VPC Flashcards
When you launch an Ec2 instance in a NON default subnet does it get assigned a public IP?
No. Ec2 instances which are deployed in a non default subnet do not have a public IP. You need to assign an Elastic IP
When you create a VPC, what 2 things are assigned to it by default?
- Main Route table
- Main NACL
Are NACL’s at the VPC or subnet level?
Subnet. The VPC has the default NACL which is assigned to new subnets on creation.
On a NACL, we have a ruleset of:
100 Allow all traffic from anywhere on port 80
200 DENY all traffic from anywhere on port 80
What will happen?
All http traffic will be allowed as rule 100 has precedence over 200.
What is the bandwidth fora direct connect connection?
1Gbps
Does traffic between instances in 2 different regions traverse the public web (2 answers)
It depends. If the instances are in 2 VPC’s which are peered between regions - then no.
If they are not in peered VPC’s then it might
How do you assign a public IP address to a running instance that doesn’t have one?
You need to allocate an EIP and then assign it to the instances primary ENI
How many subnets can a VPC have?
200
There are 2 types of Direct connect connection - what are they?
Dedicated: Physical Ethernet port dedicated to customer.
Hosted - Flexible bandwidth based on AWS direct connect partners
We have created an application which utilises cloudfront to distribute content. This interfaces with our application sitting behind an ALB inside a VPC secured by a NACL. We are experiencing rogue traffic fro a specific IP so we put a deny rule into the NACL but this hasn’t helped. Whats wrong?
The ALB will not see the client IP - it will only see the cloudfront public IP. To solve the problem, we will need to install a WAF on Cloudfront.
When creating subnets in a VPC, what are the two reasons for ensuring that your VPC has sufficient space to accommodate more subnets at a later stage?
Firstly, you may need to introduce another architectural layer and tier for the application - such as a database tier or middleware layer.
Secondly, AWS sometimes adds additional AZ’s. If you have enough CIDRs you can take advantage of this by adding a subnet into the new AZ to increase resilience.
What are the 2 speeds offered by direct connect?
1 and 10GBps
Do virtual private gateways and direct connect virtual interfaces require an IP? If so, what are the implications when designing your subnet?
They do. The implication is hat you need to ensure that specific IP’s are provisioned in the subnet to accommodate those.
Can subnet CIDR’s overlap? Can they be changed after the subnet has been created and can a subnet have multiple CIDR’s?
No to all
You need to expose several services in your VPC to multiple VPCS’s but do not want to peer these or route over the internet. What technology allows you to do this?
AWS Private Link
