VPC Flashcards
What is a VPC and is it global, region, or AZ locked?
It is a private cloud that is region locked
What are route tables used for within a VPC?
To define access to the internet and between subnets
What does an internet gateway do within a VPC?
Allows VPC instances to connect with the internet. Public subnets have a route to the internet. NAT gateways and NAT instances allow private subnets to access the internet while remaining private.
What does a NACL do?
It is a stateless (traffic in doesn’t imply responses are allowed) firewall that can have allow and deny rules for IP address that are attached to a subnet
What is a security group?
It is a stateful (traffic in allows for responses) firewall that controls traffic to an ENI or EC2 instance that can only contain allow rules and may include IP address and other security groups
How can you monitor and troubleshoot connectivity issues for a VPC?
VPC flow logs
What does VPC peering do?
Allows you to connect two VPCs privately using AWS network as if they were in the same network. Note: VPC peering is not transitive, A -> B and B -> C does not imply A -> C.
What are VPC endpoints?
Endpoints that allow you to connect to AWS services using a private network instead of www network which gives enhanced security and lower latency.
What are the two options to connect to a VPC from on-premises?
- Site to site VPN - Via public internet
- Direct connect (DX) - Via private physical connection
What are the tiers in the typical 3 tier solution architecture?
- Public subnets that contain an ELB
- Private subnets that contain an ASG
- Private data subnet that contains ElastiCache and RDS