VPC

Question 1

VPC in one line

Answer 1

Logically isolated space in the AWS cloud

Question 2

Can VPCs span multiple regions? Per region how many VPCs can be created ?

Answer 2

No. 5

Question 3

0.0.0.0/0 significance ?

Answer 3

allow public access

Question 4

VPC peering?

Answer 4

allows to connect 2 VPC over a direct network using private IP addresses.

Question 5

VPC peering follows what topology?

Answer 5

Star. 1 Central and max 4 to it

Question 6

VPC peering doesn’t allows transitive peering meaning ?

Answer 6

if A is center then B and C can’t talk to each other. Only nearest neighbour i.e. A allows to talk to both. For B and C to talk they would need separate peering.

Question 7

Can CIDR blocks be same when doing VPC peering ?

Answer 7

No else would cause conflict

Question 8

Route table used for ?

Answer 8

For directing the internet traffic

Question 9

Internet gateway used for ?

Answer 9

1. target in route table for internet assigned traffic. So destination 0.0.0.0/0 be translated to igw-xyz.
2. perform NAT for public assigned IPV4 instances

Question 10

Bastian / Jumpbox?

Answer 10

Intermediate host that is in public subnet with limited privileges helps to lessen penetration attack

Question 11

Direct Connect ?

Answer 11

Helpful for speedy connection between on-prem network and AWS

Question 12

VPC endpoints?

Answer 12

To prevent traffic from leaving the AWS network we use these. Like when accessing S3 bucket instead of exposing it over internet and then access from a different service we can create a VPC endpoint.

Question 13

Interface endpoint vs Gateway endpoint

Answer 13

Gateway is free and supports on S3 and dynamo and sits inside VPC. Interface one sits inside subnet and supports many AWS Services.

Question 14

VPC flow log?

Answer 14

Stores in and out traffic IP (not hostnames) at VPC, Subnet or Interface level. Uses S3 or cloud watch to store logs.

Question 15

NACL ?

Answer 15

Network access control list. Virtual firewall at the subnet level. We can allow as well as deny (unlike security groups) traffic based on source at subnet level.

Question 16

Rule number in NACL ?

Answer 16

Rule number present to define sequence of evaluation. Use something like 100 so that can create in between as well if required.

Question 17

Security groups?

Answer 17

Virtual firewall at EC2 level

Question 18

What all can be in source in SG?

Answer 18

IP or another SG

Question 19

Can ec2 instance have multiple SG?

Answer 19

Yes. And they are permissive if any allows traffic on a port then allowed.

Question 20

Use of NAT?

Answer 20

Network address translator is used when going out from a private IP address to the internet. Translation required in the process.

Question 21

NAT instance vs NAT Gateway?

Answer 21

NAT instances is a EC2 instance with AMI for specific purpose. NAT Gateway is a managed service.

Question 22

DNS hostnames disabled by default in VPC?

Answer 22

Yes. We need to enable if want our EC2 instances to have public hostnames.

Question 23

Main route table?

Answer 23

The going to be used by default

Question 24

Step to VPC and EC2 ?

Answer 24

Create VPC. Then create IG, attach IG to VPC. Modify the route table for 0.0.0.0/0 traffic to IG. Create subnet (public/private). Auto assign IPv4 for public. Create EC2

Question 25

Are subnets public ?

Answer 25

Yes if the setting auto assign public IPv4 is true then

Question 26

NAT gateway use?

Answer 26

To access the internet from the private subnet.