Services Flashcards
AWS WAF monitors which services?
AWF is a web application firewall that lets you monitor the <b>HTTP</b> and <b>HTTPS</b> requests that are forwarded to an Amazon <b> CloudFront distribution </b>, an Amazon <b>API Gateway REST API</b>, an <b>Application Load Balancer</b>, or an AWS <b>AppSync GraphQL API</b>. AWS WAF also lets you control access to your content.
Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, Amazon CloudFront, Amazon API Gateway, Application Load Balancer, or AWS AppSync <u>responds to requests either with the requested content or with an HTTP 403 status code (Forbidden)</u>. You also can configure CloudFront to return a custom error page when a request is blocked.
When should I use PrivateLink
Use AWS PrivateLink when you have a <b>client/server</b> set up where you want to allow <b>one or more consumer VPCs unidirectional access to a specific service or set of instances in the service provider VPC</b>. Only the clients in the consumer VPC can initiate a connection to the service in the service provider VPC. This is <u>also a good option when client and servers in the two</u><b> VPCs have overlapping IP addresses</b> as AWS <b>PrivateLink leverages ENIs<b> within the client VPC such that <b>there are no IP conflicts</b> with the service provider. You can <i>access AWS PrivateLink endpoints over VPC Peering, VPN, and AWS Direct Connect</i>.</b></b>
When should I use VPC peering and Transit Gateway
Use VPC peering and Transit Gateway when you want to enable layer-3 IP connectivity between VPCs.
VPC peering
The <u><b>simplest</b> way to connect two VPCs is to use <b>VPC Peering</b></u>. In this setup, a connection enables full bidirectional connectivity between the VPCs. This peering connection is used to route traffic between the VPCs. <b><i>VPCs across accounts and AWS Regions can also be peered together</i></b>. VPC peering only incurs costs for traffic traveling over the connection (there is no hourly infrastructure fee).
VPC peering is <b>point-to-point connectivity</b>, and it <i>does not support transitive routing</i>. For example, if you have a VPC peering connection between VPC A and VPC B and between VPC A and VPC C, an instance in VPC B cannot transit through VPC A to reach VPC C. To route packets between VPC B and VPC C, you are required to create a direct VPC peering connection.
