VPC

Question 1

What is a VPC and is it global, region, or AZ locked?

Answer 1

It is a private cloud that is region locked

Question 2

What are route tables used for within a VPC?

Answer 2

To define access to the internet and between subnets

Question 3

What does an internet gateway do within a VPC?

Answer 3

Allows VPC instances to connect with the internet. Public subnets have a route to the internet. NAT gateways and NAT instances allow private subnets to access the internet while remaining private.

Question 4

What does a NACL do?

Answer 4

It is a stateless (traffic in doesn’t imply responses are allowed) firewall that can have allow and deny rules for IP address that are attached to a subnet

Question 5

What is a security group?

Answer 5

It is a stateful (traffic in allows for responses) firewall that controls traffic to an ENI or EC2 instance that can only contain allow rules and may include IP address and other security groups

Question 6

How can you monitor and troubleshoot connectivity issues for a VPC?

Answer 6

VPC flow logs

Question 7

What does VPC peering do?

Answer 7

Allows you to connect two VPCs privately using AWS network as if they were in the same network. Note: VPC peering is not transitive, A -> B and B -> C does not imply A -> C.

Question 8

What are VPC endpoints?

Answer 8

Endpoints that allow you to connect to AWS services using a private network instead of www network which gives enhanced security and lower latency.

Question 9

What are the two options to connect to a VPC from on-premises?

Answer 9

1. Site to site VPN - Via public internet
2. Direct connect (DX) - Via private physical connection

Question 10

What are the tiers in the typical 3 tier solution architecture?

Answer 10

1. Public subnets that contain an ELB
2. Private subnets that contain an ASG
3. Private data subnet that contains ElastiCache and RDS