Networking Services Flashcards
What is a public subnet?
A subnet with a default route to an internet gateway
How are AZs, subnets, VPCs, and instances related to each other?
EC2 instance > subnet > AZ > VPC
What is a security group?
A firewall that determines what network traffic can pass into and out of an instance
Each instance must have at least one security group attached.
What is an internet gateway?
A VPC resource that allows EC2 instances to obtain a public IP address and access the internet
What are the defaults for security groups?
They DON’T contain INBOUND rules, so that no unsolicited traffic can reach the instance. They DO contain one OUTBOUND rule that allows access to any IP address.
Security groups can only permit access and not deny it.
What is a NACL?
A network access control list that provides security at the subnet level (as opposed to a security group which provides security at the instance level). Basically, it prevents traffic from entering or exiting a subnet.
What are the defaults for NACLs?
A NACL consists of inbound and outbound rules that, by default, allow all traffic.
What is VPC peering?
It allows resources in different VPCs to communicate with each other over the private AWS network instead of the internet.
How do you configure a VPN?
Create a virtual private gateway and attach it to your VPC, then configure your customer gateway (i.e. a router or firewall) to connect to the private gateway.
What are some pros/cons of Direct Connect?
- It provides network connectivity to your VPC and services such as S3
- it doesn’t provide internet access
- links are offered through APN partners
- the link operates at 1 or 10 Gbps
- it’s a good option for fast, consistent connectivity to AWS
- it’s expensive
What does CloudFront do?
It sends users to the edge location that will give them the best performance.
What kinds of networks can VPCs connect to?
- the internet via an internet gateway
- external, private networks via Direct Connect or a virtual private network (VPN)
- other VPCs using VPC peering
What is a private hosted zone (in relation to Route 53)?
A private hosted zone allows resolution only from resources within the associated VPCs.
What are the two services that Route 53 provides?
- DNS hosting
- register your TLDs (top level domain names)
What are the various Route 53 policies?
Failover, Weighted, and Multivalue Answer will direct traffic to any available resource.
Latency is good for performance.
Geolocation is good for directing users to a specific location.