- [Rudy] Welcome to the video on VPCs, or Virtual Private Cloud. And before you ask yourself what it is, rewind this video. It's literally in the name! But I don't expect you to actually rewind. I mean, what are we in? The 80s? Next thing, you'll be cleaning your VCR and putting on some swanky leg warmers. But, I digress. A VPC, or Virtual Private Cloud, is a way to logically separate your AWS infrastructure from other customers. Think about our bees. We want to create a fort around them, our AWS account, and then go further and isolate them into hives. So if we go into the VPC itself, we want to minimize the risk to our most critical infrastructure. And we can do this with subnets, or a logical subdivision of our IPs. For example, we want our fighter bees, or EC2 instances, to be able to access the internet and be accessed from, so we put them in a public subnet. This is done via NACLs, Not Sonic and NACLs, but network access control lists. These lists contain IPs, which are allowed or denied access to the subnet. They are also stateless, so if you allow something in, you must explicitly allow it out via a rule. Taking our illustration into consideration, you can see we are allowing inbound access on all IPs via the TCP protocol on port 80. And as I mentioned, these rules are stateless, so we need to explicitly add an outbound rule if we want our traffic to be able to return. Now with our queen bee, or RDS cluster, we don't need to allow access via the internet, as it's all handled in the application sitting on our EC2 instance, so we make this a subnet that is private. This means, it's not visible to the internet and our queen is in safer hands behind her private quarters. Now, say you want to go further and protect a single fighter bee, or EC2 instance. You can provision a security group for it. Security groups act as firewalls for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. This fine-grained access is defined by allow rules and looks as follows. In this example, we see that we are allowing SQL traffic to a database server, similar to a NACL. The difference being that security groups are stateful, so return traffic is automatically allowed, regardless of any rules. And, that's it for VPC in this video. Next up, you'll learn about private links.