AWS Certified Cloud Practitioner 2020 Flashcards
(115 cards)
1
Q
What are the Six Advantages of Cloud Computing?
A
- Trade fixed expense for variable expense
- Benefit from massive economies of scale
- Stop guessing capacity
- Increase speed and agility
- Stop spending money running and maintaining data centers
- Go global in minutes
2
Q
What is Infrastructure as a Service (IaaS)?
A
Infrastructure as a Service (IaaS) contains the basic building blocks for cloud IT and typically provides access to networking features, computers (virtual or on dedicated hardware), and data storage space.
e.g. EC2
3
Q
What is Platform as a Service (PaaS)?
A
Platform as a Service (PaaS) removes the need for your organization to manage the underlying infrastructure (usually hardware and operating systems) and allows you to focus on the deployment and management of your applications.
e.g. Elastic Beanstalk, Amazon Lightsail
4
Q
What is Software as a Service (SaaS)?
A
Software as a Service (SaaS) provides you with a completed product that is run and managed by the service provider.
e.g. GMail
5
Q
What does Public Cloud mean?
A
A cloud-based application is fully deployed in the cloud and all parts of the application run in the cloud.
6
Q
What does Hybrid cloud mean?
A
A hybrid deployment is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud.
7
Q
What does On-premises cloud mean?
A
The deployment of resources on-premises, using virtualization and resource management tools, is sometimes called the “private cloud.”
8
Q
What defines an AWS Region?
A
- An AWS Region is a physical location in the world where we have multiple Availability Zones. Each Availability Zone is isolated, but the Availability Zones in a Region are connected through low-latency links.
- Each Amazon Region is designed to be completely isolated from the other Amazon Regions.
9
Q
What is an Availability Zone?
A
- Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities. These Availability Zones offer you the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center.
- Each Availability Zone is designed as an independent failure zone.
10
Q
AWS Cloud Compliance supports what standards
A
- SOC 1/ISAE 3402, SOC 2, SOC 3
- FISMA, DIACAP, and FedRAMP
- PCI DSS Level 1
- ISO 9001, ISO 27001, ISO 27017, ISO 27018
11
Q
Why choose a particular AWS region?
A
- Data sovereignty laws - where can the data legally be kept?
- Latency to end users
- Availability of AWS services in the region
12
Q
What support plans exist?
A
- Basic - free
- Developer - 29/mo, scales
- Business - 100/mo, scales
- Enterprise - 15k/mo, scales - Get a TAM (Technical Account Manager)
13
Q
Which support plan gets you a TAM?
A
Enterprise - 15k/mo, scales
14
Q
What is CloudWatch?
A
- All about performance (analogy is personal trainer)
- Can monitor most of AWS
- Monitors your AWS resources and the applications they run
- Can create alarms which trigger notifications
15
Q
What Cloudwatch monitoring periods exist for EC2?
A
Every 5 minutes by default
Every 1 minute for detailed monitoring
16
Q
Is IAM global or regional?
A
Global
17
Q
3 ways user can access AWS
A
- AWS management console
- Command Line Interface (CLI) - requires access key ID and secret access key
- Amazon SDK
18
Q
IAM policies are which format?
A
JSON
19
Q
IAM policies are applied in what structure?
A
Groups
20
Q
IAM best practices
A
- Only use root account to create other accounts
- 1 user = 1 human, no phantom users
- Always place users in groups and apply policies at the group level
- Strong password policies
- Always use MFA
- Use roles to access other AWS services
- Use access keys for programmatic access to AWS
- Use IAM credential reports to audit
21
Q
What is AWS credential reports?
A
Audit the permissions of users/accounts
22
Q
S3 suited for what storage uses?
A
Object-based storage, for flat files (Not suitable for an OS)
Files can be 0-5TB in size
Unlimited storage
23
Q
Namespace of S3 buckets?
A
universal namespace!
24
Q
How to know if S3 upload successful?
A
HTTP 200
25
S3 data consistency model
read after write consistency for puts of new objects
| eventual consistency for overwrite puts and deletes
26
Where are S3 buckets stored? Where can they be accessed?
