What does VPC stand for?
Virtual Private Cloud
What is the difference between a private and public subnet?
- Public can be accessed from the internet via an IGW (Internet Gateway)
- Private cannot be accessed from the internet.
What are Route Tables used for?
To define access to the internet/between subnets
How does AWS provide subnets for you in a VPC?
- Each AZ comes with a “default” vpc, which contains a public subnet.
- You cannot create private subnets.
How can a private subnet access the internet?
The private subnet connects to the public subnet via a NAT Gateway (AWS managed)/NAT instance (self managed), which can access the IGW.
How can a private subnet access the internet?
The private subnet connects to the public subnet via a NAT Gateway (AWS managed)/NAT instance (self managed), which can access the IGW.
What is a NACL?
Network ACL (Access Control List):
- A firewall which controls traffic from and to a subnet
- Can have ALLOW and DENY rules
- Attached at the subnet level
- Rules only include IP addresses
- Stateless (rules must be set for outbound traffic)
How are security groups used with VPC?
- Security groups are a firewall that control traffic to and from an ENI (elastic network interface, can contain different types of IP address)/ an EC2 instance
- Can only have ALLOW rules
- Rules include IP addresses and other security groups
- Stateful: return traffic is automatically allowed, regardless of rules
What is the VPC flow log?
Information about IP traffic going into your VPC
What is VPC Peering?
Connect two VPC, privately, using AWS’ network, allowing them to behave as if they were in the same network.
What is a requirement of VPC Peering?
- Must not have overlapping CIDR (IP address range)
What does it mean to say that VPC Peering is not transitive?
If A is connected to B, and B to C, that does not mean that A is connected to C.
What is a VPC Endpoint?
An endpoint allowing you to connect to AWS services using a private network instead of the public network
- This gives you enhanced security and lower latency to access AWS services
What is the difference between VPC Endpoint Gateway and VPC Endpoint Interface?
Gateway - S3 and Dynamo DB
Interface - The rest (e.g., cloudwatch).
What is Site to Site VPN?
- Connect an on-premises VPN to AWS
- Connection is automatically encrypted
- Goes over the internet
What is Direct Connect (DX)?
- Establish a physical connection between on-premises and AWS
- Connection is private, secure and fast
- Goes over a private network
- Takes at least a month to establish
What is the limitation with Site to site and DX with respect to VPC endpoints?
Site to Site VPN and DX cannot access VPC endpoints.
What is a subnet?
Tied to an AZ, it is a network partition of the VPC.
-
IAM4
-
EC210
-
EBS34
-
ELB47
-
RDS, Aurora & ElastiCache53
-
Route 5359
-
VPC18
-
S356
-
AWS CLI, SDK, IAM Roles & Policies14
-
CloudFront20
-
ECS, ECR & Fargate - Docker in AWS43
-
Elastic Beanstalk22
-
CICD20
-
CloudFormation13
-
CloudWatch29
-
SQS, SNS and Kinesis79
-
Lambda62
-
DynamoDB49
-
API Gateway35
-
SAM5
-
Cloud Development Kit6
-
Cognito11
-
Step Functions and AppSync17
-
Advanced Identity12
-
AWS Security & Encryption33
-
Other AWS Services15
-
Test Review Questions200
