VPC 3 Flashcards
NACLs
What are NACLs associated with?
Subnets
NACLs
How do NACLs control traffic within a single Subnet?
They aren’t. NACLs are inter-subnet only
NACLs
How do NACLs handle request and response packets?
Orthogonal concept: they handle INBOUND and OUTBOUND traffic
NACLs
How do you deny traffic with a NACL?
Just do it. NACLs have explicit allow and deny. Security Groups don’t have deny.
NACLs
How does a NACL decide which rule to apply?
Rule number (low to high), stop when 1st rule matches
NACLs
What happens if you have both an ALLOW and a DENY rule?
Nothing special, just pick the first rule that matches (lowest Rule Number)
NACLs
What is rule number “*”?
An implicit DENY for all traffic (it’s notional, doesn’t actually exist as a rule)
NACLs
So, why does any traffic flow anywhere since we all don’t bother with NACLs?
Default NACL comes with “100 0.0.0.0/0 ALLOW” rule above the “*” deny rule
NACLs
What do you get when you create a new, custom NACL?
Just the “*” deny rule
NACLs
How do you set the source and destination CIDR on NACLs?
Set Source on Inbound rules, set Destination on Outbound rules
NACLs
What’s the port range for ephemeral ports used by TCP?
1024 - 65535
NACLs
How do you assign a NACL to a Security Group?
Can’t. NACLs are only assignable to Subnets and only deal with CIDR addresses.
NACLs
How do I set up NACLs to allow traffic from Subnet 1 to Subnet 2?
2 NACL rules on each subnet, one for each direction (total of 4 rules)
Peering
[important]How many VPCs can you connect with a Peer?
important
2 only, no more no less
Peering
Can you route IPv6 over VPC Peers?
Yes