Buckets do exist in regions, but can be accessed globally
| Can replicate bucket in one region to bucket in another region using cross region replication
27
How does S3 scale?
S3 scales automatically to meet demand
28
What is S3 Transfer acceleration?
upload to edge location in your region, propagated to other regions using the AWS backbone
29
What is an Edge location?
place where content is cached for fast access (think CloudFront)
Note: you can also write (put an object) to an edge location (i.e. Transfer Acceleration)
30
What is the best practice for S3 access control?
S3 bucket policies or IAM policies are recommended for access control
31
What are the S3 storage classes?
Amazon S3 Standard (S3 Standard)
Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering)
Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
Amazon S3 Glacier Instant Retrieval
Amazon S3 Glacier Flexible Retrieval (Formerly S3 Glacier)
Amazon S3 Glacier Deep Archive
32
Characteristics of S3 standard
Low latency and high throughput performance
Designed for durability of 99.999999999% of objects across multiple Availability Zones
Resilient against events that impact an entire Availability Zone
Designed for 99.99% availability over a given year
Backed with the Amazon S3 Service Level Agreement for availability
Supports SSL for data in transit and encryption of data at rest
S3 Lifecycle management for automatic migration of objects to other S3 Storage Classes
33
Characteristics of Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering)
- Automatically moves data to the most cost-effective tier
Frequent, Infrequent, and Archive Instant Access tiers have the same low-latency and high-throughput performance of S3 Standard
- The Infrequent Access tier saves up to 40% on storage costs
- The Archive Instant Access tier saves up to 68% on storage costs
- Opt-in asynchronous archive capabilities for objects that become rarely accessed
- Deep Archive Access tier has the same performance as - Glacier Deep Archive and saves up to 95% for rarely accessed objects
- Designed for durability of 99.999999999% of objects across multiple Availability Zones and for 99.9% availability over a given year
- Backed with the Amazon S3 Service Level Agreement for availability
- Small monthly monitoring and auto tiering charge
- No operational overhead, no lifecycle charges, no retrieval charges, and no minimum storage duration
- Objects smaller than 128KB can be stored in S3 Intelligent-Tiering but will always be charged at the Frequent Access tier rates, and are not charged the monitoring and automation charge.
34
Characteristics of Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
- Infrequent access, but require rapid access - lower fee, but charged a retrieval fee
- Same low latency and high throughput performance of S3 Standard
- Designed for durability of 99.999999999% of objects across multiple Availability Zones
- Resilient against events that impact an entire Availability Zone
- Data is resilient in the event of one entire Availability Zone destruction
- Designed for 99.9% availability over a given year
- Backed with the Amazon S3 Service Level Agreement for availability
- Supports SSL for data in transit and encryption of data at rest
- S3 Lifecycle management for automatic migration of objects to other S3 Storage Classes
35
Characteristics of Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
- Low cost, do not require multiple availability zone data resilience
- Same low latency and high throughput performance of S3 Standard
- Designed for durability of 99.999999999% of objects in a single Availability Zone†
- Designed for 99.5% availability over a given year
- Backed with the Amazon S3 Service Level Agreement for availability
- Supports SSL for data in transit and encryption of data at rest
- S3 Lifecycle management for automatic migration of objects to other S3 Storage Classes
36
Characteristics of Amazon S3 Glacier Deep Archive
Data retrieval in milliseconds with the same performance as S3 Standard
Designed for durability of 99.999999999% of objects across multiple Availability Zones
Data is resilient in the event of the destruction of one entire Availability Zone
Designed for 99.9% data availability in a given year
128 KB minimum object size
Backed with the Amazon S3 Service Level Agreement for availability
S3 PUT API for direct uploads to S3 Glacier Instant Retrieval, and S3 Lifecycle management for automatic migration of objects
37
Characteristics of Amazon S3 Glacier Flexible Retrieval (Formerly S3 Glacier)
Competitive with costs of on-prem solutions
Designed for durability of 99.999999999% of objects across multiple Availability Zones
Data is resilient in the event of one entire Availability Zone destruction
Supports SSL for data in transit and encryption of data at rest
Ideal for backup and disaster recovery use cases when large sets of data occasionally need to be retrieved in minutes, without concern for costs
Configurable retrieval times, from minutes to hours, with free bulk retrievals
S3 PUT API for direct uploads to S3 Glacier Flexible Retrieval, and S3 Lifecycle management for automatic migration of objects
38
Characteristics of Amazon S3 Glacier Deep Archive
Designed for durability of 99.999999999% of objects across multiple Availability Zones
Lowest cost storage class designed for long-term retention of data that will be retained for 7-10 years
Ideal alternative to magnetic tape libraries
Retrieval time within 12 hours
S3 PUT API for direct uploads to S3 Glacier Deep Archive, and S3 Lifecycle management for automatic migration of objects
39
What is S3 Outposts?
