10. VPC Flashcards
What is a VPC?
Virtual Private Network
- a private network to deploy your resources (regional resource)
What is a public subnet?
A subnet that is accessible from the internet
What is a private subnet?
A subnet that is not accessible from the internet
What do you use to define access to the internet and between subnets?
Route Tables
What is an internet gateway?
VPC component that allows communication between your VPC and the internet
NAT Gateways are ___-managed
NAT Gateways are AWS-managed
NAT Instances are ___-managed
NAT Instances are self-managed
What do NAT Gateways and NAT Instances do?
They allow your instances in private subnets to access the internet while remaining private
What is a NACL?
Network ACL
- a firewall which controls traffic from and to a subnet
- can have ALLOW and DENY rules
- rules only include IP addresses
What is a Security Group?
- a firewall that controls traffic to and from an ENI / an EC2 Instance
- can only have ALLOW rules
- rules include IP addresses and other security groups
What do VPC Flow Logs do?
- capture information about IP traffic going into your interfaces
- help to monitor and troubleshoot connectivity issues
What is VPC Peering?
- VPC peering connects to VPCs privately using AWS’ network
- make them behave as if they were in the same network
- cannot have overlapping CIDR
Is a VPC Peering connection transitive?
No.
You must establish a connection for each VPC that need to communicate with one another (i.e. a connection from A to B and B to C does not allow A to communicate with C)
What are VPC Endpoints?
Endpoints allow you to connect to AWS services using a private network instead of the public www network
- provides enhanced security and lower latency
- only used within your VPC
What are the two types of VPC endpoints?
- Interface endpoints
- Gateway endpoints
