EPISODE · May 17, 2026 · 38 MIN
Episode 11: VPC Architecture Deep Dive - Subnets, NAT Gateway & Security Groups vs NACLs | SAA-C03
from AWS Solutions Architect exam prep · host TechTalk With Balu
Complete VPC guide! Subnets, routing, NAT Gateway & Security Groups vs NACLs explained in under 40 mins.🏗️ VPC FUNDAMENTALSCIDR: 10.0.0.0/16 = 65,536 IPs. Cannot change after creation!AWS RESERVES 5 IPs: .0 (network), .1 (router), .2 (DNS), .3 (reserved), .255 (broadcast)Example: /24 = 256 addresses, only 251 usable📊 SUBNETSONE SUBNET = ONE AZ!PUBLIC: Route to IGW (web servers, load balancers)PRIVATE: No IGW route (databases, app servers)🌍 INTERNET GATEWAYBidirectional access. One per VPC. FREE. Need: route + public IP + SG + NACL.🔄 NAT GATEWAYOutbound-only for private instances. In PUBLIC subnet. One per AZ. Cost: $0.045/hr + $0.045/GB.🛣️ ROUTE TABLESPUBLIC: 0.0.0.0/0 → IGWPRIVATE: 0.0.0.0/0 → NAT🔒 SECURITY GROUPS vs NACLs (CRITICAL!)SECURITY GROUPS: STATEFUL, instance-level, ALLOW onlyNACLs: STATELESS, subnet-level, ALLOW/DENYStateful = return traffic auto-allowedStateless = must allow both directions!🔗 VPC PEERINGConnect VPCs. NOT TRANSITIVE! A↔B↔C ≠ A↔C🔌 ENDPOINTSGateway (S3/DynamoDB): FREEInterface (other services): Paid⚠️ 12 TRAPSSG stateful vs NACL statelessPeering not transitiveSubnets = one AZNAT in public subnet5 IPs reservedAnd 7 more!⏱️ TIMESTAMPS00:00 Introduction | 01:00 VPC Fundamentals | 04:00 Subnets | 08:00 IGW | 10:00 NAT | 13:00 Routes | 16:00 SG vs NACL | 22:00 Peering | 25:00 Endpoints | 31:00 Traps#AWS #VPC #SecurityGroups #NACL #SAAC03 #NetworkingTags: AWS, VPC, Networking, Security Groups, NACL, NAT Gateway, Subnets, Solutions Architect, SAA-C03, Cloud Networking, Route Tables, VPC Peering, Stateful, Stateless, AWS Exam, Tech Podcast
What this episode covers
Complete VPC guide! Subnets, routing, NAT Gateway & Security Groups vs NACLs explained in under 40 mins.🏗️ VPC FUNDAMENTALSCIDR: 10.0.0.0/16 = 65,536 IPs. Cannot change after creation!AWS RESERVES 5 IPs: .0 (network), .1 (router), .2 (DNS), .3 (reserved), .255 (broadcast)Example: /24 = 256 addresses, only 251 usable📊 SUBNETSONE SUBNET = ONE AZ!PUBLIC: Route to IGW (web servers, load balancers)PRIVATE: No IGW route (databases, app servers)🌍 INTERNET GATEWAYBidirectional access. One per VPC. FREE. Need: route + public IP + SG + NACL.🔄 NAT GATEWAYOutbound-only for private instances. In PUBLIC subnet. One per AZ. Cost: $0.045/hr + $0.045/GB.🛣️ ROUTE TABLESPUBLIC: 0.0.0.0/0 → IGWPRIVATE: 0.0.0.0/0 → NAT🔒 SECURITY GROUPS vs NACLs (CRITICAL!)SECURITY GROUPS: STATEFUL, instance-level, ALLOW onlyNACLs: STATELESS, subnet-level, ALLOW/DENYStateful = return traffic auto-allowedStateless = must allow both directions!🔗 VPC PEERINGConnect VPCs. NOT TRANSITIVE! A↔B↔C ≠ A↔C🔌 ENDPOINTSGateway (S3/DynamoDB): FREEInterface (other services): Paid⚠️ 12 TRAPSSG stateful vs NACL statelessPeering not transitiveSubnets = one AZNAT in public subnet5 IPs reservedAnd 7 more!⏱️ TIMESTAMPS00:00 Introduction | 01:00 VPC Fundamentals | 04:00 Subnets | 08:00 IGW | 10:00 NAT | 13:00 Routes | 16:00 SG vs NACL | 22:00 Peering | 25:00 Endpoints | 31:00 Traps#AWS #VPC #SecurityGroups #NACL #SAAC03 #NetworkingTags: AWS, VPC, Networking, Security Groups, NACL, NAT Gateway, Subnets, Solutions Architect, SAA-C03, Cloud Networking, Route Tables, VPC Peering, Stateful, Stateless, AWS Exam, Tech Podcast
NOW PLAYING
Episode 11: VPC Architecture Deep Dive - Subnets, NAT Gateway & Security Groups vs NACLs | SAA-C03
No transcript for this episode yet
Similar Episodes
Apr 22, 2025 ·32m
Feb 27, 2025 ·0m
Sep 20, 2024 ·57m
Aug 7, 2024 ·16m