I'm relatively new to AWS and I'm trying to design an infrastructure for my application and I'm wondering if I should use one or multiple VPC's within a single region.

My application consists of a few different stacks. E.g. I have a logging/monitoring stack that is utilising a number of EC2 instances. I also have MongoDB cluster and a RabbitMQ cluster each using a wide number of instances. Next to this I have my actual application stack also consisting of a number of EC2 instances.

My question is, if I should run each of these stacks in a single VPC or each in their own VPC? If I should/can run these stacks in their own VPC, then most of these VPC's should only be accessible to my application. If so, is it then possible/recommended to front each VPC with an ELB or are there other best practises?


Solution 1:

As per Amazon, the things to consider when you decide how many VPC you need are:

  • Application isolation
  • Scope of audit
  • Risk level separation
  • Separate prod from non-prod
  • Multi-tenant isolation
  • Business unit alignment

Solution 2:

VPCs are primarily useful for network segregation, not logical segregation. A good rule of thumb would be to ask yourself, "does this set of services need its own VLAN?" If so, you should probably use a separate VPC. If they need to talk to each other, you probably shouldn't.