Lecture 13: VPC & Networking Flashcards
- IPv4
- IPv6
What are the two types of IP addresses?
Public networking
IPv4 -Internet protocol version 4 can be used on the _______ internet & EC2 instances gets a new public IP address everytime you stop then start it (default)
Private
________ IPv4 can be used on _________ networks (LAN) such as internal AWS networking & is fixed for EC2 instance even if you stop/start them (keep the same EC2)
_________ allows you to attach a fixed public IPv4 address to EC2 instances
Elastic IP
Public
IPv6 Internet protocol version 6 have every IP address ________
___________ is a private network to deploy your resources
VPC (Virtual private cloud)
_________ allow you to partition your network inside your VPC (availability zone resource)
Subnets
A _______ is a subnet that is accessible from the internet
Public subnet
________ is a subnet that is not accessible from the internet
Private subnet
To define access to the internet and between subnets need to use ________
Route table
________ helps your VPC instance connect with the internet ( public subnets have a route to the internet)
Internet gateway
__________ & ___________ allow your instance in your private subnet to access the internet while remaining private
NAT Gateway & NAT instance
__________ is a firewall which controls traffic from and to subnet, it can allow & deny rules & is attached at the subnet level
NACL (network ACL)
__________ is a firewall that controls traffic to EC2, it’s at the EC2 level and from an ENI/ an EC2 instance and can have only allow rules
Security groups
Return traffic is automatically allowed, regardless of any rules
Security groups are stateful which means what?
Return traffic must be explicitly allowed by rules
Network ACL is stateless which means what?
__________ capture information about IP traffic going into your interfaces such as your ____________, subnet flow logs, and elastic network interface flow logs
VPC Flow logs
__________ connect two VPC privately using AWS network, make them behaves as if they were in the same network
VPC peering
must be established for each VPC that need to communicate with one another
(VPC peering (so if you have VPC A & B peering (talking) to one another n add VPC C n have it peering with VPC A, VPC C wont be able to communicate with VPC B until you peer them)
VPC peering connection _________ for each VPC to communicate with one another
_________ are endpoints that allow you to connect to AWS services using a private network instead of the public www network to give you enhanced security and lower latency to access AWS services
VPC endpoints
S3 & DynamoDB
The VPC Endpoint Gateway is to connect what AWS services to your VPC?
Any of the AWS services
VPC endpoint interface is used to connect what AWS services to your VPC?
____________ is the most secure & scalable way to expose a service to 1000s of VPCs and it doesn’t require VPC peering, internet gateway, etc
AWS privatelink
___________ connects an on-premises VPN to AWS and the connection is automatically encrypted and it goes over the public internet
Site to site VPN
_________ establish a physical connection between on-premises and AWS and the connection is private, secure, and fast and goes over a private network, takes at least a month to establish
Direct connect (DX)
On premise side must use a customer gateway (CGW) and AWS must use a virtual private gateway (VGW) and when those two are create then you can connect them together to create a site to site VPN
To establish a site to site VPN on premises you must use what?
__________ connect from your computer using openVPN to your private network in AWS and on-premises and it allows you to connect to your EC2 instance over a private IP and goes over a public Internet
AWS client VPN
__________ is used to have transitive peering between thousands of VPC and on-premises, hub and spoke (Star) connection (connects thousands of VPC together as well as on-premise structure)
Transit Gateway
