Network - VPC - Internet Gateways Flashcards
What is an internet gateways?
horizontally scalabile; redundant; highly available component that allows communicaiton between your VPC and internet
What is purpose of an internet gateway?
provide route table target for internet-bound traffic; perform NAT for instances with public IP addresses; supports IPv4/v6
What is an egress-only internet gateway?
provides outbound internet access for IPv6 ([public by default) addresses, but prevents inbound IPv6 access
How does egress-only internet gateway forward traffic?
stateful- forwards traffic from instance to internet and then sends back the response
How is an egress-only IG created?
must create a custom route for ::/0 to the egress-only IG; egress-only is used instead of NAT for IPv6
What is the NAT instance?
EC2 instance running a special AWS AMI which translates many private instances to a public and back
What are some limitations of NAT instance?
doesn’t allow public internet initiated connections into private instances; not supported for IPv6 (egress-only)
What are some requirements for NAT instances?
must live on a public subnet with route to IG; private instances must have a route to the NAT instances, usually by default route
What is NAT gateway?
fully-managed services which replaces the need for NAT instance EC2
How does NAT gateway work?
must be created in a public subnet; uses an Elastic IP’ created in a specified AX with redundancy
What are some features of a NAT gateway?
multi-AZ; scale from 5 Gbps to 45
What are some limitations of NAT gateway?
can’t use a NAT gateway to ccess VPC peering, VPN or Direct Connect, so be sure to include specified routes in the your routing table
NAT Gateway vs Instance Availability?
Gateway = HA Instance = on your own
NAT Gateway vs Instance bandwidth?
Gateway = up to 45 Gbps Instance = depends on bandwidth
NAT Gateway vs Instance maintenance?
Gateway = AWS managed Instance = on your own
