VPC 101 Flashcards
What is a VPC?
Virtual Private Cloud. A virtual network dedicated to your AWS account. Think of it as a virtual data center in the Cloud.
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
What are the key concepts for VPCs?
The following are the key concepts for VPCs:
- Subnet
- Route table
- Internet gateway
- VPC endpoint
What is a subnet?
A subnet is a range of IP addresses in your VPC.
What is a route table?
A route table is a set of rules, called routes, that are used to determine where network traffic is directed.
What is an internet gateway?
An internet gateway is a gateway that you attach to your VPC to enable communication between resources in your VPC and the internet.
What is a VPC Endpoint?
A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.
What interfaces can be used to manage your VPC?
AWS Management Console — Provides a web interface that you can use to access your VPCs.
AWS Command Line Interface (AWS CLI) — Provides commands for a broad set of AWS services, including Amazon VPC, and is supported on Windows, Mac, and Linux. For more information, see AWS Command Line Interface.
AWS SDKs — Provides language-specific APIs and takes care of many of the connection details, such as calculating signatures, handling request retries, and error handling. For more information, see AWS SDKs.
Query API — Provides low-level API actions that you call using HTTPS requests. Using the Query API is the most direct way to access Amazon VPC, but it requires that your application handle low-level details such as generating the hash to sign the request, and error handling. For more information, see the Amazon EC2 API Reference.
Can you create a VPC as an extension of your corporate datacenter?
Yes. You can create Hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage AWS cloud as an extension of your datacenter.
What can you do with a VPC?
With a VPC, you can….
- Launch instances into a subnet of your choice
- Assign custom IP address ranges in each subnet
- Configure route tables between subnets
- Create internet gateway and attach it to your VPC
- Much better security control over your AWS resources
- Instance security groups
- Subnet network access control lists (ACLS)
What is the difference between a Default VPC vs a Custom VPC?
- Default VPC is user friendly, allow you to immediately deploy instances.
- All Subnets in default VPC have a route to the internet.
- Each EC2 instance has both a public and private IP address.
What is VPC Peering and what are it’s features?
VPC Peering allows you to connect one VPC to another via a direct network route using Private IP addresses.
- Instances behave as if they were on the same private network
- You can peer VPCs with other AWS accounts as well as with other VPCs in the same accounts.
- Peering is in a star config. i.e. 1 central VPC peers with 4 others. No Transitive peering!
What are the VPC 101 exam tips?
- Think of a VPC as a logical datacenter in AWS.
- Consists of IGW (or Virtual Private Gateways), Route Tables, Network Access Control Lists, Subnets, and Security Groups
- 1 Subnet = 1 Availability Zone
- Security Groups are Stateful; NACLs are Stateless
- No Transitive Peering!
