VPC - Build Your Own Custom VPC Flashcards

1
Q

How to create a VPC with public and private subnets:

A
  1. Create VPC, which creates a main route table, default security group, and default network ACL.
  2. Create 2 subnets.
  3. Create and attach an IGW to the VPC.
  4. Create another route table.
  5. Associate the IGW and one of the subnets to the custom route table.
  6. Launch instance in the public subnet with a security group allowing HTTP, HTTPS, SSH.
  7. Launch instance in the private subnet with a security group allowing SSH, ICMP, .
  8. Launch NAT instance or create NAT gateway or Bastion.
  9. Create Network ACL mirroring security groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the purpose of the CIDR block?

A

Specifies IP address ranges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What size can the CIDR be for a VPC or subnet?

A

Between /16 and /28

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is meant by “Tenancy?”

A

Determines whether VPC and its assets are deployed onto shared hardware or dedicated hardware. Default is shared hardware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When would you want the Tenancy to be Dedicated?

A

Security concerns, e.g. regulatory requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When you create a VPC, what else is created?

A

Main route table, default security group, default network ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When you create a VPC, what is NOT created?

A

Subnets, Internet Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Can a subnet be the same size as your VPC?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

1 Subnet always equals

A

1 Availability Zone

1 Subnet = 1 AZ = 1 NACL. Remember an AZ or NACL CAN have many Subnets but a Subnet can only be in one AZ or in one NACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

To make a subnet public…

A

…create and attach an Internet Gateway, associate it with a route table, and associate the subnet with that route table. Additionally, enable auto-assign IP on that subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When you create a new Subnet, is it associated with any route tables?

A

Yes, it will be associated with the Main Route Table by default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why is it considered a best practice to keep the main route table private?

A

If there is a route out to the Internet from the main route table, all subnets in that route table will automatically be public, which is a security risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

If you forget to enable auto-assign public IP for a subnet…

A

…when you launch an EC2 instance you can enable auto-assign there.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

If you forget to assign a public IP address to a public EC2 instance…

A

…you can allocate an Elastic IP address to it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When you launch an instance in the private subnet…

A

…traffic will be sourced from the public subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

To SSH into your private instance from your public instance…

A

…you need to copy/paste your keypair into the public instance and chmod 600

17
Q

To be able to PING the private instance…

A

…allow ICMP on the private instance and ping the private IP from the public instance

18
Q

To perform security patches, install software, etc on a private instance…

A

…you need a way for that instance to access the Internet (NAT instance or NAT gateway)