VPC fundamentals

Question 1

vpc fundamentals

Answer 1

• vpc, subnets, internet gateways, nat gateways
• security groups, network ACL, VPC flow logs
• vpc peering, vpc endpoints
• site to site vpn, direct connect

Question 2

vpc

Answer 2

• private network regional resource
  
  • subnets (availability zone level)
    
    • pubic subnet - accessible from internet
  • route tables define access to internet and between subnets

Question 3

Internet Gateways and NAT Gateways

Answer 3

Question 4

Network ACL

Answer 4

• NACL - firewall that controls traffic to and from subnet
  
  • can have ALLOW and DENY rules
  • attached at subnet level
  • rules only include ip addresses
  • default NACL allows everything in and everything out of subnet

Question 5

Security groups

Answer 5

• firewall that controlls traffic to and from an ENI or EC2 instance
• only ALLOW rules
• stateful, if traffic can go out, it can go in
• rules include IP addresses and or other security groups

Question 6

VPC flow logs

Answer 6

• IP traffic info going into interfaces
  
  • includes Elastic Network Interface, subnet, vpc logs

Question 7

VPC peering

Answer 7

• connect two VPCs, privately using AWS’s network
• must not have overlapping CIDR (IP ranges)
• NOT transitive

Question 8

VPC Endpoints

Answer 8

• allow you to connect to public AWS services privately from within your VPC
• enhanced security, lower latency