VPC Overview Flashcards
What is a VPC?
A logically isolated section the cloud
True or false: You have complete control over the networking including IP addresses, creating subnets, and configuring route tables?
True
True or false: you can create a hardware VPN connection between your corporate data center and your VPC, allowing you to leverage AWS cloud as an extension of your corporate data center?
True
Which three internal private IP ranges does AWS support?
- 0.0.0 - 10.255.255.255 (10/8 prefix)
- 16.0.0 - 172.31.255.255 (172.16/12 prefix)
- 168.0.0 - 192.168.255.255 (192.168/16 prefix)
What website can you use to help calculate the CIDR range you should use in your networks?
CIDR.xyz
What is the default maximum number of VPC’s you can have in a region?
5
Can you increase the default number of VPCs in a region?
Yes, by opening a case with AWS
If you require more IP addresses than your current VPC supports, how can you create more?
You have to create a new VPC, so plan ahead.
Where do CIDR addresses get applied?
When you create a subnet
Can a subnet span availability zones?
No. One subnet, one availability zone.
Where are subnets applied?
Availability Zones
Can you create more than one internet gateway in a VPC?
No, each VPC can be allocated one IG
True or false: You should always plan for high availability with internet gateways by implementing at least two per VPC?
False: You can only attach one internet gateway per VPC. Internet gateways are an AWS managed service and have high availability built in.
True or false: Like subnets, security groups are locked to one availability zone?
False: Security groups can span availability zones.
True or false: With a custom VPC, you can launch instances into the subnet of your choice?
True
True or false: With a custom VPC, you can assign custom IP address ranges in each subnet?
True
True or false: With a custom VPC, you can configure route tables between subnets?
True
True or false: With a custom VPC, you can attach an internet gateway to your VPC?
True
True or false: With a custom VPC, you can have much better security control over your AWS resources?
True
True or false: With a custom VPC, you can use instance security groups?
True
True or false: With a custom VPC, you can use subnet access control lists?
True
Can you block IP addresses with a subnet access control list?
Yes
True or false: With the AWS default VPC, all instances require an internet gateway for access to the internet?
False: All subnets in a default VPC have a route to the internet.
True or False: Instances in a default VPC have only a public IP address?
False: Instances in a default VPC have both a public and a private IP address
True or false: Private subnets come with the default VPC?
False: To get private subnets in the default VPC you have to create them manually.
When you deploy an EC2 instance to a custom VPC in a private subnet, will the EC2 instance be assigned a public and private IP address?
No, it will only be assigned a private IP address because it is in a private subnet.
Can one VPC talk to another?
Yes, via VPC Peering
What does VPC peering allow you to do?
Connect one VPC with another via a direct network route.
Do VPC Peers use public or private IP addresses?
Private IP addresses
With VPC peering, do instances behave as though on the same private network?
Yes. They will be allowed to communicate to eachother.
While you can peer VPCs in your AWS account, peering with other AWS accounts is not possible without a VPN connection?
False: You can peer with VPCs in another account without the need of VPNs or other services.
What network topology (or configuration) do VPC peers follow?
Star topology (configuration).
Does VPC peering support transitive peering?
No, only direct peering
What is transitive peering?
The idea that if VPC - A has a VPC peer with VPC - B and VPC - C, then VPC - A can network with VPC - C through VPC - B.
If VPC - A needs to peer to VPC - C througfh VPC - B, how can this be accomplished?
VPC - B would need a VPC peer with VPC - C
Exam Tip - Should you think of a VPC as a logical datacenter in AWS?
Yes
Exam Tip - What network assets do VPCs consist of?
Network access control lists
subnets
security groups.
Exam Tip - How many availability zones can a subnet access?
One. Remember, one subnet per availability zone.
Exam Tip - Are security groups stateful, or stateless?
Stateful
Exam Tip - Are network access control lists stateful or stateless?
Stateless
Exam Tip - Is transitive peering a thing?
No. To achieve that kind of secario, you must create peering between peered VPCs.
Is an availabilty zone in one account, the same as an availability zone in another? In other words, if you select us-west-1a, and another AWS account selects us-west-1a, are they neccesarily the same physical location?
No. AWS randomizes the availabilty zones for each account to ensure an equal distribution of resource allocation across their datacenters.
You deployed a /24 CIDR block which includes 256 IP addresses. You notice only 251 are available to you? What’s going on?
The first 4 IP addresses and the last IP address are reserved by AWS.
Which IP addresses are reserved by AWS?
x. x.x.0 = network IP address
x. x.x.1 = Reserved by the VPC router
x. x.x.2 = Reserved by AWS DNS
x. x.x.3 = Reserved by AWS
x. x.x.255 = Network broadcast address
How many IP addresses will you lose when deploying a CIDR block?
5
BY default, are nelwy create internet gateways attached to the custom VPC?
No, they are detached. You have to attach it to a custom VPC.
True or False: When you create a subnet, it is automatically associated with your main route table?
True
As a security precaution, why should your main route table be private, without access to or from the internet?
Newly created subnets are automatically assigned to it, creating a possible security issue.
