Atlas Docs

Virtual Private Cloud (VPC)

Properties1
descriptionDescribes the VPC isolated network environment and its tiers, routing, and components.

2 min read

Virtual Private Cloud (VPC)

A Virtual Private Cloud (VPC) is an isolated network environment within RunAtlas where you can launch resources in a defined virtual network topology. Unlike standard Isolated Networks, a VPC allows you to define multiple subnets (tiers) and control routing between them, mirroring the security and flexibility of a traditional on-premises data centre.

Core Components

VPC Tiers (Subnets)

VPC Tiers segregate your application architecture. For example:

  • Web Tier (Subnet): Hosts public-facing web servers.
  • App Tier (Subnet): Hosts internal application logic; only accessible from Web Tier.
  • Database Tier (Subnet): Hosts databases; no direct internet access.

Network ACLs

Control traffic flow between tiers using Network ACLs. These act as a stateless firewall at the subnet level, allowing or denying specific protocols and ports between your VPC tiers.

VPC Gateway

Each VPC includes a virtual router (VR) that handles:

  • NAT: Network Address Translation for internet access.
  • Port Forwarding: Public access to internal instances.
  • VPN: Site-to-Site VPN connectivity (see Site-to-Site VPN).

The Virtual Router for each network lives in the first usable IP address of the IP range by default. So if your network is 10.90.0.0/24 the VR/Gateway should live at 10.90.0.1.

Creating a VPC

  1. Navigate to Network > VPC.
  2. Click Add VPC.
  3. Name: Provide a unique identifier.
  4. Description: Optional context.
  5. Super CIDR: Define the overall IP range for the VPC (e.g., 10.0.0.0/16). All tier subnets must fall within this range.

Managing Tiers

Once the VPC is created, add networks (tiers) inside it:

  1. Select your VPC.
  2. Click the Networks tab.
  3. Add Network: Define the name and Gateway/Netmask (e.g., 10.0.1.1 / 255.255.255.0).
  4. Network ACL: Associate an ACL list (Default: Allow All).

Connectivity

Instances in a VPC are private by default. To expose services:

  • Public IP: Acquire a Public IP address for the VPC (see Public IP Addresses).
  • Port Forwarding: Map external ports on the Public IP to private ports on specific instances.
  • Load Balancing: Distribute traffic across multiple instances in a tier.

Use Cases

  • Development: Isolate dev/test environments.
  • Production: Multi-tier web applications with strict database security.
  • Compliance: Enforce network segmentation policies.

Backlinks