VPC Peering What does it allow you to do? How do instances behave? Can you peer VPCs with other AWS accounts as well as with other VPCs in the same account? Can you have Transitive peering?
- allows you to connect one VPC with another via direct network route using private IP address.
- Instances behave as if they were on the same private network
- You can peer VPCs with other AWS accounts as well as with other VPCs in the same account.
- NO Transitive peering VPC1 → VPC2 → VPC3, VPC1 cannot communicate with VPC3.
NAT ___________:
- When creating a ____ ______, Disable Source/Destination Check on the instance
- Must be in a public subnet
- There must be a route out of the private subnet to the ____ ______ in order to work
- The amount of traffic it can support depends on the instance size.
- You can create HA using ASG, multiple subnets in different AZs, and a script to automate failover
- Behind a Security Group
NAT Instance
NAT ___________:
- Scale automatically up to 10 Gbps
- No need to patch or associate to a SG
- Automatically assign public IP address
- Remember to update your route tables
NAT Gateway
You need to block certain IP addresses from accessing your applications, should you use SG or NACLs?
NACL
Which VPC feature allows communication between instances in your VPC and services without imposing availability risks?
VPC Endpoints
- VPC ____ _____ is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.
- ____ _____ data can be published to Amazon CloudWatch Logs or Amazon S3.
- After you’ve created a ____ _____ , you can retrieve and view its data in Amazon CloudWatch Logs
VPC Flow Logs
At which 3 levels can VPC Flow logs be created?
- VPC
- Subnet
- Network interface level
How many available IPs do you have using 10.0.0.0/24? What about 10.0.0.0/28?
- 0.0.0/24 -> 256, but gotta take 5 so 251.
10. 0.0.0/28 -> 16, 11 IPs
When should you use Direct Connect? Can you use Direct connect to connect to VPCs in different AZ?
When you need to establish a dedicated network connection from your premises to AWS.
To connect to VPC in another AZ, use Direct Connect Gateway.
What protocol does Direct Connect use for sharing routing info from the router in your Data Centre to AWS and vice versa?
BGP
Border Gateway Protocol
Route 53 - Record Types
- A
- AAAA
- CNAME
- Alias
- MX
- NS
- SOA
Route 53 - Record Type
Used by a computer to translate the name of the domain to an IPv4 address.
A Record Type
Route 53 - Record Type
- Used to resolve one domain name to another.
- If you are accessing a website from your mobile: DNS for website → DNS for mobiles.
CNAME
Route 53 - Record Type
- Used to map resource record sets in your hosted zone to ELBs, CloudFront distributions, or S3 bucket that are configured as websites.
- www.example.com (http://www.example.com/) → maps you to → elb1234.elb.amazonaws.com (http://elb1234.elb.amazonaws.com/)
Alias
Route 53 - Routing Policies
- You can only have one record with multiple IP addresses.
- If you specify multiple values in a record, Route 53 returns all values to the user in a random order.
- CANNOT do health checks on this.
Simple Routing Policy
Route 53 - Routing Policies
- Let you split your traffic based on different weights assigned.
Weighted Routing
Route 53 - Routing Policies
Use when you want to route traffic to the Region that provides the best latency with less round-trip time.
Latency Routing
Route 53 - Routing Policies
- Use when you want to configure active-passive failover.
- Primary website in one region and secondary DR site in another region.
- Route 53 monitors the health of your primary site using a health check
- Health check monitors the health of your end points.
Failover routing
Route 53 - Routing Policies
Use when you want to route traffic based on the location of your users.
Geolocation routing policy
Route 53 - Routing Policies
- Use when you want Route 53 to respond to DNS queries with up to eight healthy records selected at random.
- Health checks applied.
Multi-value answer routing policy
