VPC and Networking Flashcards
ElasticIP
It costs even if its not attached to an EC2 instance or EC2 instance is stopped
VPC
VPC is linked to a region
Withing VPC we have subnets
Subnet
Subnet is linked to an AZ
Used to partition your VPC
Define public and private subnets
Route Table
Define access to internet and between subnets
CIDR Range
Range of IP addresses allowed in the VPC
Internet Gateway
Helps to connect VPC to internet
Public subnet routes to internet gateway which connect to internet
NAT Gateway & NAT Instances
NAT Gateway (AWS managed)
NAT Instances (Self Managed)
Allows instances in private subnet to access internet but still remain private
Network ACL
Firewall that controls traffic from and to a subnet
Define Allow & Deny rules and rules include only IP addresses
Security Groups
Firewall that controls traffic from and to a ENI/EC2 instance
Define Allow rules only and rules include IP addresses or other SGs
VPC Flow Logs
Capture information about IP traffic going into your interfaces
The VPC flow log data can go to S3, CloudWatch Logs and Kinesis Data Firehose
VPC Peering
To connect two VPC privately using the network from AWS
IP addresses range should not overlap
VPC Endpoints
To access AWS services by a private subnet in a private network
VPC Endpoint Gateway - Connect to S3 or DynamoDB
VPN Endpoint Interface - Connect to all other AWS services
AWS PrivateLink
Allows services running in your VPC in AWS to other VPCs privately
Add Network Load Balances on premise
Add Elastic Network Interface on AWS VPC
Site to Site VPN
Connect on premise DC with VPC on AWS over public internet but enctypted
Add a Customer Gateway on premise
Add Virtual Private Gateway at VPC
Connect both using site to site VPN
Direct Connect (DX)
Connect on premise DC with VPC on AWS over private network using physical connection
