Virtual Private Cloud (VPC) Flashcards
What is a virutal private cloud (VPC)?
VPCs can be thought of as a virutal data center in the cloud. It’s a logically isolated part of AWS Cloud where you can define your own network .
You have complete control of virtual network, including your own IP address range, security, subnets, route tables and network gateways.
So essentially it’s a fully customizable network
Are VPCs setup automatically?
Yes, every AWS account in each regions have a default VPC that is setup automatically.
When you create your fully customizable Network what does the architecture typically look like?
In the fully customizable network you can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.
The architecutre typicall has 3 tiers to it:
The Web tier:
here you have web servers that need to be public-facing (meaning they are internet accessible, so people from the internet can access the wbeservers). People from the internet can acces them port 80 (HTTP) or 443 (HTTPS).
The application tier:
This is the application servers, and they usually perform somekind of business logic like rendering an image.
They are in a private sub-net and can speak to only the web tier and database tier.
The database tier:
The database is part of a private subnet and can only speak to the application tier.
Can you use AWS Cloud as an extension of your corporate data center?
Yes, you can create a Virutal private network (VPN) connection between your corporate data center and your VPC to achieve this goal.
What is the smallest and largest network size you can have with AWS VPC?
The smallest network size is 10.0.0.0/28 which gives you 16 IP addresses.
The largest network size i 10.0.0.0/16 which gives you 65,536
What would a typical Network diagram look like when creating a VPC.
The outer layer is our region.
So we can for instance deploy our region to us-east-1.
Then within the region you can create the vpc where you choose your IP range (10.0.0.0, 172.16.0.0 or 192.168.0.0).
When the VPC is created there will be created automatically a router -_> route tabel –> network Acess Control Lists (ACL).
Then we can create our public subnet, where we inside the subnet can create an instance (this could be a web server for instance) and a security group.
To make the instance in the public subnet available to the internet we attach an internet gateway.
What can you do with a VPC?
- Launch instances into a subnet
- Assign custom IP address ranges in each subnet
- Configure route tables between subnets
- Create internet gateway and attach it to our VPC
- Much better security control over your AWS resources
- Use subnet network access control lists. this can used to block specific IP addresses for instance.
What are the main differences between the default VPC adn Custom VPC
Default
- Is more user friendly due to not much setup
- All subnets have a route out to the internet
- Each EC2 instance has both a public and private IP address.
Custom
- Fully customizable to each of your needs
- Takes time to set up.
When you create a subnet how many availability zones can it be in?
1 subnet is always in 1 availability zone
When you create a VPC what elements are created by default?
Route tabel, Access control list (ACL) and security groups
What is best practice when naming sub-nets?
When creating a subnet you want to name it:
<ip> - <available>
and example would be:
10.0.1.0/24 - is-east-1a
</available></ip>
How many internet gateways can you attach to VPC?
You can only have one internet gateway attached to each VPC.
When you create a default VPC it will automatically have an internet gateway attached to it, and thus you can’t create an extra internet gateway for the default VPC for instance.
What is a subnet?
Subnets are larger networks broken down to smaller more manageable networks.
Connected devices/instances within a subnet share a common IP address identifier (or unique network number) that enables them to communicate with eachother.
For instance. If the network number is 192.168.1 Each device in that subnet will have that number in their IP address. For instance we can have four devices in the subnet that has the ip addresses :
Device 1: 192.168.1.10
Device 2: 192.168.1.11
Device 3: 192.168.1.12
Device 4: 192.168.1.13
Because they all share the same network number in their ip addresses we know they are in the same subnet and can communicate with eachother.
IN AWS VPC subnet is a range of IP addresses in your VPC.
What is a route table?
A route table contains a set of rules, called routes, that determine where network traffic (or packed data) from your subnet or gateway is directed.
The main purpose of a routing table is to help routers make effective routing decisions.
What is a network access control list (ACL)?
A network access control list (ACL) allows or denies specific inbound or outbound traffic at the subnet level.
You can create a custom network ACL for your VPC with rules that are similar to the rules for your security groups in order to add an additional layer of security to your VPC.