VPC Routing, IGW, Bastion Hosts Flashcards
What is VPC Routing?
VPC Routing refers to the rules and methods that determine the path network traffic will take within your Virtual Private Cloud (VPC) or between your VPC and other networks. It is managed through route tables associated with each subnet.
What is an Internet Gateway (IGW)?
An Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It serves as a gateway for traffic between your VPC and the internet.
How do you enable internet access for a subnet in a VPC?
To enable internet access for a subnet in a VPC, you must route the subnet’s traffic to the internet gateway (IGW) by adding a routing rule in your subnet’s route table to direct internet-bound traffic to the IGW.
What is a Bastion Host?
A Bastion Host is a specially configured instance in a public subnet of a VPC used as a secure and sole point of entry for SSH or RDP traffic to your instances in private subnets. It is hardened and monitored to minimize the risk of attacks.
Why use a Bastion Host in AWS?
Bastion Hosts are used in AWS to securely manage instances within private subnets. They provide a secure, single point of access from the internet, reducing the surface area for potential attacks while enabling necessary administrative access.
What security measures should be applied to Bastion Hosts?
Security measures for Bastion Hosts include limiting inbound traffic to only the necessary ports, using security groups, frequently updating and patching, employing key-based SSH access, logging and monitoring all access, and ideally, integrating with AWS IAM for authentication.
How does routing work in a VPC?
In a VPC, routing is determined by route tables. Each subnet in a VPC is associated with a route table, which specifies the paths for traffic based on the destination IP addresses. Traffic is directed according to the most specific route in the table that matches the traffic’s destination.
What is the purpose of a route table in a VPC?
A route table in a VPC specifies how and where the network traffic should be routed based on the destination IP address. Each subnet in a VPC must be associated with a route table, which can be the VPC’s main route table or a custom route table.
How can you enhance the security of VPC internet access via IGWs?
To enhance security when accessing the internet via IGWs, utilize Network Access Control Lists (NACLs) for stateless filtering, security groups for stateful filtering, ensure instances use Elastic IPs or Public IPs for internet access, and use HTTPS for secure communication.
What are the differences between Internet Gateways and NAT Gateways in a VPC?
Internet Gateways provide a way for instances in a VPC to directly access the internet, whereas NAT Gateways allow instances in private subnets to access the internet or other AWS services without exposing those instances to incoming internet traffic. NAT Gateways are used to provide outbound internet access for resources that don’t need inbound internet access.