VPC

Question 1

What does VPC stand for?

Answer 1

Virtual Private Cloud

Question 2

What is the difference between a private and public subnet?

Answer 2

• Public can be accessed from the internet via an IGW (Internet Gateway)
• Private cannot be accessed from the internet.

Question 3

What are Route Tables used for?

Answer 3

To define access to the internet/between subnets

Question 4

How does AWS provide subnets for you in a VPC?

Answer 4

• Each AZ comes with a “default” vpc, which contains a public subnet.
• You cannot create private subnets.

Question 5

How can a private subnet access the internet?

Answer 5

The private subnet connects to the public subnet via a NAT Gateway (AWS managed)/NAT instance (self managed), which can access the IGW.

Question 5

How can a private subnet access the internet?

Answer 5

The private subnet connects to the public subnet via a NAT Gateway (AWS managed)/NAT instance (self managed), which can access the IGW.

Question 6

What is a NACL?

Answer 6

Network ACL (Access Control List):
- A firewall which controls traffic from and to a subnet
- Can have ALLOW and DENY rules
- Attached at the subnet level
- Rules only include IP addresses
- Stateless (rules must be set for outbound traffic)

Question 7

How are security groups used with VPC?

Answer 7

• Security groups are a firewall that control traffic to and from an ENI (elastic network interface, can contain different types of IP address)/ an EC2 instance
• Can only have ALLOW rules
• Rules include IP addresses and other security groups
• Stateful: return traffic is automatically allowed, regardless of rules

Question 8

What is the VPC flow log?

Answer 8

Information about IP traffic going into your VPC

Question 9

What is VPC Peering?

Answer 9

Connect two VPC, privately, using AWS’ network, allowing them to behave as if they were in the same network.

Question 10

What is a requirement of VPC Peering?

Answer 10

• Must not have overlapping CIDR (IP address range)

Question 11

What does it mean to say that VPC Peering is not transitive?

Answer 11

If A is connected to B, and B to C, that does not mean that A is connected to C.

Question 12

What is a VPC Endpoint?

Answer 12

An endpoint allowing you to connect to AWS services using a private network instead of the public network
- This gives you enhanced security and lower latency to access AWS services

Question 13

What is the difference between VPC Endpoint Gateway and VPC Endpoint Interface?

Answer 13

Gateway - S3 and Dynamo DB
Interface - The rest (e.g., cloudwatch).

Question 14

What is Site to Site VPN?

Answer 14

• Connect an on-premises VPN to AWS
• Connection is automatically encrypted
• Goes over the internet

Question 15

What is Direct Connect (DX)?

Answer 15

• Establish a physical connection between on-premises and AWS
• Connection is private, secure and fast
• Goes over a private network
• Takes at least a month to establish

Question 16

What is the limitation with Site to site and DX with respect to VPC endpoints?

Answer 16

Site to Site VPN and DX cannot access VPC endpoints.

Question 17

What is a subnet?

Answer 17

Tied to an AZ, it is a network partition of the VPC.