VPC Flashcards
VPC- virtual private cloud
private network to deploy your resource (regional resource)
- You need a logically isolated section of AWS, where you can launch AWS resources in a private network that you define. What should you use?
Subnet
allow you to partition your network inside your VPC ( availability zone resource)
- tied to an AZ, network partition of the VPC
Public subnet
a subnet that is accessible from the internet
Private subnet
a subnet that is not accessible from the internet
Route table
To define access to the internet and between subnet, we use
Internet gateway
helps our VPC instance connect with the internet
- Public Subnets have a route to the internet gateway
-Your VPC needs to connect with the Internet. Which VPC component can help?
NAT gateway / Instances
- give internet access to private subnets
- allow your instance in the private subnet to access the internet while remaining private
- Your private subnets need to connect to the Internet while still remaining private. Which AWS-managed VPC component allows you to do this?
NACL: Network ACL
Stateless, subnet rules for inbound and out bound
- Operate at subnet level
- supports allow rules and deny rules
- is Stateless: Return traffic must be explicitly allows rules
- Which type of firewall has both ALLOW and DENY rules and operates at the subnet level?
Security Group:
stateful, operate at the EC2 instance level or ENI
- Operate at instance level
- Support allow rules only
- Is stateful: return traffic is automatically allowed regardless of any rules
VPC peering
connect two VPC with non overlapping IP ranges, non-transitive
- A company needs two VPCs to communicate with each other. What can they use?
VPC endpoints
Provide private access to AWS service within VPC
- VPC endpoint Gateway: S3 & DynamoDB
- VPC Endpoint interface: the rest services
VPC flow logs
Network traffic logs
- Capture information about IP traffic going into your interface
- Help to monitor & troubleshoot connectivity issue
Site to Site VPN
VPN over public internet between on-perms DC and AWS
- public internet
- not fast
- take a month to establish
Direct Connect
Direct private connection to AWS
- Private network
- fast
- Takes at last a month to establish
- A company needs to have a private, secure, and fast connection between its on-premises data centers and the AWS Cloud. Which connection should they use?
Transit Gateway:
Connect thousands of VPC and on-perm networks together
- You would like to connect hundreds of VPCs and your on-premises data centers together. Which AWS service allows you to do link all these together efficiently?
