enough for production"
❌ "One VPC fits all use cases"
❌ "Default settings are optimized"
Better Understanding:
✅ Default VPC is for learning/testing
✅ Production needs Custom VPC
✅ Different workloads need different VPCs
✅ Always customize for your requirements