Lecture 13: VPC & Networking

Question 1

1. IPv4
2. IPv6

Answer 1

What are the two types of IP addresses?

Question 2

Public networking

Answer 2

IPv4 -Internet protocol version 4 can be used on the _______ internet & EC2 instances gets a new public IP address everytime you stop then start it (default)

Question 3

Private

Answer 3

________ IPv4 can be used on _________ networks (LAN) such as internal AWS networking & is fixed for EC2 instance even if you stop/start them (keep the same EC2)

Question 4

_________ allows you to attach a fixed public IPv4 address to EC2 instances

Answer 4

Elastic IP

Question 5

Public

Answer 5

IPv6 Internet protocol version 6 have every IP address ________

Question 6

___________ is a private network to deploy your resources

Answer 6

VPC (Virtual private cloud)

Question 7

_________ allow you to partition your network inside your VPC (availability zone resource)

Answer 7

Subnets

Question 8

A _______ is a subnet that is accessible from the internet

Answer 8

Public subnet

Question 9

________ is a subnet that is not accessible from the internet

Answer 9

Private subnet

Question 10

To define access to the internet and between subnets need to use ________

Answer 10

Route table

Question 11

________ helps your VPC instance connect with the internet ( public subnets have a route to the internet)

Answer 11

Internet gateway

Question 12

__________ & ___________ allow your instance in your private subnet to access the internet while remaining private

Answer 12

NAT Gateway & NAT instance

Question 13

__________ is a firewall which controls traffic from and to subnet, it can allow & deny rules & is attached at the subnet level

Answer 13

NACL (network ACL)

Question 14

__________ is a firewall that controls traffic to EC2, it’s at the EC2 level and from an ENI/ an EC2 instance and can have only allow rules

Answer 14

Security groups

Question 15

Return traffic is automatically allowed, regardless of any rules

Answer 15

Security groups are stateful which means what?

Question 16

Return traffic must be explicitly allowed by rules

Answer 16

Network ACL is stateless which means what?

Question 17

__________ capture information about IP traffic going into your interfaces such as your ____________, subnet flow logs, and elastic network interface flow logs

Answer 17

VPC Flow logs

Question 18

__________ connect two VPC privately using AWS network, make them behaves as if they were in the same network

Answer 18

VPC peering

Question 19

must be established for each VPC that need to communicate with one another

(VPC peering (so if you have VPC A & B peering (talking) to one another n add VPC C n have it peering with VPC A, VPC C wont be able to communicate with VPC B until you peer them)

Answer 19

VPC peering connection _________ for each VPC to communicate with one another

Question 20

_________ are endpoints that allow you to connect to AWS services using a private network instead of the public www network to give you enhanced security and lower latency to access AWS services

Answer 20

VPC endpoints

Question 21

S3 & DynamoDB

Answer 21

The VPC Endpoint Gateway is to connect what AWS services to your VPC?

Question 22

Any of the AWS services

Answer 22

VPC endpoint interface is used to connect what AWS services to your VPC?

Question 23

____________ is the most secure & scalable way to expose a service to 1000s of VPCs and it doesn’t require VPC peering, internet gateway, etc

Answer 23

AWS privatelink

Question 24

___________ connects an on-premises VPN to AWS and the connection is automatically encrypted and it goes over the public internet

Answer 24

Site to site VPN

Question 25

_________ establish a physical connection between on-premises and AWS and the connection is private, secure, and fast and goes over a private network, takes at least a month to establish

Answer 25

Direct connect (DX)

Question 26

On premise side must use a customer gateway (CGW) and AWS must use a virtual private gateway (VGW) and when those two are create then you can connect them together to create a site to site VPN

Answer 26

To establish a site to site VPN on premises you must use what?

Question 27

__________ connect from your computer using openVPN to your private network in AWS and on-premises and it allows you to connect to your EC2 instance over a private IP and goes over a public Internet

Answer 27

AWS client VPN

Question 28

__________ is used to have transitive peering between thousands of VPC and on-premises, hub and spoke (Star) connection (connects thousands of VPC together as well as on-premise structure)

Answer 28

Transit Gateway