VPC Section

Question 1

What is a VPC

Answer 1

• Virtual Private Cloud - a private network for your resources
• Divided into Public subnet (www access) and Private subnet (non-www)
• route tables define access
• A VPC spans all Availability Zones (AZs) within a region.

Question 2

What is Internet Gateway and NAT Gateway?

Answer 2

• Internet Gateway allows www access to public subnet
• NAT gateway allows www access to Private subnet - for example to allow software updates to be downloaded from web - while remaining private

Question 3

What is NACL and Security Groups?

Answer 3

• NACL: network access control list - ip address control (firewall) at subnet level. Allow and Deny
• Security Groups: IP access control at EC2 instance level. Allow only.

Question 4

What are VPC Flow Logs?

Answer 4

• Logging for IP traffic into your interfaces

Question 5

What is VPC Peering?

Answer 5

• Allows two VPCs to be joined so they appear as as being on same network.

Question 6

What are VPC Endpoints?

Answer 6

• Endpoints allow connection from VPC to AWS services on private network vs public network
• Lower latency and enhanced security
• VPC Endpoint Gateway: For dynamoDB and S3 ***
• VPC Endpoint Interface: for the rest

Question 7

Options to connect private network to AWS?

Answer 7

• Site-to-Site VPN: public encrypted connection
• Can be setup very quickly
• On Premise uses Customer Gateway
• AWS side has Virtual Private Gateway
• Direct Connect: Physical very private connection
• Takes a month to set up

Question 8

What is Transit Gateway?

Answer 8

A way to connect 100’s or 1000’s of VPCs to private network