Networking Flashcards
Describe the basic concepts of Networking
1) Amazon Virtual Private Cloud (Amazon VPC)
* Networking service that can be used to establish boundaries around the AWS resources
* Enables to provision an isolated section of the AWS Cloud in which able to launch resources (EC2 instances, ELBs) in a virtual network you define
* Allows to define private IP range for AWS resources
* Within a VPC, can organize resources into subnets
* Subnets - chunks of IP addresses in the VPC that allow to group resources together
2) Internet gateway
* Connection between a VPC and the internet to allow public traffic from the internet to access the VPC
3) Virtual private gateway
* Allows traffic in if coming from approved network, not the public internet
* Allows to create a VPN connection between a private network, like on-premises data center or internal corporate network to the VPC
Describe AWS Direct Connect
1) Allows to establish a completely private, dedicated fiber connection from the data center to AWS
2) Work with a Direct Connect partner to establish the connection
3) Provides a physical line that connects the network to the AWS VPC
4) Helps to reduce network costs
5) Increases the amount of bandwidth that can travel through the network
Describe Subnets
1) Section of a VPC in which can group resources based on security or operational needs
2) Subnets can be public or private
* Public subnets -> contain resources that need to be accessible by the public, such as an online store’s website
* Private subnets -> contain resources that should be accessible only through the private network, such as a database that contains customers’ personal information and order histories
3) In a VPC, subnets can communicate with each other, for instance an application that has an EC2 instance in a public subnet communicating with a database in a private subnet
Describe network traffic in a VPC
1) Request for data from an application hosted in the AWS Cloud is sent as a packet
2) Packet is a unit of data sent over the internet or a network
3) The packet enters into a VPC through an internet gateway
4) Before the packet can enter into a subnet or exit from a subnet, it checks for permissions
5) The permissions indicate who sent the packet and how the packet is trying to communicate with the resources in a subnet
Describe network access control lists (ACLs)
1) VPC component that checks packet permissions for subnets
2) Virtual firewall that controls inbound and outbound traffic at the subnet level
3) Each AWS account contains a default ACL
4) When configure the VPC, can use the default network ACL or create custom network ACLs
5) Default ACLs
* Allows all inbound and outbound traffic, but can modify by adding rules
6) Network ACLs
* All inbound and outbound traffic is denied until rules are added to specify which traffic to allow
* Have an explicit deny rule which ensures that if a packet doesn’t match any of the other rules on the list, the packet is denied
* Stateless packet filtering - remember nothing and check packets that cross the subnet border each way: inbound and outbound
Describe Security Groups
1) VPC component that checks packet permissions for an Amazon EC2 instance
2) Virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance
3) By default, a security group denies all inbound traffic and allows all outbound traffic
4) Can add custom rules to configure which traffic to allow and deny
5) Stateful packet filtering - remember previous decisions made for incoming packets
Describe Domain Name System (DNS)
1) Translation service
2) Translates website names into IP (Internet Protocol addresses
Describe Route 53
1) AWS’s domain name service (DNS)
2) Highly available and scalable
3) Web service that provides a reliable way to route end users to internet applications hosted in AWS
4) When enter a website address, contacts Route 53 to obtain the IP address and then routes the computer/browser to that address
5) Can route users to infrastructure outside of AWS
6) Ability to manage the DNS records for domain names - can register new domain names directly in Route 53
7) Can transfer DNS records for existing domain names managed by other domain registrars