store your S3 data on premises
S3 Object compatibility and bucket management through the S3 SDK
Designed to durably and redundantly store data on your Outposts
Encryption using SSE-S3 and SSE-C
Authentication and authorization using IAM, and S3 Access Points
Transfer data to AWS Regions using AWS DataSync
S3 Lifecycle expiration actions
40
Characteristics of Amazon S3 Glacier Instant Retrieval
Data retrieval in milliseconds with the same performance as S3 Standard
Designed for durability of 99.999999999% of objects across multiple Availability Zones
Data is resilient in the event of the destruction of one entire Availability Zone
Designed for 99.9% data availability in a given year
128 KB minimum object size
Backed with the Amazon S3 Service Level Agreement for availability
S3 PUT API for direct uploads to S3 Glacier Instant Retrieval, and S3 Lifecycle management for automatic migration of objects
41
How does S3 versioning work?
Stores all versions of an object, even if you delete
Great for backup
Versioning can be suspended, but not disabled; existing versions remain
Integrates with lifecycle rules
Can require MFA in order to delete
42
How can you restrict S3 bucket access?
Bucket policies
Object policies
IAM policies to users and groups
43
Characteristics of CloudFront
Amazon’s CDN
Origin - The origin of the files
Distribution - collection of edge locations
First user forces a download of the file from origin to edge location - stays in cache until TTL (default is 24 hours in seconds)
2 types
- web distribution
- RTMP - used for media streaming (like Adobe Flash) - not used much anymore
You can clear cached objects, but you will be charged for it
44
Name common compute services
EC2 - Secure and resizeable compute capacity (virtual servers) in the cloud
Lightsail - Easy-to-use cloud platform that offers you everything you need to build an application or website
Lambda - Run code without thinking about servers. Pay only for the compute time you consume.
Batch - Fully managed batch processing at any scale
Elastic Beanstalk - Easy-to-use service for deploying and scaling web applications and services
Serverless Application Repository - quickly deploy code samples, components, and complete applications for common use cases such as web and mobile back-ends, event and data processing, logging, monitoring, IoT, and more.
AWS Outposts - Run AWS infrastructure and services on premises for a truly consistent hybrid experience
EC2 Image Builder - Build and maintain secure Linux or Windows Server images
45
What are the EC2 types?
On Demand: Pay fixed rate by the hour or by the second
Reserved: Includes a capacity reservation, but with a significant discount on the hourly rate. 1 or 3 year contract terms. Max discount for longest time and paying immediately
Spot: Bid a price (per hour) for an instance capacity. Greater savings if you have flexible start and end times
Dedicated Hosts: Physical EC2 server dedicated for your use. Reduced costs when you use your existing server-bound software licenses
46
What's an EC2 AMI?
AMI (Amazon Machine Image) - e.g. VM snapshot
47
How do we design for failure in EC2?
“Everything fails all of the time” - we need to design for failure as a natural occurrence
Have one EC2 instance in each availability zone - so failure in one AZ won’t drop your app.
Use ALB or ELB to route
Use auto scaling group
48
How do you pay for partial hours for EC2 Spot instances?
If you terminate mid hour, you pay full hour
If AWS terminates mid hour, you don’t pay for the hour
49
When to use EC2 Dedicated hosts?
Useful when regulatory requirements exist
Useful when licensing restrictions exist
50
What are Security Groups?
