Discussion: VPC - Build Your Own Custom VPC Flashcards

1
Q

If I have multiple VPCs created, may I use the same CIDR block, i.e. 10.0.0.0/16 for each VPC?

A

If there’s no peering needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Several questions indicate that in order to make an EC2 instance in a non-default/private subnet, 2-way internet accessible you need to add an elastic IP. Is that because the instance is already running and that’s the only way to add a public IP to a running instance? Specifying “Auto-assign Public IP” at launch time has the same effect, correct?

A

You can assign and unassign IPv4 and IPv6 IP addresses on each network interface. Leave the IP address field blank and an available address will be assigned or enter an IP address that you want to assign. To add or edit an IPv4 public IP Allocate an Elastic IP to this instance or network interface.

Yes I think so ! Elastic IP’s can be allocate to an Private Instance through the Manage IP section even after the Instance is up and running

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In this lecture to access the DB server from the jump host you are copying the private key on to the bastion host. Which is not a safe practice as publicly accessible jump hosts are the first ones to be hacked.

Is there a better way of doing this, like using a combination of IAM role and instance metadata, which gives temporary credentials to access other AWS services?

A

There is a better way indeed. If you connect to the first host with -A, it enables SSH Key forwarding, and your local ssh key will be used to connect to the second host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly