VPC Flashcards
CIDR
Routing rules/convention dedicated to VPC (Virtual Private Cluster)
Private IP ranges include:
- 10.0.0.0
- 172.16.0.0
- 192.168.0.0
Subnets
AWS reserves 5 IPs address (first 4 and last 1 IP address) in each Subnet
Internet Gateways
Internet gateways helps our VPC instances connect with the internet
Routes Tables
Used to configure routing for subnets i.e. route traffic to internet gateway or locally
NAT Instances – Network Address Translation
Allows instances in the private subnets to connect to the internet
- NAT Instance must be launched in a public subnet
NAT Gateway
AWS managed NAT, higher bandwidth, better availability, no admin
- resilient within a single-AZ
DNS Resolution in VPC
Allows DNS for instances in your subnet
Network ACLs
- NACL are like a firewall which control traffic from and to subnet
- Default NACL allows everything outbound and everything inbound
- One NACL per Subnet, new Subnets are assigned the Default NACL
VPC Peering
Connect two VPC, privately using AWS’ network and make them behave as if they were in the same network
- cannot have overlapping CIDR
VPC Endpoints
Endpoints allow you to connect to AWS Services using a private network instead of the public (www) network
VPC Flow Logs
Capture information about IP traffic going into your interfaces
Bastion Hosts
Allows SSH into our private instances
The bastion is in the public subnet which is then connected to all other private subnets
Site to Site VPN
Makes AWS and corporate VPC seem like they are part of the same network
Direct Connect
Provides a dedicated private connection from a remote network to your VPC
Egress Only Internet Gateway
Egress only Internet Gateway is for IPv6 only, similar to NAT but NAT is for IPv4
