Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS SOA > VPC > Flashcards

VPC Flashcards

1
Q

IP Address Planning

A

Making sure that most stakeholders’ vpc’s are avoided. This can be done by simply asking and confirming ranges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Recommended VPC CIDR Ranges

A

10.x.y.z where n>16

ie 10.16.0.0/16

Remember google uses 10.128.0.0

Therefore best range would be from

10.16.0.0-10.127.0.0

i.e, 10.16.0.0/20,
10.16.32.0/20,
10.16.48.0/20,
10.16.64.0/20

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

VPC services run from within subnets and not from the VPC

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Recommended CIDR Ranges II

A

Aim for atleast one reserved subnet for growth. Therefore up to about four Subnets.

VPC = /16
Subnets=AZ
16/4 = 4 per subnets

and then each Subnets, 4 Tiers
i.e 4*4 = 16 ranges = /20

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Other CidR considerations

A

target for 4 Tiers in each AZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

VPC Colors

A

Blue - Private Subnet
Green - Public Subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Inter-subnet communication

A

Inside a VPC, there’s free communication of subnets by default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Recommended Subnet Model

A

AZ-a
- App Subnet (10.16.16.0/20)
- Web Subnet (10.16.32.0/20)
- Db Subnet (10.16.48.0/20)
Ipv6 01

AZ-b
- App Subnet (10.16.64.0/20)
- Web Subnet (10.16.80.0/20)
- Db Subnet (10.16.96.0/20)
Ipv6 02

AZ-c
- App Subnet (10.16.112.0/20)
- Web Subnet (10.16.128.0/20)
- Db Subnet (10.16.144.0/20)
Ipv6 03

AZ-d
- App Subnet (10.16.160.0/20)
- Web Subnet (10.16.176.0/20)
- Db Subnet (10.16.192.0/20)
Ipv6 04

  • Note that there’s a reserved /20 in every AZ
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IP Masquerading vs NAT

A

NAT: one IP to One Public IP

IP Masquerading: One Public IP address to an entire CIDR Block

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

NAT Gateway Best practice

A

Natgateway in every AZ (HA), It’s allowed to have more than one NAT Gateway in an AZ, but be noteful of the charges.

NAT is not required in ipv6, ipv6 can be publicly routable directly through the igw

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

NAT Instance Advantages

A
  1. Port Forwarding
  2. Can be used as Bastion Host
  3. NAT Instance is cheaper and better for small workloads.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Gateway Endpoint

A

Can only be accessed from a Single VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Gateway Endpoint deployment

A

Gateway Endpoint is a regional Non-VLC service service. It is not cross-Regional. And cannot be deployed into AZ or subnet. You just configure(in the Endpoint Policy) the subnets and resources that needs to access it. It is by default HA to all Azs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Gateway Endpoint Prefix List

A

Gateway endpoints add ‘prefix lists’ to route table, allowing the VPC router to direct traffic flow to the public services via the gateway endpoint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Private Instance and Gateway Endpoint

A

Gateway endpoint is best with Private Instances, since public Instances can already access S3 and DynamoDB if configured to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
A
16
Q

Gateway Endpoint Policy

A

A policy to control resources that can access a particular gate way service, eg DynamoDB or S3

AWS SOA (47 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions