AWS Networking Flashcards
1
Q
VPC Peering
A
- AWS provided connection between two VPCs
- No transitive peering
2
Q
vpc flow logs
A
- information about the IP traffic
- stored using cloudwatchlogs or s3
- vpc, subnet, network interfaces
3
Q
Cloudfront Lambda@edge
A
- used to customize content cloudfront delivers
- viewer request
- origin request
- origin response
- viewer response
4
Q
AWS Cloudfront
A
- Content deliver network (CDN)
- Moves content closer to the User
- Geo Location filtering
- Uses AWS backbone
5
Q
Signed Cookies
A
- provides control over access to content
- doesn’t require a url change
- Used for multiple files
6
Q
Signed URL
A
- Provides control over access to content
- URL updates
- for Individual files
- expires date and time
- IP Ranges
7
Q
CloudFront Origins
A
- Where the content originates
8
Q
AWS Managed VPN
A
- IPsec vpn over your existing network
- quick and simple tunnel to a vpc
- used as redundant for DirectConnect
- Dependent on your INET
9
Q
AWS Direct Connect
A
- Dedicated Network connection to AWS backbone
- when a large link to AWS is required
- Lead time > 1 month
- Not encrypted by default
10
Q
Direct Connected + VPN
A
- Adds IPSec to Direct Connect
- Encrypted tunnels over Direct Connect
11
Q
Cloudfront Edge Locations
A
- 100s located in different parts of the world
- Content is pushed and cached at the edge
12
Q
Software VPN
A
- Customers provide their own VPN
- when you must manage both ends for compliance reasons
- when you must use a vpn option not provided by AWS
13
Q
Transit VPC
A
- For Connecting geographically dispersed VPCs and Locations
- When locations and vpcs across multiple regions need to talk
- Flexibility with AWS managed vpn
- Hub and spoke with vpcs
14
Q
CloudHub
A
- connect locations in hub/spoke using AWS Private Gateway
- Used to link remote offices
- Uses existing INET
15
Q
AWS Security Groups
A
- Instance level
- Can specify allow not deny
16
Q
AWS Default Security groups
A
- Can’t be deleted
- Can Change the rules
17
Q
AWS Subnets
A
- EC2 instance can have 5 subnets
- Will be assigned to default NACL if not assigned to custom NACL
18
Q
VPC Interface endpoint
A
- EC2 in VPC to EC2 in VPC
- Uses ENI with private IP to connected to PrivateLink
- Typical ELB as the connection point in PrivateLink
- Service provider model
- Secured by security groups