Networking

Question 1

What is Amazon Virtual Private Cloud? (VPC)

Answer 1

A networking service that is used to establish boundaries around your AWS resources

You must group resources in your VPCs into either public (internet access) or private (no internet access) facing groups known as subnets

Helps separate the parts accessible to the public (e.g. cashier) and private (e.g. barista)

Public subnets could be something like an online store website which customers need to access

Private subnets could contain databases with personal customer data

Subnets communicate. E.g. EC2 instances in public subnet can talk to databases in private subnet

Question 2

What is an Internet Gateway?

Answer 2

A doorway attached to the VPC that allows public traffic from the internet to access your VPC

Question 3

What is a Virtual Private Gateway?

Answer 3

Only allows people in if they are coming from an approved network, not the public internet

Enables protected internet traffic to enter the VPC using a virtual private network (VPN)

VPN are private and encrypted, but uses a regular internet connection shared by many

Question 4

What is AWS Direct Connect?

Answer 4

Address issues above, offering lowest amount of latency with highest amount of security possible

Used to establish a dedicated private connection between your data centre and a VPC

Like a private corridor from a flat block to a coffee shop, without having to use public roads

Reduces network costs and increases amount of bandwidth travelling through your network

Question 5

What is network traffic in a VPC?

Answer 5

When a customer requests data from an app hosted in AWS, this request is sent as a packet

A packet is a unit of data sent over the internet or a network and enters VPC though an IG
Before it can then enter (or exit) a subnet, Network

Access Control Lists (ACLs) check the permissions of the packet. Like immigration officers that let correct passport holders in

Default ACL allows all inbound and outbound traffic but can be modified and locked down

These are stateless – remember nothing and check all packets that cross the subnet border

Question 6

What is Domain Name System? (DNS)

Answer 6

The process of visiting a company’s website involves:

1. Entering domain name into your browser, this request is sent to a customer DNS resolver
2. The customer DNS resolver asks the company DNS server for the IP address for the website
3. The company DNS server responds with the requested IP address

Question 7

What is Amazon Route 53?

Answer 7

A DNS web service that provides a reliable way to route end users to internet apps hosted in AWS

It can route users to infrastructure inside and outside of AWS

It manages the DNS records for domain names all within a single location

Question 8

How does Amazon Route 53 & Amazon CloudFront work together?

Answer 8

Imagine Company A’s app is running on several EC2 instances within a group attached to an ELB

Customer requests data from Company As website

Route 53 uses DNS resolution to identify the website’s IP address. The info is sent back to customer

Customer’s request is sent through the nearest edge location using CloudFront

CloudFront connects to the ELB which sends the incoming packet to an EC2 instance