VPCs Flashcards
What is VPC?
The Virtual Private Cloud allows for provisioning an isolated section of AWS where resources can be launched, and have complete control over the environment.
What is a Bastion Host?
It is an EC2 instance in a VPCs public subnet that is used to SSH into another EC2 instance in a VPCs private subnet. Bastion Hosts are not for communicating back out to the internet.
What is the path from the internet to the server in a private subnet using a bastion host?
Access is through the Internet Gateway, which leads to the Router, which routes based on the Route Tables. Then passes through a Network ACL, which is like a firewall and first line of defense. It then passes to the EC2 Public subnet’s Security Group, which is the second “firewall”. This EC2 instance acts as Bastion Host, which is used to SSH into the EC2 instance in the Private subnet.
What is a NAT Gateway?
A NAT Gateway cannot be used as a Bastion Host.
What is VPC Peering?
Allows for the connection of one VPC to another. They both behave as if on the same network. VPCs can peer with other AWS account VPCs or VPCs in a different region.
What is VPC Transitive Peering?
Transitive Peering is where a VPC tries to peer through the central VPC into another VPC. A new peering connection would need to be set up, as transitive peering is not possible.
What do VPCs consist of at a minumum?
Internet Gateway, or Virtual Private Gateway for VPNs, Route Tables, NACL, Subnets, Security Groups.
True or False: Subnets can be spread across more than one AZ.
False, however, there can be multiple subnets in the same AZ.
When creating a custom VPC, what is automatically created?
Security Group, NACL, and a Route Table.
Steps to create VPC?
Create the basic VPC, then create the Pubic and Private subnets. Change “auto assign public ipv4” for the subnet that will be the public subnet.
