VPC & Shared Responsibility Model Flashcards
Shared Responsibility Levels
CIA
Infrastructure (EC2) Container Services (OS & App Mgt) Absracted (DynamoDB)
Shared Responsibility - Amazon vs Client
Client is responsible for Clisde Side Encryption and Customer Data
Amazon
- 1) OS and Application Mgt
- 2) S3 and DynamoDB
- 3) Hypervisor???
What is VPC
Logical Data Center in AWS
How many Availability Zones can a VPC Span
Multiple :D
How man Regions can a VPC Span
1
What do VPCs consis of
Routs, Tables, ACL, IGW, Subnets, SGs
How many Availability Zones per subnet
1
VPC Peering
you can peer VPCs even with other AWS accounts if you have an agreement
NAT Instance does not support
Transitive Peering
NAT Instance - what Instance setting do you need to disable?
Source Destination Check
NAT Instance - what type of subnet must it be under
Public
NAT Instance - what does it need in order to work
1) Elastic IP
2) Route out of the private subnet
NAT Instance - Traffic size depends on this
Size of Instance
NAT Instance - what does it need to create High Availability
Autoscalling groups
NAT Instance - Does is use Security Groups or ACLs
Security Groups of course silly
NAT Instance - are Stateful or Stateless
Stateful
Stateful
Return Traffic Automatically Allowed. This the FULL = FULL of RIGHTS
Stateless
Return Traffic must be Explicitly Allowed
NAT Gateways Benefits
No need to patch and is preferred.
NAT Gateways - Use ACL or SGs
ACLs. Only thing that uses SG are NAT Instances
NAT Gateways - Auto assigns a public address - true or false
true
NAT Gateways - what VPC item do you add them to? Subnet, IGW, Route, ACL
Route. They are added to the defualt route just like Route Instances.
ACL (Access Control Lists) - Created automatically when VPC is created - true or false
true. A single default ACL (and Route) is created. it allows all traffic both inbount and outbound by default. Not like a custom.
ACL - Default ACL allow all traffic - true or false
True
