VPCs

Question 1

Can VPC Peering be done between two VPCs in different AWS accounts?

Answer 1

Yes

Question 2

Suppose VPC A is peered with VPC B, and VPC B is paired with VPC C. Is VPC A considered peered with VPC C?

Answer 2

NO. VPC Peering is NOT transitive!

Question 3

Can you use VPC Peering to peer two VPC in different AWS regions?

Answer 3

Yes

Question 4

Can you have two VPC subnets in the same AZ?

Answer 4

Yes

Question 5

Can you have a subnet stretched across multiple AZs?

Answer 5

No

Question 6

When you create a VPC, what infrastructure is created by default?

Answer 6

• A Default Route Table
• A Network ACL
• A Default Security Group

(Note that it does NOT create subnets or IGWs)

Question 7

How many IP Addresses does Amazon Reserve per subnet?

Answer 7

5

Question 8

What is the maximum number of IGWs you can have per VPC?

Answer 8

1

Question 9

Can you have a security group spanning multiple VPCs?

Answer 9

No

Question 10

Can you create an ELB with only one public subnet?

Answer 10

No, to create an ELB you need at least 2 public subnets

Question 11

Are Bastion Hosts usually placed in a private subnet or a public subnet?

Answer 11

They are placed in a public subnet so you can access the private subnet

Question 12

What is Direct Connect and what are its primary use cases?

Answer 12

• Idea is that it directly connects your data center to AWS
• Useful for high throughput workloads (lots of network traffic)
• Useful if you need a stable and reliable secure connection

Question 13

What are the steps for setting up AWS Direct Connect?

Answer 13

1. Create a virtual interface in the direct connect console. This is a PUBLIC virtual interface
2. Go to the VPC Console and then to VPN Connection. Create a Customer Gateway
3. Create a Virtual Private Gatway
4. Attach the Virtual Private Gateway to the desired VPC
5. Select VPN Connections and create a new VPN Connection.
6. Select the Virtual Private Gateway and the Customer Gateway
7. Once the VPN is available, set up the VPN on the customer gateway or firewall

Question 14

What is AWS Global Accelerator?

Answer 14

A service in which you create accelerators to improve availability and performance of your applications for local and global users

Question 15

How many static IP addresses does AWS assign to you for Global Accelerator?

Answer 15

2

(Note you can also bring your own static IPs!)

Question 16

How do you control traffic in AWS Global Accelerator?

Answer 16

Use traffic dials. This is done within an endpoint group

Question 17

What is a VPC Endpoint?

Answer 17

A VPC Endpoint enables you to privately connect your VPC to supported AWS Services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN Connection, or Direct Connect Connection

Question 18

What are the two types of VPC Endpoints?

Answer 18

• Interface Endpoints
• Gateway Endpoints

Question 19

For what services are VPC Gateway Endpoints supported?

Answer 19

• Amazon S3
• DynamoDB

Question 20

Suppose you want to peer a VPC with tens or thousands of other customer VPCs. What is the best way to accomplish this?

Answer 20

AWS PrivateLink

Question 21

Does AWS PrivateLink require VPC Peering?

Answer 21

No.

There’s no NAT, no route tables, no IGWs, etc.

Question 22

What is required to use AWS PrivateLink?

Answer 22

• A Network Load Balancer on the service VPC
• An ENI on the customer VPCs

Question 23

What is AWS Transit Gateway used for?

Answer 23

• It allows you to have transitive peering between thousands of VPCs and on-premises data centers
• Think simplify network topology
• Always works on a hub-and-spoke model

Question 24

Can you use AWS Transit Gateway across multiple regions?

Answer 24

Yes

Question 25

Can you use AWS Transit Gateway across multiple accounts?

Answer 25

Yes

Question 26

Do AWS Transit Gateways work with Direct Connect?

Answer 26

Yes

Question 27

When using AWS Transit Gateways, how can I limit how VPCs talk to one another?

Answer 27

Use route tables

Question 28

What is the ONLY AWS Service that supports IP Multicast?

Answer 28

AWS Transit Gateway

Question 29

What is the use case for AWS VPN CloudHub?

Answer 29

• Connecting multiple sites, each with a VPN Connection, together over a hub-and-spoke model
• It operates over the public internet, but all traffic between the customer gateways and the VPN CloudHub is encrypted

Question 30

When using VPCs, will private IPs or public IPs produce a lower network cost? Why?

Answer 30

private IPs are less expensive than public IPs, because private IPs use the AWS Backbone Network

Question 31

In general, does AWS charge you more/less/or the same for communicating between VPCs in different AZs within the same region vs. communicating between VPCs in different regions?

Answer 31

communicating between VPCs in different AZs in the same region is less expensive than communicating between VPCs in different regions.

Question 32

Does VPC peering support edge to edge routing?

Answer 32

No