10. VPC

Question 1

What is a VPC?

Answer 1

Virtual Private Network

• a private network to deploy your resources (regional resource)

Question 2

What is a public subnet?

Answer 2

A subnet that is accessible from the internet

Question 3

What is a private subnet?

Answer 3

A subnet that is not accessible from the internet

Question 4

What do you use to define access to the internet and between subnets?

Answer 4

Route Tables

Question 5

What is an internet gateway?

Answer 5

VPC component that allows communication between your VPC and the internet

Question 6

NAT Gateways are ___-managed

Answer 6

NAT Gateways are AWS-managed

Question 7

NAT Instances are ___-managed

Answer 7

NAT Instances are self-managed

Question 8

What do NAT Gateways and NAT Instances do?

Answer 8

They allow your instances in private subnets to access the internet while remaining private

Question 9

What is a NACL?

Answer 9

Network ACL

• a firewall which controls traffic from and to a subnet
• can have ALLOW and DENY rules
• rules only include IP addresses

Question 10

What is a Security Group?

Answer 10

• a firewall that controls traffic to and from an ENI / an EC2 Instance
• can only have ALLOW rules
• rules include IP addresses and other security groups

Question 11

What do VPC Flow Logs do?

Answer 11

• capture information about IP traffic going into your interfaces
• help to monitor and troubleshoot connectivity issues

Question 12

What is VPC Peering?

Answer 12

• VPC peering connects to VPCs privately using AWS’ network
• make them behave as if they were in the same network
• cannot have overlapping CIDR

Question 13

Is a VPC Peering connection transitive?

Answer 13

No.

You must establish a connection for each VPC that need to communicate with one another (i.e. a connection from A to B and B to C does not allow A to communicate with C)

Question 14

What are VPC Endpoints?

Answer 14

Endpoints allow you to connect to AWS services using a private network instead of the public www network

• provides enhanced security and lower latency
• only used within your VPC

Question 15

What are the two types of VPC endpoints?

Answer 15

1. Interface endpoints
2. Gateway endpoints

Question 16

Which services use gateway endpoints?

Answer 16

S3 and DynamoDB

Question 17

Which services use interface endpoints?

Answer 17

Everything except S3 and DynamoDB

Question 18

What is Direct Connect (DX)?

Answer 18

A physical connection between on-premisis and AWS