Module 4: Networking (Part 1) Flashcards
What is Amazon Virtual Private Cloud (Amazon VPC)?
Amazon VPC is a networking service in AWS that allows users to provision an isolated section of the AWS Cloud. It enables the creation of a virtual network where resources, such as Amazon EC2 instances, can be launched. Within a VPC, resources can be organized into subnets to establish boundaries and control network traffic.
What is an internet gateway in Amazon VPC?
An internet gateway is a connection point between a VPC and the internet. It allows public internet traffic to access resources within the VPC. It serves as an entry point for incoming and outgoing network traffic, enabling communication between the VPC and the internet.
What is a virtual private gateway in Amazon VPC?
A virtual private gateway is a component in Amazon VPC that enables the establishment of a virtual private network (VPN) connection between a VPC and a private network, such as an on-premises data center or corporate network. It provides an encrypted and secure connection for traffic to enter the VPC from approved networks.
What is AWS Direct Connect?
AWS Direct Connect is a service that allows users to establish a dedicated private connection between their data center and a VPC in AWS. It provides a high-bandwidth and low-latency connection, offering a more reliable and secure network link compared to using the public internet. It helps reduce network costs and increase network performance.
What is the purpose of Amazon VPC, virtual private gateways, and AWS Direct Connect?
Amazon VPC allows users to create an isolated section of the AWS Cloud and launch resources within a virtual network. An internet gateway enables public internet traffic to access the VPC, while a virtual private gateway provides secure VPN connectivity to private networks. AWS Direct Connect establishes a dedicated private connection between a data center and a VPC, enhancing network reliability and performance.
What is a subnet in Amazon VPC?
A subnet is a section of a VPC that allows resources to be grouped based on security or operational needs. Subnets can be public or private. Public subnets contain resources accessible by the public, while private subnets contain resources accessible only through the private network. Subnets within a VPC can communicate with each other.
What is a network access control list (ACL) in Amazon VPC?
A network access control list (ACL) is a virtual firewall that controls inbound and outbound traffic at the subnet level in Amazon VPC. It checks packet permissions and provides security by allowing or denying traffic based on rules. Each AWS account has a default network ACL, and custom ACLs can be created to define specific rules for inbound and outbound traffic.
What is the role of a security group in Amazon VPC?
A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance within a subnet. It provides security by allowing or denying traffic based on rules. By default, security groups deny all inbound traffic and allow all outbound traffic, but custom rules can be added to define specific traffic permissions. Security groups perform stateful packet filtering, meaning they remember previous decisions made for incoming packets.
What is the difference between network access control lists (ACLs) and security groups in Amazon VPC?
Network ACLs operate at the subnet level and control inbound and outbound traffic. They perform stateless packet filtering, checking packets individually without remembering previous decisions. ACLs have explicit deny rules and allow all inbound and outbound traffic by default, but custom rules can be added to permit or deny specific traffic.
Security groups operate at the instance level and control inbound and outbound traffic for Amazon EC2 instances. They perform stateful packet filtering, remembering previous decisions for incoming packets. Security groups deny all inbound traffic and allow all outbound traffic by default, with custom rules defining specific traffic permissions.
