aws-vpc
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseAWS VPC
AWS VPC
Design and manage Virtual Private Cloud networking.
设计并管理虚拟私有云(Virtual Private Cloud)网络架构。
Create VPC
Create VPC
bash
undefinedbash
undefinedCreate VPC
Create VPC
aws ec2 create-vpc --cidr-block 10.0.0.0/16
aws ec2 create-vpc --cidr-block 10.0.0.0/16
Create subnets
Create subnets
aws ec2 create-subnet
--vpc-id vpc-xxx
--cidr-block 10.0.1.0/24
--availability-zone us-east-1a
--vpc-id vpc-xxx
--cidr-block 10.0.1.0/24
--availability-zone us-east-1a
aws ec2 create-subnet
--vpc-id vpc-xxx
--cidr-block 10.0.1.0/24
--availability-zone us-east-1a
--vpc-id vpc-xxx
--cidr-block 10.0.1.0/24
--availability-zone us-east-1a
Create internet gateway
Create internet gateway
aws ec2 create-internet-gateway
aws ec2 attach-internet-gateway --vpc-id vpc-xxx --internet-gateway-id igw-xxx
undefinedaws ec2 create-internet-gateway
aws ec2 attach-internet-gateway --vpc-id vpc-xxx --internet-gateway-id igw-xxx
undefinedNetwork Architecture
Network Architecture
VPC (10.0.0.0/16)
├── Public Subnets
│ ├── 10.0.1.0/24 (us-east-1a)
│ └── 10.0.2.0/24 (us-east-1b)
├── Private Subnets
│ ├── 10.0.11.0/24 (us-east-1a)
│ └── 10.0.12.0/24 (us-east-1b)
├── Internet Gateway
├── NAT Gateway (in public subnet)
└── Route TablesVPC (10.0.0.0/16)
├── Public Subnets
│ ├── 10.0.1.0/24 (us-east-1a)
│ └── 10.0.2.0/24 (us-east-1b)
├── Private Subnets
│ ├── 10.0.11.0/24 (us-east-1a)
│ └── 10.0.12.0/24 (us-east-1b)
├── Internet Gateway
├── NAT Gateway (in public subnet)
└── Route TablesSecurity Groups
Security Groups
bash
aws ec2 create-security-group \
--group-name web-sg \
--description "Web server security group" \
--vpc-id vpc-xxx
aws ec2 authorize-security-group-ingress \
--group-id sg-xxx \
--protocol tcp \
--port 443 \
--cidr 0.0.0.0/0bash
aws ec2 create-security-group \
--group-name web-sg \
--description "Web server security group" \
--vpc-id vpc-xxx
aws ec2 authorize-security-group-ingress \
--group-id sg-xxx \
--protocol tcp \
--port 443 \
--cidr 0.0.0.0/0NAT Gateway
NAT Gateway
bash
undefinedbash
undefinedAllocate EIP
Allocate EIP
aws ec2 allocate-address --domain vpc
aws ec2 allocate-address --domain vpc
Create NAT Gateway
Create NAT Gateway
aws ec2 create-nat-gateway
--subnet-id subnet-public
--allocation-id eipalloc-xxx
--subnet-id subnet-public
--allocation-id eipalloc-xxx
undefinedaws ec2 create-nat-gateway
--subnet-id subnet-public
--allocation-id eipalloc-xxx
--subnet-id subnet-public
--allocation-id eipalloc-xxx
undefinedBest Practices
最佳实践
- Use multiple AZs
- Separate public/private subnets
- Implement VPC Flow Logs
- Use security groups effectively
- Plan CIDR ranges carefully
- 使用多个可用区(AZs)
- 分离公有/私有子网
- 启用VPC流日志(VPC Flow Logs)
- 高效使用安全组
- 谨慎规划CIDR范围
Related Skills
相关技能
- terraform-aws - IaC deployment
- firewall-config - Security
- terraform-aws - 基础设施即代码(IaC)部署
- firewall-config - 安全配置