VPC Flashcards
VPC in one line
Logically isolated space in the AWS cloud
Can VPCs span multiple regions? Per region how many VPCs can be created ?
No. 5
0.0.0.0/0 significance ?
allow public access
VPC peering?
allows to connect 2 VPC over a direct network using private IP addresses.
VPC peering follows what topology?
Star. 1 Central and max 4 to it
VPC peering doesn’t allows transitive peering meaning ?
if A is center then B and C can’t talk to each other. Only nearest neighbour i.e. A allows to talk to both. For B and C to talk they would need separate peering.
Can CIDR blocks be same when doing VPC peering ?
No else would cause conflict
Route table used for ?
For directing the internet traffic
Internet gateway used for ?
- target in route table for internet assigned traffic. So destination 0.0.0.0/0 be translated to igw-xyz.
- perform NAT for public assigned IPV4 instances
Bastian / Jumpbox?
Intermediate host that is in public subnet with limited privileges helps to lessen penetration attack
Direct Connect ?
Helpful for speedy connection between on-prem network and AWS
VPC endpoints?
To prevent traffic from leaving the AWS network we use these. Like when accessing S3 bucket instead of exposing it over internet and then access from a different service we can create a VPC endpoint.
Interface endpoint vs Gateway endpoint
Gateway is free and supports on S3 and dynamo and sits inside VPC. Interface one sits inside subnet and supports many AWS Services.
VPC flow log?
Stores in and out traffic IP (not hostnames) at VPC, Subnet or Interface level. Uses S3 or cloud watch to store logs.
NACL ?
Network access control list. Virtual firewall at the subnet level. We can allow as well as deny (unlike security groups) traffic based on source at subnet level.
Rule number in NACL ?
Rule number present to define sequence of evaluation. Use something like 100 so that can create in between as well if required.
Security groups?
Virtual firewall at EC2 level
What all can be in source in SG?
IP or another SG
Can ec2 instance have multiple SG?
Yes. And they are permissive if any allows traffic on a port then allowed.
Use of NAT?
Network address translator is used when going out from a private IP address to the internet. Translation required in the process.
NAT instance vs NAT Gateway?
NAT instances is a EC2 instance with AMI for specific purpose. NAT Gateway is a managed service.
DNS hostnames disabled by default in VPC?
Yes. We need to enable if want our EC2 instances to have public hostnames.
Main route table?
The going to be used by default
Step to VPC and EC2 ?
Create VPC. Then create IG, attach IG to VPC. Modify the route table for 0.0.0.0/0 traffic to IG. Create subnet (public/private). Auto assign IPv4 for public. Create EC2
Are subnets public ?
Yes if the setting auto assign public IPv4 is true then
NAT gateway use?
To access the internet from the private subnet.