Connectivity to AWS Flashcards
What is Amazon Virtual Private Cloud (Amazon VPC)
Network service that a user can establish boundaries around AWS Resources
-Enables a user to provision an isolated section of the AWS cloud.
-Here, a user can launch resources in the virtual network
-Also with VPC, a user can organize their resources into subnets.
What is a Subnet
A section of a VPC that contains resources such as Amazon EC2 instances
Subnets can be public or private.
Subnets can communicate with each other
Like an application from Amazon EC2 instances in a public subnet communicating with a databases that are on the Private subnet.
What is Internet Gateway
Allow public traffic from the internet to access the VPC
-Again, an Internet gateway is a connection between a VPC and the internet.
-Similar to a doorway that customers use to get inside the coffee shop
-No gateway, no access to the resources on VPC
What is Virtual Private Gateway ?
Private access to the private resources
–Like traveling on a road with a bodyguard, the Virtual Private Gateway protects the user as travels on the internet “road”.
–The bodyguard is like virtual private network (VPC) connection that encrypts or (protects) the internet traffic from all other requests around it
–A component that allows protect internet traffic to enter into the VPC
–Traffic jams are still possible as the user’s is using the same road as other individuals
–Again, the Virtual Private Gateway enables a user to establish a Virtual Private Network connection between the VPC and Private network
–The Virtual Private Gateway allows traffic into the VPC only if the coming from an approved network
What is AWS Direct Connect ?
A service that lets a user establish a dedicated private connection between the data center and a VPC
—Like a private hallway of an apartment building linking to the building of the coffee shop
Public Subnets
Contains resources that need to accessible by the public like an online store’s website
Private Subnets
Contains resources that should be accessible only from a private network
-Like a database that contains customer’s personal’s information or order history
Describe a Packet
Unit of data sent over the internet or network
-Packets are sent through the internet gateway
-Any packet entering or exiting a subnet will be check for permissions
-This indicates who the packet was sent from and how the packet is trying to communicate with the resources in the subnet.
What is the Network Access Control List (Network ACL)
Virtual firewall that controls inbound and outbound traffic at the subnet level
Each AWS Account has a default Network ACL
What is Stateless packet filtering ?
Network ACL’s perform stateless packet filtering
-They remember nothing and check every packet that cross the subnet
What is Security Groups ?
Virtual firewall that controls inbound and outbound traffic for Amazon EC2 instance
-VPC Component that checks packets permission from an Amazon EC2 instance
-Denies all inbound traffic and allows all outbound traffic
-A user can customized these rules
Describe Stateful Packet filtering
They remember the previous decision made for incoming packets
This is regardless of inbound security group rules
Security Groups are stateful
What is the Domain Name System (DNS) resolution ?
The DNS resolution is the process of translating the domain name to an IP Address
-Involves the customer DNS Resolver communicating with a company’s DNS Server
Enter the web address into the browser and able to access the website.
–DNS is the phone book of the internet
Example:
–Enter a domain name into the browser
–The request is sent to the customer DNS resolver
–The customers DNS Resolver asks the company’s DNS server for the IP Address that corresponds with that website
What is Amazon Route 53 ?
DNS web service that gives developers and businesses a reliable way to route end users to the internet applications hosted in AWS.
-Connects user request to the infrastructure running in AWS (Amazon EC2 instances or load balancers)
Another feature of Route 53 is the ability to manage the DNS records for domain names. You can transfer DNS records for existing domain names managed by other domain registrars. You can also register new domain names directly in Route 53
