One VPC or many VPC's
I'm relatively new to AWS and I'm trying to design an infrastructure for my application and I'm wondering if I should use one or multiple VPC's within a single region.
My application consists of a few different stacks. E.g. I have a logging/monitoring stack that is utilising a number of EC2 instances. I also have MongoDB cluster and a RabbitMQ cluster each using a wide number of instances. Next to this I have my actual application stack also consisting of a number of EC2 instances.
My question is, if I should run each of these stacks in a single VPC or each in their own VPC? If I should/can run these stacks in their own VPC, then most of these VPC's should only be accessible to my application. If so, is it then possible/recommended to front each VPC with an ELB or are there other best practises?
Solution 1:
As per Amazon, the things to consider when you decide how many VPC you need are:
- Application isolation
- Scope of audit
- Risk level separation
- Separate prod from non-prod
- Multi-tenant isolation
- Business unit alignment
Solution 2:
VPCs are primarily useful for network segregation, not logical segregation. A good rule of thumb would be to ask yourself, "does this set of services need its own VLAN?" If so, you should probably use a separate VPC. If they need to talk to each other, you probably shouldn't.