NAT Gateway/NAT Instance Flashcards

1
Q

What is a NAT Gateway?

A

This is an AWS NAT managed service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the maximum number of NAT Gateways that can be attached to an Availability Zone?

A

5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the throughput of one NAT Gateway?

A

5 Gbps and automatically scales to 100 Gbps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are two ways to enable private addresses within a vpc to communicate out to the internet?

A

1) Use the AWS NAT Gateway
2) Create a NAT EC2 instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What type of NAT device does AWS recommend using for natting?

A

AWS NAT Gateway service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does a NAT instance run on?

A

It runs on an EC2 instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Traffic destined for a NAT instance is actually destined for the EC2 instance that it’s running on. If the the source/destination check is enabled on the EC2 ENI, what will happen to the traffic?

A

It will be dropped.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which NAT service is EOL?

A

NAT EC2 Instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When configuring HA for NAT Instances, how is that managed?

A

NAT instances HA would require configuring a separate EC2 instance in the public subnet and have scripts that would update the routing table if one subnet is unavailable. Unlike NAT Gateways, this is a self-managed service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How is HA managed for NAT Gateways?

A

NAT Gateways HA would require configuring a separate gateway in the different public subnets, but HA is managed by AWS. This is an AWS managed service so there’s no additonal configuration needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True or false: One NAT Gateway can provide HA in one region.

A

False: NAT Gateways are only highly available in the availability zone it is running from.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the two charges associated with NAT Gateways?

A

1) Hourly use charge; pricing differs from different regions
2) Data processing charge (how much data goes through the NAT gateway)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of ip does a NAT Gateway use to route to the internet?

A

Elastic IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are two ways to route traffic from your NAT Gateway to on-prem network?

A

1) Transit Gateway
2) Virtual Private Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the two types of NAT Gateway?

A

1) Private NAT Gateway
2) Public NAT Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A NAT Gateway can scale up to 100Gbps, but if more bandwidth is needed, what is the best approach?

A

Split resources into separate subnets and configure a NAT Gateway for each subnet.

17
Q

How many packets per second can a NAT Gateway process?

A

1 million packets per second

18
Q

How many packets per second can a NAT Gateway scale up to?

A

10 million packets per second

19
Q

By default, how many elastic ips can be configured on a NAT Gateway?

A

2

20
Q

If you delete the private NAT Gateway, will the private ip address persist?

A

No, it will also be deleted.

21
Q

You are configuring an EC2 instance that would need to access resources in the internet, which will include a NAT Gateway. You will be implementing security measures with both security groups and a NACL. You plan on configuring the security group on the NAT Gateway and NACL on the IGW. Will this design work?

A

Yes, but NAT Gateways cannot have a security group, only the ENI of the EC2 instance.

22
Q

What are three AWS connectivity services that cannot use NAT Gateway?

A

1) VPC peering
2) Site-to-Site VPN
3) Direct Connect

23
Q

In process
What are the steps to configure a NAT Gateway for a private subnet to access resources on the internet?

A