VPC - Atlas Docs

## Virtual Private Cloud (VPC) A Virtual Private Cloud (VPC) is an isolated network environment within RunAtlas where you can launch resources in a defined virtual network topology. Unlike standard [[Guest Networks|Isolated Networks]], a VPC allows you to define multiple subnets (tiers) and control routing between them, mirroring the security and flexibility of a traditional on-premises data centre. ### Core Components #### VPC Tiers (Subnets) VPC Tiers segregate your application architecture. For example: - **Web Tier (Subnet)**: Hosts public-facing web servers. - **App Tier (Subnet)**: Hosts internal application logic; only accessible from Web Tier. - **Database Tier (Subnet)**: Hosts databases; no direct internet access. #### Network ACLs Control traffic flow between tiers using [[Network ACLs]]. These act as a stateless firewall at the subnet level, allowing or denying specific protocols and ports between your VPC tiers. #### VPC Gateway Each VPC includes a virtual router (VR) that handles: - **NAT**: Network Address Translation for internet access. - **Port Forwarding**: Public access to internal instances. - **VPN**: Site-to-Site VPN connectivity (see [[Site-to-Site VPN]]). ### Creating a VPC 1. Navigate to **Network > VPC**. 2. Click **Add VPC**. 3. **Name**: Provide a unique identifier. 4. **Description**: Optional context. 5. **Super CIDR**: Define the overall IP range for the VPC (e.g., `10.0.0.0/16`). All tier subnets must fall within this range. ### Managing Tiers Once the VPC is created, add networks (tiers) inside it: 1. Select your VPC. 2. Click the **Networks** tab. 3. **Add Network**: Define the name and Gateway/Netmask (e.g., `10.0.1.1` / `255.255.255.0`). 4. **Network ACL**: Associate an ACL list (Default: Allow All). ### Connectivity Instances in a VPC are private by default. To expose services: - **Public IP**: Acquire a Public IP address for the VPC (see [[Public IP Addresses]]). - **Port Forwarding**: Map external ports on the Public IP to private ports on specific instances. - **Load Balancing**: Distribute traffic across multiple instances in a tier. ### Use Cases - **Development**: Isolate dev/test environments. - **Production**: Multi-tier web applications with strict database security. - **Compliance**: Enforce network segmentation policies.