VPC Flashcards
virtual data center in the cloud
VPC
Logically isolated part of AWS Cloud where you can define your own network
VPC
Conisits of internet gateways, route tables, network access control lists, subnets, and security groups
VPC
How many AZ are subnets in?
1
Created automatically when creating a VPC
Route table, Network ACL, Security Group
How many reserved IP are in there in a CIDR block?
5
10.0.0.0 is reserved for
Network Address
10.0.0.1 is reserved for
VPC Router
10.0.0.2 is reserved for
IP address of the DNS Server
10.0.0.3 is reserved for
Future use
10.0.0.255 is reserved for
Network broadcast address
How to make a subnet public
Add internet gateway
Used to enable instances in a private subnet to connect to the internet or other AWS services while preventing the internet from initiating a connection with those instances
NAT Gateway
Redundant inside the AZ
NAT Gateway
Starts at 5gbps and scales to 45 Gbps
NAT Gateway
Are NAT gateways automatically assigned a public IP?
Yes
Virtual firewalls for an EC2 instance, by default everything is blocked
Security Groups
If you send a request from your instance the response traffic for that request is allowed to flow in regardless of inbound security group rules
Stateful
Responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules
Stateful
Optional layer of security for your vpc that acts as a firewall for controlling traffic in and out of one or more subnets
Network Access Control list (ACL)
You can block up addresses using
Network ACL
Default Network ACL traffic logic
All outbound and inbound traffic allowed
Custom Network ACL traffic logic
All outbound and inbound traffic denied until rules are added
Can Network ACL be associated with multiple subnets?
Yes
Can subnets be associated with multiple network ACLS
No
Network ACL rule logic
Ordered starting with lowest numbered rule
Responses to allowed inbound traffic are subject to the rules for outbound traffic
Stateless
Stateful security
Security groups
Stateless security
Network ACL
Enables you to privately connect your VPC to supported AWS services and VPC endpoint services
VPC Endpoint
Horizontally scaled redundant and highly available VPC components that allow communication between instances in your VPC and services
VPC Endpoint
An elastic network interface with a private IP address that serves as an entry point for traffic headed to a supported service.
Interface Endpoints
A virtual device that is provisioned which supports connection to S3 and DynamoDB
Gateway Endpoints
Allows you to connect one VPC with another via a direct network route using private IP addresses
VPC peering
Can you VPC peer between regions?
Yes
Best way to expose a service VPC to tens, hundreds, or thousands of customer VPCs
PrivateLink
Requires a Network Load Balancer on the service VPC and an ENI on the customer VPC
AWS PrivateLink
Used when you have multiple sites, each with its own VPN connection
VPN Cloudhub
Makes it easy to establish a dedicated reliable network connection from your premises to AWS, Used for high-throughput workloads
Direct Connect
2 Types of direct connect connection
Dedicated, Hosted
Direct connect connection that is a physical ethernet connection associated with a single customer
Dedicated Connection
Direct connect connection that is a physical ethernet connection that an AWS Direct Connect Parter provisions on behalf of a customer
Hosted
Connects VPCs and on-premise networks through a central hub to simply network topology. Acts as a cloud router
Transit Gateway
Allows you to have transitive peering between thousands of VPCs and on-premises data centers
Transit Gateway
Embeds AWS compute and storage services within 5g networks for mobile edge computing
AWS Wavelength