Virtual firewalls in the cloud - need to open ports in order to use them
51
What's VPC?
Virtual Private Cloud
your own “data center in the cloud”
Can create a hardware VPN connection between corporate network and VPC - to extend your corporate data center
52
What is AWS Direct Connect?
Private hardware connection between AWS and your data center
Can be more reliable and have better bandwidth than the Internet
VPN over Direct Connect: better security - encrypted
53
What is EBS?
“virtual disk in the cloud”
virtual storage volumes (block devices) that can be attached to EC2 instances
Attach, then create a filesystem, database, etc.
Placed in specific availability zones
Automatically replicated within AZ to protect from failure
Perfect for OSes, databases
Can be resized, but not as easily/automatically as EFS
54
What EBS Types?
SSD
- GP2: General purpose SSD - balance price and performance
- IO1: Provisioned IOPS SSD - high performance
Magnetic
- ST1: Throughput optimized HDD - low cost, frequent access, throughput intensive
- SC1: Cold HDD - lowest cost HDD for less frequent access
- Magnetic: previous generation
55
What Load Balancer Types?
Application Load Balancers
Network Load Balancers
Gateway Load Balancer
Classic Load Balancers
56
What is EC2 auto scaling?
Automatically add EC2 instances to scale an application
Based on an AMI (e.g. VM snapshot)
57
When to choose Application Load Balancer?
Not free
Layer 7
Choose an Application Load Balancer when you need a flexible feature set for your applications with HTTP and HTTPS traffic. Operating at the request level, Application Load Balancers provide advanced routing and visibility features targeted at application architectures, including microservices and containers.
58
When to choose Network Load Balancer?
Extreme performance, Static IP addresses
Choose a Network Load Balancer when you need ultra-high performance, TLS offloading at scale, centralized certificate deployment, support for UDP, and static IP addresses for your applications. Operating at the connection level, Network Load Balancers are capable of handling millions of requests per second securely while maintaining ultra-low latencies.
59
When to choose Gateway Load Balancer?
Choose a Gateway Load Balancer when you need to deploy and manage a fleet of third-party virtual appliances that support GENEVE.
60
When to choose Classic Load Balancers?
Test & dev
| Low cost
61
What is Lambda pricing?
Number of requests - 1M free, then $0.20 per 1M after
Execution time, memory
- time code executes to nearest 100ms.
- price depends on amount of memory you allocate to your function
62
Lambda characteristics
Event driven compute service
Triggered by several options - e.g. S3 drops, etc.
Run your code in response to HTTP requests using Amazon API Gateway or API calls made using AWS SDKs
Can use version control
Scales automatically - Lambda scales out, not up
Lambda functions are independent (stateless)
63
What is shared responsibility in Lambda?
I’m responsible for my code and the language version I’m using
AWS responsible for hardware
64
Lamdba supported languages
Node.js
Java
Python
C#
Go
PowerShell
65
Supported RDS engines
MS SQLServer
MySQL
PostgreSQL
Oracle
Aurora
- Amazon’s DB - compatible with MySQL and postgresql
- 6 copies of data spread across 3+ AZs
MariaDB
66
RDS characteristics
Not free
SQL/OLTP (Online transaction processing)
- A single transaction
Not for OLAP (Online analytics processing) - see Red Shift
Multi-AZ for disaster recovery, failover
Read-replicas for performance
Write to primary database
Read from up to 5 read replicas
67
What is DynamoDB?
Amazon's NoSQL
68
What is Red Shift?
Business intelligence or Data warehousing
OLAP: Online analytics processing
Analytics on a whole database
Examples: Cognos, SQL Server Reporting Services, Oracle Hyperion, SAP NetWeaver, etc.
NOT for OTLP (Online transaction processing)
69
What is ElastiCache
“Application caching”
Web service fronting an in-memory cache
Web applications access this instead of disk-based databases
Supported engines
- Redis
- Memcached
70
What is Amazon Neptune
Amazon's graph database
Scalable, high availability
71
What is Route 53?
Amazon’s DNS solution
Register a domain name
Global in scope, similar to IAM and S3
Policies
- Failover routing
- Latency-based routing
72
What is Elastic Beanstalk?
