Module 1: AWS Networking services

Question 1

What is VPC?

Answer 1

Is a virtual Private Network that englobe some of your services in aws and allow them to connect with internet or other applications.

Question 2

What is AWS Private Link?

Answer 2

Is a network service that allows your VPC, on premise infrastructure and other AWS services to connect without exposing them to internet connection. This service also helps you to configure connections more easy because you don’t need to use internet gateways, route tables, VPC peering and other services in other to connect your services. Demo: https://www.youtube.com/watch?v=0bHXWIM4_0o&ab_channel=Pythoholic

Question 3

What is VPC peering?

Answer 3

Is a network connection that is used to connect two VPC allowing IPV4 or IPV6 traffic between. This helps you to avoid internet or other sources to connect your VPCs or to connect your VPCs with other AWS account’s VPC. Demo : https://www.youtube.com/watch?v=w-5lSvqSkjs&ab_channel=Pythoholic

Question 4

What is VPC subnet?

Answer 4

A subnet is a group of IPV4 or IPV6 IPS that are connected between them in order to do a specific task. Demo: https://www.youtube.com/watch?v=IncOrb4yhgU&ab_channel=TomGregory

Question 5

What is a VPC public subnet?

Answer 5

A public subnet is connected to internet thanks to an internet gateway, the services that are associated with public subnets in general a client oriented services like web pages because we need clients to interact with those services.

Question 6

What is VPC private Subnet?

Answer 6

A private subnet is a network that is not connected to the internet an for that reason is not connected with an internet gateway. if we want to connect private subnet with internet we use a NAT gateway. We use private subnets to things we want to use in corporate environment and things we don’t want to show to the public, for example a database or confidential information.

Question 7

Does all IP’s are allowed in AWS?

Answer 7

All IPS are allowed but for every amount of IP we have to reserve 4 IPS. One for broadcasting, other because is the IP of the network and obviously the IP for the gateway.

Question 8

What is AWS Direct Connect?

Answer 8

Is a Networking service that help you to connect your on service infrastructure with AWS direct connect routers in order to access to all AWS services without internet.

Question 9

What is Routing and what is a Route table?

Answer 9

Routing is the process of organizing the connections inside a Network. A Route table is created in your VPC subnets to organize the traffic and destination of your Network, the route table has two columns “|Destination|Target|” for example if we want to connect to internet the destination would be “0.0.0.0/0” and the target is the internet gateway name of the VPC because we are using this to connect to internet.

Question 10

What is a security group?

Answer 10

Is a subnet security option that acts like a firewall that allows inbound or outbound traffic for your instance. Every VPC comes with a default security group that deny inbound traffic but allows out bound traffic. You can’t create deny rules for security groups. Demo: https://www.youtube.com/watch?v=ATeu9UEUx6w&ab_channel=Pythoholic

Question 11

What is a network access control list?

Answer 11

A network ACL is a subnet security option that allow inbound or outbound traffic for an specific subnet. Each subnet only can have an ACL and this ACL is in charge to allow or deny traffic in your subnet. An ACL inspect not only the traffic that comes to you subnet but also inspect the traffic that go to outside form your subnet. Demo: https://www.youtube.com/watch?v=FILtmSzLy0A&ab_channel=JuanGuillermoRodriguez

Question 12

What is a network access control list?

Answer 12

A network ACL is a subnet security option that allow inbound or outbound traffic for an specific subnet. Each subnet only can have an ACL and this ACL is in charge to allow or deny traffic in your subnet. An ACL inspect not only the traffic that comes to you subnet but also inspect the traffic that go to outside form your subnet. Demo: https://www.youtube.com/watch?v=FILtmSzLy0A&ab_channel=JuanGuillermoRodriguez

Question 13

What are the differences between a Security Group and a ACL?

Answer 13

Security Group:
- Operate in a instance level, only allow rules, Return traffic is automatically allowed, inspect all rules in order to allow traffic, Applies only to EC2 instances and the services hosted in those EC2 instances (backend servers), we can associate at max 5 security group for each instance.
ACL:
- Operates at subnet level, support allow and deny rules, Return traffic must be explicitly allowed by rule, we process rules in order number, applies to all services inside the subnet, a subnet can only have an ACL/

Question 14

Can we use security groups with ACL?

Answer 14

Yes we can create an EC2 instance with it’s security group inside a Subnet with it’s ACL.

Question 15

What is an internet Gateway?

Answer 15

Is like a door that you can attach to your VPC to connect your VPC with internet. Demo: https://www.youtube.com/watch?v=35zd1FAMrjA&ab_channel=RubenJGarcia

Question 16

What is a NAT gateway?

Answer 16

Is a door that allows services inside in a private subnet to connect with internet or other AWS services outside the subnet. Demo: https://www.youtube.com/watch?v=35zd1FAMrjA&ab_channel=RubenJGarcia

Question 17

What is a DNS?

Answer 17

A DNS is in charge to translate your web browser search into IPV4 or IPV6 address.

Question 18

What is Amazon Route 53?

Answer 18

Is a DNS server basically, in Route 53 you can transfer your domains to this service or host your Domains on this DNS server. To know more about : https://tutorialsdojo.com/amazon-route-53/. The demo: https://www.youtube.com/watch?v=BtiS0QyiTK8&ab_channel=Simplilearn

Question 19

What is an elastic IP address?

Answer 19

Is used when you want to give a permanent IP address to your EC2 instance. We can associate this with an EC2 instance, a VPC or whatever entry point connection you have in your network.

Question 20

What is a VPC endpoint??

Answer 20

Is used in Amazon Private Link to connect services inside a Private VPC without using internet.

Question 21

What is AWS CloudFront?

Answer 21

Is a service related with edge locations to give a fast service to your clients using your dynamic or static web applications . In CloudFrount you create “Origins” which are S3 buckets, EC2 instances with web servers, etc.. this Origin host images, web pages and other things that your clients can access via http or https requests. CloudFront copy the content of these Origin in every edge location of AWS in order to avoid a complex network to send that information to your clients that are far away of your origin.

Question 22

What is ELB?

Answer 22

Amazon Elastic Load Balancing is a service to distribute traffic in multiple aviability zones. We can distribute traffic on EC2 instances, aws lambda, Ip, S3, and other services. ELB also help us to identify the healthy of the connections, if a connection is healthy then we can distribute traffic to that connection. Demo: https://www.youtube.com/watch?v=pUm5nEIZQEs&ab_channel=Pythoholic

Question 23

What are the types of ELB?

Answer 23

• Application Load Balancer (ALB): Operates at the seven layer of OSI model, we use it on http, https, web applications, microservices.
• Network Load Balancer (NLB): Operates at the 4 layer of OSI model, is used in TCP/UDP.
  -Gateway Load Balancer (GLB): Operates in IP.
• Classic Load Balancer: Is the classic load balancer that we use in EC2 instances to distribute the traffic. Demo: https://www.youtube.com/watch?v=pUm5nEIZQEs&ab_channel=Pythoholic

Question 24

What is a listener?

Answer 24

A listener is basically in charge of check connections requests.

Question 25

What is AWS API gateway?