Amazon Virtual Private Cloud (VPC) brings a host of advantages to the table, including static private IP addresses, Elastic Network Interfaces, secure bastion host setup, DHCP options, Advanced Network Access Control, predictable internal IP ranges, VPN connectivity, movement of internal IPs and NICs between instances, heightened security, and more. Read on to learn more about some key implementation-related best practices for developers and companies that utilize Amazon VPC. Whether you’re currently maintaining an existing VPC implementation or you’re planning to migrate to the AWS ecosystem, this article will help you identify the top thirteen best practices.
To gain hands-on practice in a virtual networking environment, including the selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways, check out Cloud Academy’s Introduction to Virtual Private Cloud Hands-on Lab. 

1. Choosing the proper VPC configuration for your organization’s needs
Best practices start at the foundation, so you’ll need to select the right architecture for your Amazon VPC implementation.  You’ll want to keep in mind the specific requirements you currently have and those you predict you will need in the future.
It is advisable to design your Amazon VPC implementation based on your expansion requirements looking ahead at least two years.
Today, there are various Amazon VPC setup types available, including:

Public and Private VPC
Public-Facing VPC
Amazon VPC – Private Subnets and Hardware VPN Access
Amazon VPC – Public and Private Subnets and Hardware VPN Access
Software-based VPN access – and so on

You can select whichever configuration best suits your current and future requirements.
2. Choosing a CIDR block for your VPC implementation
When designing your Amazon VPC instance, you must consider the number of IP addresses required and the connectivity type with the data center before choosing the CIDR block. The permissible size of the block ranges between /16 netmask and a /28 netmask.

View Entire Article on