A way to deploy and manage AWS resources as an orchestrated manner if you don’t know a lot about AWS - like a wizard
Free
Limited in what it can provision and not programmable
“easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.”
Handles capacity provisioning, load balancing, scaling, application health monitoring
73
What is CloudFormation
Same concept as Elastic Beanstalk, but for people who know what they’re doing in AWS.
Free
Can provision almost any AWS service and is completely programmable
Turns your infrastructure into code
74
Good alternative to saving your credentials using `aws configure` to access AWS services
Create an IAM role with specific permissions policies
Attach that role to the EC2 instance that you want to perform the authorized operation from. The permissions change immediately - no need to reboot.
Perform the authorized operation. It will work by virtue of the attached role.
In this way, you don’t need to keep your access key and secret access key on the EC2 instance
75
What AWS services are global?
IAM
Route 53
CloudFront
SNS
SES
76
Is S3 regional or global?
Regional, but viewed globally
77
What is Snowball?
Snowball - a huge disk (50 or 80 TB)
- How you can make massive uploads to S3 by borrowing disks from Amazon returning to them with the data
Snowball Edge
- Same as Snowball, but with a computer as well that can run lamdba
78
What is Storage Gateway?
Similar to Snowball, but stays on prem
A way to cache files on-prem so you don’t lose files if you lose connectivity to AWS
79
What AWS services are on-prem?
Snowball - a huge disk (50 or 80 TB)
Snowball Edge
Storage Gateway
CodeDeploy
Opsworks
IoT GreenGrass
80
What is AWS CodeDeploy?
AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers.
81
What is AWS Systems Manager?
Manage an EC2 “fleet” (e.g. `yum install ....` to each machine in fleet)
Piece of software installed on each VM to connect to Systems Manager
Can manage inside AWS and on prem
Run Command used to install, patch, and uninstall software
Integrates with CloudWatch to give dashboard of entire estate
Create Resource Groups
- Can create based on “Tag query”
- Can apply automation to all resources in a Resource Group at the same time (e.g. stop all EC2 instances in Resource Group at once)
82
What is Service Health Dashboard?
Access the status for all AWS services
83
What is Personal Health Dashboard?
Access the status for my AW.
AWS Personal Health Dashboard provides alerts and guidance for AWS events that might affect your environment.
84
What is Global Accelerator?
create accelerators to improve availability and performance of applications for local and global users
direct traffic to optimal endpoints over the AWS global network
uses Amazon’s dedicated network rather than the Internet to overcome Internet congestion, etc.
improves internet user performance by up to 60%
85
What is EFS?
Elastic File System
file storage service for EC2
automatically resizes with need
multiple EC2 instances can access at the same time
think centralized file server or content management system
86
What is the difference between AWS Budgets and AWS Cost Explorer?
Budgets: Plan for costs before they occur
Cost Explorer: Explore costs after they’ve occurred
87
What is consolidated billing?
Combines resources billed to activate economies of scale (volume discounts)!
Consolidated Billing enables you to see a combined view of AWS costs incurred by all accounts in your department or company, as well as obtain a detailed cost report for each individual AWS account associated with your paying account.
Only 20 linked accounts allowed (soft limit - can increase)
Best practice: Paying account should be used for billing purposes only.
88
What is CloudTrail?
Think “audit”
Monitors API calls in the AWS platform
Per AWS account and is enabled per region
Everytime we do something, CloudTrail logs it.
Best practice - use a separate account for logging
- Turn on CloudTrail in the paying account
- Create an S3 bucket with a bucket policy that allows cross-account access
- Turn on CloudTrail in the other accounts and use the bucket in the paying account
89
What is AWS Landing Zone (now AWS Control Tower)?
Sets up a multi-account AWS environment at the click of a button
Typically used by large enterprises with multiple AWS accounts
Creates accounts that conform to company policies
90
What is Security Hub?
Gives a comprehensive view of your security alerts across multiple AWS accounts - thousands!
Inputs from GuardDuty, Inspector, Macie, IAM Access Analyzer, Firewall Manager, etc.
91
What do I do when I have compromised AWS creds?
