AWS-Module 4: Networking Flashcards
What is Amazon virtual private cloud (VPC)
A VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define
The public and private grouping of resources are known as ________ and they are ranges of IP addresses in your VPC.
subnets
What are subnets?
Subnets are chunks of IP addresses in your VPC that allow you to group resources together
(is a section of a VPC that can contain resources such as Amazon EC2 instances)
_________ and networking rule control whether resources are publicly or privately available
Subnets
Subnets are divided into what two types?
Public and private subnets
What is a public subnet?
Contain resources that need to be accessible by the public, such as an online store’s website.
What is a private subnet?
contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories
In a _____, subnets can communicate with each other (regardless if it private or public)
VPC
In order to allow traffic from the public internet to flow into and out of your VPC, you must attach what is called an ______________, to your VPC.
internet gateway, or IGW (An internet gateway is like a doorway that is open to the public.)
When dealing with internal private resources that you want private & only certain people to use then you need a virtual private gateway, and it allows you to create a ________ connection between a private network, like your on-premises data center or internal corporate network to your VPC.
VPN
What is AWS direct connect
is a service that lets you to establish a dedicated private connection between your data center and a VPC.
The public subnets have access to the internet gateway; the private subnets do not & vice versa
What is a packet?
is a unit of data sent over the internet or a network
_________ are messages from the internet, and every _______ that crosses the subnet boundaries gets checked against something called a network access control list or network ACL.
Packets
_________ only gets to evaluate a packet if it crosses a subnet boundary, in or out (It doesn’t evaluate if a packet can reach a specific EC2 instance or not)
network ACL
___________ have their own security groups and by default their security group doesn’t allow any traffic into the instance at all, all ports are blocked, & all IP addresses sending packets are blocked
EC2 Instances
You can modify the instance security to accept certain types of traffic in or out
A __________ is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.
security group
By default, a security group _______ all inbound traffic and allows all outbound traffic.
denies
If you have multiple Amazon EC2 instances within the same VPC, you can associate them with the same _________ or use different ____________ for each instance.
security group
Security groups perform ________ packet filtering. They remember previous decisions made for incoming packets.
stateful
What does it mean to be a stateful security group?
it has some kind of a memory when it comes to who to allow in or out
The network ACL is _________, which remembers nothing and checks every single packet that crosses its border regardless of any circumstances.
the network ACL is stateless, which remembers nothing and checks every single packet that crosses its border regardless of any circumstances.
What is the key difference between security group and network ACL?
The key difference between a security group and a network ACL is the security group is stateful, and the network ACL is stateless
What is network ACL?
A network ACL is a virtual firewall that controls inbound and outbound traffic at the subnet level.
By default, your account’s default network ACL allows ___________, but you can modify it by adding your own rules. For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic to allow.
all inbound and outbound traffic
What is Route 53?
is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications hosted in AWS.
it’s highly available and scalable
What is a DNS?
DNS as a translation service, it translates website names into IP (Internet Protocol) addresses that computers can read
What can Route 53 do?
can direct traffic to different endpoints using several different routing policies, such as latency-based routing, geolocation DNS, geoproximity, and weighted round robin. If we take geolocation DNS, that means we direct traffic based on where the customer is located. So traffic coming from say North America is routed to the Oregon Region, and traffic in Ireland is routed to the Dublin Region, as an example.
Another feature of _________ is the ability to manage the DNS records for domain names. You can register new domain names directly in _________. You can also transfer DNS records for existing domain names managed by other domain registrars. This enables you to manage all of your domain names within a single location.
Route 53
_________ help speed up delivery of website assets to customers
CloudFront
What is content delivery network, or CDN?
is a network that helps to deliver edge content to users based on their geographic location.
What is DNS resolution?
DNS resolution is the process of translating a domain name to an IP address.
Describe how Amazon Route 53 and Amazon CloudFront deliver content
1.A customer requests data from the application by going to ACompany’s website.
2.Amazon Route 53 uses DNS resolution to identify ACompany.com’s corresponding IP address, 192.0.2.0. This information is sent back to the customer.
3.The customer’s request is sent to the nearest edge location through Amazon CloudFront.
4.Amazon CloudFront connects to the Application Load Balancer, which sends the incoming packet to an Amazon EC2 instance.
