VPC Flashcards
Can a subnet span AZ?
No. A subnet must reside entirely within a single AZ.
Can there be multiple subnets in an AZ?
Yes
What is a VPC?
A Virtual Private Cloud (like a traditional on-prem network only in the cloud)
Can be divided into multiple subnetworks or subnets
Can a VPC span AZ?
Yes, but it can only exist within a single region.
Services that do not require a VPC
S3 bucket, DynamoDB tables, Lambda functions. Those are regional resources and can’t be placed in a subnet.
How do you access infrastructure that isn’t part of the VPC from ECS instances within the VPC?
Use a VPC endpoint
What does a VPC endpoint do?
Allows private connectivity between EC2 instances and other AWS services without the traffic passing through the public internet
Internet Gateway
By default, a VPC does not have a connection to any public networks. An Internet Gateway allows your EC2 instances to connect to the public internet.
Customer Gateway
Component of on-prem network that works with the site-to-site VPN connection in AWS
Virtual Private Gateway
Used for establishing an AWS Direct Connect connection to an on-prem data center
Egress-only Gateway
Used for VPCs that use IPv6
Allows outbound communication over IPv6 from EC2 instances in your VPC to the public internet
Prevents the public internet from initiating a IPv6 connection with your EC2 instances
Performs NAT (network address translation)
NAT gateways and NAT instances won’t work in IPv6
Carrier Gateway
Used for VPCs that use AWS Wavelength to deliver ultra-low latency applications for 5G devices
Allows incoming traffic from a carrier network in a specific location
Allows outgoing traffic to the carrier network and to the public internet
Only available for VPCs that contain subnets in a Wavelength Zone
AWS Direct Connect
Allows you to establish a dedicated network connection from your on-premises network to AWS.
Private connection to AWS, lower latency, and a higher network bandwidth.
Data does not pass over the public internet
