AWS Components Flashcards
What is Virtual Private Cloud (VPC)
logically segmented network within AWS that allows connected resources to communicate with each other
How does the peer relationship work for VPC?
permits traffic only directly between the two peers and does not provide for any transit capabilities from one peer VPC through another to an external destination
How does the network connectivity work between two VPCs after establishing the VPC peering relationship?
there is two-way network connectivity between the entire IP address block of both VPCs
How does VPC Hub-and-Spoke Model work?
- subscriber VPCs (spokes) use VPC peering with the central VPC (hub) to provide direct communications between the instances in the subscriber VPCs and the instances in the central VPC
- the subscriber VPCs are unable to communicate with each other because this would require transit connectivity through the central VPC, which is not a capability supported by VPC peering
What does AWS do if it sees packets with a source or destination IP address outside of the two peered VPCs
it drops the traffic
What is the role of AWS Transit Gateway?
enables to control communications between VPCs and to connect to on-premises networks via a single gateway
in contrast to VPC peering, which interconnects two VPCs only, what can act as a hub in a hub-and-spoke model for interconnecting VPCs?
Transit Gateway
What is Elastic Network Interface (ENI)?
a logical networking component in a VPC that represents a virtual network card
With which AWS component does the VM-Series integrate to simplify the setup of centralized inspection?
Transit Gateway
When integrating firewall with a Transit Gateway, what is the name of the VPC that is created?
security VPC
How is the traffic inspected in security VPC?
firewalls are deployed in security vpc and they connect to the Transit Gateway via VPC or VPN attachments and all traffic is routed to the VM-Series firewall for inspection
What do security groups provide?
an Layer 4 stateful firewall for control of the source/destination IP addresses and ports that are permitted
How are Security Groups applied?
to an instance’s network interface
Are Security Groups stateful?
yes
How many security groups can be associated to an interface?
up to 5