What is VPN-only Subnet?
If a subnet doesn’t have a route to the internet gateway, but has its traffic routed to a virtual private gateway for a Site-to-Site VPN connection, the subnet is known as a VPN-only subnet
Can an instance be assigned 10.0.0.1?
The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance.
- 0.0.0: Network address.
- 0.0.1: Reserved by AWS for the VPC router.
- 0.0.2: Reserved by AWS. The IP address of the DNS server
- 0.0.3: Reserved by AWS for future use.
- 0.0.255: Network broadcast address.
How many subnet’s are created in each VPC by default?
A default VPC is created in each region with a subnet in each AZ
What is VPC dedicated Tenancy?
An instance launched into the VPC is a Dedicated Instance by default, unless you explicitly specify a tenancy of host during instance launch. You cannot specify a tenancy of default during instance launch.
Changes of Tenancy options?
You can change the instance tenancy of a VPC from dedicated –> default after you create it.
You “cannot” change the instance tenancy of a VPC to default –> X dedicated.
Options for connecting to a VPC are:
- Hardware based VPN
- Direct Connect
- VPN CloudHub
- Software VPN
Subnets with overlapping IP address ranges cannot be created: True/False
True
An Internet Gateway serves two purposes:
1) To provide a target in your VPC route tables for internet-routable traffic
2) To perform network address translation (NAT) for instances that have been assigned public
IPv4 addresses
When manually adding IGW how can you ensure EC2 instance traffic flows to outside VPC?
Internet Gateways (IGW) must be:
- Created
- Attached to a VPC
- Added to a route table,
- Associated with the relevant subnet(s)
For HA of IGW add another IGW. Is this correct?
You cannot have multiple Internet Gateways in a VPC.
No availability risk or bandwidth constraints since supported by AWS
V. IMP*
To enable access to or from the Internet for instances in a VPC subnet, you must :
- Attach an Internet Gateway to your VPC
- Ensure that your subnet’s route table points to the Internet Gateway
- Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
- Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance
VPC with Single Public Subnet route table config?
Custom Route table with:
1. ) Subnets/instances able to talk within VPC
2) Instance be able to talk to Internet via IGW
0. 0.0.0/0 igw-id
VPC with Public and Private subnets components
VPC 1 Private Subnet 1 Public subnet -> with NAT gateway by default (can be changed manually to NAT Instance) 2 route tables : Custom RT -> Public Subnet Main RT -> Private Subnet
VPC with Public & Private route table config?
Custom route public subnet.
- ) Subnets/instances able to talk within VPC
2) Instance be able to talk to Internet via IGW
(0. 0.0.0/0 igw-id)
Main RT Private Subnet
1) Subnets/instances able to talk within VPC
2) Instances could talk to internet via NAT (0.0.0.0/0, nat-gw id)
VPC with Public and Private Subnets and Hardware VPN Access components
1 VPC 1 Private Subnet or VPN Only Subnet 1 Public subnet -> NO NAT 1 Virtual private gateway (VGW) 2 route tables : Custom RT -> Public Subnet Main RT -> Private Subnet
VPC with Public and Private Subnets and Hardware VPN Access Use case
1) If you want to extend your network into the cloud and also directly access the Internet from your VPC.
2) Enables you to run a multi-tiered application with a scalable web front end in a public subnet, and to house your data in a private subnet that is connected to your network by an IPsec AWS Site-to-Site VPN connection.
VPC with Public and Private Subnets and Hardware VPN Route Table config?
Custom route public subnet.
- ) Subnets/instances able to talk within VPC
2) Instance be able to talk to Internet via IGW
(0. 0.0.0/0 igw-id)
Main RT Private Subnet
1) Subnets/instances able to talk within VPC
2) Instances could talk to internet via VGW (0.0.0.0/0, vgw- id)
