Amazon Elastic Compute Cloud (EC2) users who want private cloud services from Amazon Web Services' public cloud have an added option on getting there -- through the VPC Internet Gateway.
Since its inception, Amazon's virtual private data center service consisted of accessing EC2 services via a virtual private network (VPN). Workload instances in a virtual private cloud (VPC) were run in an isolated part of EC2 and had no IP facing addresses. Servers, storage, and networking of what a customer designated as his virtual private cloud could be accessed only over the VPN.
In Monday's announcement, EC2 general manager Peter DeSantis said customers may now control access to private EC2 instances through networking configuration decisions made in the cloud itself, rather than by external VPN. "Starting today, enterprises can choose to connect to AWS without a VPN by setting up virtual networks within the AWS cloud that they can control and customize," said Peter De Santis, general manager of Amazon Elastic Compute Cloud.
DeSantis said an enterprise IT manager can define a virtual network topology in an EC2 virtual private cloud that resembles a traditional network in his own data center. Customers are being given control over the virtual network environment, including setting the IP address range, creation of subnetworks, configuration of route tables, and setting of network gateways.
A customer, for example, could create an IP address range that he wished to designate for a virtual private cloud, then within it, designate addresses or a subnet for Web servers serving the public over the Internet, while placing databases or application servers in a private subnet with no Internet access. This outward-facing portion of the virtual private cloud was not previously an option.
Customers may also apply existing security groups and network access control lists to their virtual private cloud workload instances, DeSantis said in the announcement. Data stored in Amazon's S3 long-term storage service can be restricted so that it is accessed only from within the customer's virtual private cloud.
At the same time, under the extended virtual private cloud's operation, a workload in the VPC can be reached directly from the Internet via the customer's Elastic IP Address, an Amazon designation for an account number that can be a proxy for any number of customer workload instances with their own IP addresses behind them.
Customers may also continue to connect via encrypted VPN, if they choose to, DeSantis said.