Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Security > NAT Gateway > Flashcards

NAT Gateway Flashcards

1
Q

NAT Instances

NAT Instance or NAT Gateway?

A

NAT Gateway always, unless you have a specific reason

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

NAT Instances

Why never use NAT Instances?

A

Old version of Amazon Linux; not specialized for high throughput networking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

NAT Instances

How do you control what traffic can use a NAT Instance?

A

Security Groups and NACLs, just like anything else

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

NAT Instances

How can you use a NAT Instance to throttle performance?

A

Deliberately pick small instance size

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

NAT Instances

Are NAT Instances HA?

A

Not by default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

NAT Instances

How can you make a NAT Instance HA?

important

A

Scripts that monitor instances and change routes when one fails

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

NAT Instances

How can you save money with a NAT Instance?

important

A

Use it for port forwarding and as a bastion host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

NAT Instances

Can you use a NAT Instance across VPC Peers?

A

Yes, it’s just an EC2 instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

NAT Instances

Can you use a NAT Instance across S2S VPN?

A

Yes, it’s just an EC2 instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

NAT Instances

Can you use a NAT Instance across Direct Connect?

A

Yes, it’s just an EC2 instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

NAT Gateway

What’s the cross-AZ best practice for NATGW?

A

Use separate NATGW in each AZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

NAT Gateway

Why is this the best practice?

A

If AZ fails, other AZs aren’t affected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

NAT Gateway

What’s the cost implication?

A

Multi-AZ NATGW means inter-AZ traffic charges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

NAT Gateway

How do I set up a NAT Gateway in my application’s subnet?

A

Can’t. NATGW need route table entries to direct traffic to it, so has to be separate Subnets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

NAT Gateway

What is the tiering/subnet rule when you add NAT Gateways?

A

Can’t have a NAT Gateway in the same subnet as a thing that uses it: need routing between subnets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

NAT Gateway

Limit on NAT GW throughput?

important

A

Up to 45 Gbps

17
Q

NAT Gateway

What do you do if you need more than 45 Gbps through a NAT GW?

important

A

Add more NAT GWs and more routes

18
Q

NAT Gateway

How do you change IP addresses used by NAT GWs?

important

A

Absolutely can’t: create a new NATGW.

19
Q

NAT Gateway

Can you use a NATGW across VPC Peers?

A

No

20
Q

NAT Gateway

Can you use a NATGW across S2S VPN?

A

No

21
Q

NAT Gateway

Can you use a NATGW across Direct Connect?

A

No

22
Q

NAT Gateway

Access S3: cheaper with NATGW or gateway endpoint?

important

A

Gateway endpoint (free)

23
Q

NAT Gateway

How do you control what traffic can use a NATGW?

important

A

NACLs (can use SG on private subnets)

24
Q

NAT Gateway

Can you use Security Groups to secure a NAT GW?

important

A

No, not on the NAT GW itself

AWS Security (83 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions