Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS > Networking > Flashcards

Networking Flashcards

1
Q

Amazon Virtual Private Cloud, or VPCs

A

Amazon Virtual Private Cloud, or VPCs, as they’re affectionately known. A VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. These resources can be public facing so they have access to the internet, or private with no internet access, usually for backend services like databases or application servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Subnets

A

The public and private grouping of resources are known as subnets and they are ranges of IP addresses in your VPC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Amazon Virtual Private Cloud (Amazon VPC)

A

A networking service that you can use to establish boundaries around your AWS resources is Amazon Virtual Private Cloud (Amazon VPC).

Amazon VPC enables you to provision an isolated section of the AWS Cloud. In this isolated section, you can launch resources in a virtual network that you define. Within a virtual private cloud (VPC), you can organize your resources into subnets. A subnet is a section of a VPC that can contain resources such as Amazon EC2 instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Internet gateway

A

To allow public traffic from the internet to access your VPC, you attach an internet gateway to the VPC.

An internet gateway is a connection between a VPC and the internet. You can think of an internet gateway as being similar to a doorway that customers use to enter the coffee shop. Without an internet gateway, no one can access the resources within your VPC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Virtual private gateway

A

To access private resources in a VPC, you can use a virtual private gateway.

The virtual private gateway is the component that allows protected internet traffic to enter into the VPC.

A virtual private gateway enables you to establish a virtual private network (VPN) connection between your VPC and a private network, such as an on-premises data center or internal corporate network. A virtual private gateway allows traffic into the VPC only if it is coming from an approved network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AWS Direct Connect

A

AWS Direct Connect is a service that enables you to establish a dedicated private connection between your data center and a VPC.

The private connection that AWS Direct Connect provides helps you to reduce network costs and increase the amount of bandwidth that can travel through your network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AWS has a wide range of tools that cover every layer of security:

A

network hardening, application security, user identity, authentication and authorization, distributed denial-of-service or DDoS prevention, data integrity, encryption, much more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Subnets

A

A subnet is a section of a VPC in which you can group resources based on security or operational needs. Subnets can be public or private.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Public subnets

A

contain resources that need to be accessible by the public, such as an online store’s website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Private subnets

A

contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In a VPC, subnets can communicate with each other.

A

For example, you might have an application that involves Amazon EC2 instances in a public subnet communicating with databases that are located in a private subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A packet

A

is a unit of data sent over the internet or a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

access control list (ACL)

A

The VPC component that checks packet permissions for subnets is a network access control list (ACL).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

network access control list (ACL)

A

A network access control list (ACL) is a virtual firewall that controls inbound and outbound traffic at the subnet level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

More ACL

A

Each AWS account includes a default network ACL. When configuring your VPC, you can use your account’s default network ACL or create custom network ACLs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ACL Rules

A

By default, your account’s default network ACL allows all inbound and outbound traffic, but you can modify it by adding your own rules. For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic to allow. Additionally, all network ACLs have an explicit deny rule. This rule ensures that if a packet doesn’t match any of the other rules on the list, the packet is denied.

17
Q

Stateless packet filtering

A

Network ACLs perform stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound.

18
Q

Security Group

A

The VPC component that checks packet permissions for an Amazon EC2 instance is a security group.

A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.

Architecture diagram of a security group in front of an Amazon EC2 instance

By default, a security group denies all inbound traffic and allows all outbound traffic. You can add custom rules to configure which traffic to allow or deny.

19
Q

Multiple EC2s

A

If you have multiple Amazon EC2 instances within a subnet, you can associate them with the same security group or use different security groups for each instance.

20
Q

Stateful packet filtering

A

Security groups perform stateful packet filtering. They remember previous decisions made for incoming packets.

21
Q

ACLs & Security Groups

A

Both network ACLs and security groups enable you to configure custom rules for the traffic in your VPC. As you continue to learn more about AWS security and networking, make sure to understand the differences between network ACLs and security groups.

22
Q

DNS

A

You can think of DNS as being the phone book of the internet. DNS resolution is the process of translating a domain name to an IP address.

23
Q

Amazon Route 53

A

Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications hosted in AWS.

Amazon Route 53 connects user requests to infrastructure running in AWS (such as Amazon EC2 instances and load balancers). It can route users to infrastructure outside of AWS.

Another feature of Route 53 is the ability to manage the DNS records for domain names. You can register new domain names directly in Route 53. You can also transfer DNS records for existing domain names managed by other domain registrars. This enables you to manage all of your domain names within a single location.

24
Q

Amazon Route 53 and Cloudfront

A

A customer requests data from the application by going to AnyCompany’s website.

2
Amazon Route 53 uses DNS resolution to identify AnyCompany.com’s corresponding IP address, 192.0.2.0. This information is sent back to the customer.

3
The customer’s request is sent to the nearest edge location through Amazon CloudFront.

4
Amazon CloudFront connects to the Application Load Balancer, which sends the incoming packet to an Amazon EC2 instance.

AWS (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions