Networking

Question 1

VPC

Answer 1

Virtual Private Cloud is basically a part of the cloud that you reserve for your resources only and control in/out access to it.

Question 2

Virtual Private Gateway

Answer 2

Use when you want to keep the network private and only allow approved inbound traffic. It basically allows protected internet traffic to enter into the VPC.

Question 3

Internet Gateway

Answer 3

Is attached to the VPC and allows public traffic from the internet to access your VPC.

Question 4

AWS Direct Connect

Answer 4

Dedicate private connection between your data center and your AWS VPC.

Question 5

Subnets

Answer 5

Logically isolated parts inside a VPC where you create resources such as EC2 Instances and databases.
Two types: Public Subnet and Private Subnet.
Public Subnet can connect to the internet, private doesn’t.

Question 6

NACL

Answer 6

Checks traffic coming in and going out of the Subnets.
Network Access Control List controls access into and outside of Subnets.
Whatever enters doesn’t necessarily goes outside.

Question 7

Secutiry Group

Answer 7

Suppose an NACL passes a packet to enter the subnet but that doesn’t mean it can go to all the EC2 instances in that subnet. Here comes the Security Group.
By default, Security groups doesn’t allow any traffic. All ports are blocked, all IP Addresses are blocked.
They check for incoming traffic but doesn’t check outgoing traffic.
They are stateful meaning if a packet left the security group and it comes back later, by default it is allowed inside because the security groups remembers it.