VPC & Networking Flashcards
What is a VPC?
Virtual Private Cloud - private network to deploy your resources, linked to one region only
What are Subnets?
Allow you to partition your network inside your VPC, linked to 1 AZ only
What are route tables?
Used in subnets to define access to the internet and between subnets
What are internet gateways?
Internet Gateways help our VPC instances to connect with the internet
What are NAT Gateways and NAT Instances?
NAT Gateways (AWS-managed) and NAT Instances (self-managed) allow your instances in private subnets to access the internet while remaining private
What is NACL?
Network Access Control List - 1st line of defence for our EC2 instances. A firewall which controls traffic from and to the subnet. Attached at subnet level.
What is a Security Group?
The second line of defence for our EC2 instances. A firewall that controls traffic from and to an ENI (Elastic Network Interface). Attached at EC2 instance level.
What rules can be attached to NACL and Security Groups?
- NACL: Allow and Deny
- Security Groups: Allow only
What are VPC Flow Logs?
Capture information about IP traffic going through your interfaces
What is VPC Peering?
Connect two VPCs privately using AWS’ network, make them behave as if they were in the same network
What are VPC Endpoints?
Endpoints allow you to connect to AWS services using a private network instead of the public www network, giving enhanced security and lower latency
What is PrivateLink (VPC Endpoint Service)?
Most secure and scalable way to expose a service to 1,000s of VPCs
What is Site-to-Site VPN?
Connect an on-premises VPN to AWS over the public internet
What is Direct Connect (DX)?
Establish a physical connection between on-premises and AWS
What is Client VPN?
Connect from your computer to your private network in AWS and on-premises, over the public internet