Determine what resources those creds have access to
Invalidate creds that have been compromised
Consider invalidating any temporary security creds that might have been issues using the compromised creds
Restore appropriate access
Review access to your AWS account
92
What is AWS Simple Monthly Calculator?
easy-to-use online tool that enables you to estimate the monthly cost of AWS services for your use case based on your expected usage.
93
What is AWS Total Cost of Ownership Calculator?
Compare costs for AWS vs. owned on-premise
94
What is AWS Artifact?
place to find compliance documents
AWS has some responsibilities, developer has some responsibilities - See AWS Shared Responsibility Model
95
What is the AWS Shared Responsibility model?
AWS manages security "of the cloud"
Security "in the cloud" is customer’s responsibility
96
How does AWS feel about me doing pen testing?
AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services:
- EC2, NAT gateways, ELB
- RDS
- CloudFront
- Aurora
- API Gateway
- Lambda
- Lightsail
- Elastic Beanstalk
Unsupported
- DDoS-ing yourself
- DNS zone walking
- Port flooding
- Protocol flooding
- Request flooding
97
What is Amazon GuardDuty?
Uses ML algs to monitor and protect AWS account
Notifies of weird/anomalous behavior
30 day trial
Input data includes
- CloudTrail logs
- VPC Flow logs
- DNS logs
Operates on single AWS account
98
What is WAF?
Web application firewall
Layer 7 firewall
Put firewall in front of load balancer
99
What is AWS Shield?
DDoS protection service
“Standard” turned on automatically
“Advanced” - optional - $3k/month
100
What is AWS Inspector?
automated service that helps improve security and compliance of apps deployed on AWS
looks for vulnerabilities or deviations from best practices
install on EC2 instances
101
What is AWS Trusted Advisor?
online resource to help reduce cost, increase performance, and improve security by optimizing your AWS environment
real time guidance
advise on cost optimization, performance, security, fault tolerance
looks at all AWS account
Categories of checks
- Cost optimization
- Performance
- Security
- Fault tolerance
- Service limits
102
What is AWS Config?
Monitors configuration of AWS resources in AWS account
103
What is AWS Key Management Service (KMS)?
Manages master keys
For S3, database password
On shared hardware
Integrated with most AWS services
Regional
104
What is AWS CloudHSM?
Dedicated hardware security module (HSM)
Does all AWS KMS does and more
FIPS 140-2 Level 3
Single tenant
Can be clustered across multi-AZ
105
What is AWS Parameter Store?
serverless storage for configuration and secrets
can be stored using KMS or plaintext
TTL to expire supported
free
10K parameters per account
106
What is AWS Secrets Manager?
Does all Parameter Store does and more
Not free; charged per secret stored and per 10K API calls
Can automatically rotate secrets
Apply the new key/password in RDS for you
Generate random secrets
107
What is Athena?
interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL
Pay per query / per TB scanned
No need for ETL
Use cases
- Query log files in S3 (e.g. ELB logs, S3 access logs, etc.)
- Generate business reports
- Analyse AWS cost and Usage reports
- Run queries on click-stream data
108
What is Macie?
Uses AI (ML and NLP) to discover, classify, and protect sensitive data in S3 (like PII)
Dashboards, reporting, alerts
Works with data stores in S3
Can analyze CloudTrail logs
Great for PCI-DSS and preventing ID theft
109
What is Lex?
powers Amazon Alexa
Used to build conversational chatbots powered via voice or text
110
What is Polly?
Text to life-like voice
Can use an accent - lots of different voices
111
What is Transcribe?
Speech to text
112
What is Rekognition?
Images to tags/text
Upload an image and Rekognition will tell you what it thinks the image is - with a certain degree of confidence
113
What is a Subnet?
A range of IP addresses in your VPC
114
What is an ACL?
Access control list (ACL) – use a network ACL to provide additional security in a subnet. The default subnet ACL allows all inbound and outbound traffic.
115
What is a Route Table?
Contains a set of routes that AWS uses to direct the network traffic for your VPC. You can explicitly associate a subnet with a particular route table. By default, the subnet is associated with the main route table.
