Networking Flashcards
when is a subnet public
if a subnet’s traffic is routed to an internet gateway
when is a subnet private
if a subnet doesn’t have a route to the internet gateway
what is vpn-only subnet
no route to the internet gateway but traffic is routed to a virtual private gateway for a VPN connection
what is CIDR block
na
internet gateway (IGW)- what does it do?
Allows communication between instances in VPC and the internet
- provide a target in VPC route tables for traffic
- perform NAT for public IPv4 instances
how to create IGW
IGW must be created, attached to VPC, added to a route table and associated with subnet
can you have multiple IGW
no- can only attach 1 to a VPC
what is VPG- virtual private gateway
VPC endpoint on the AWS side
how to enable internet access for instances in a subnet
attach IGW, subnet’s route table points to IGW, instances have a globally unique IP address, ensure network access control and security group rules allow traffic
how to ensure subnet’s routing table points to the IGW
update subnet route table to point to IGW to all destinations e.g. 0.0.0.0/0 for IPv4 or ::/0 for
or specific IPv4 addresses e.g. public endpoints outside of AWS
what is egress only IGW
provides outbound internet access but prevents inbound access
use egress only IGW instead of NAT for IPv6
what do you know about NAT instances
these are managed by you
what is NAT gateway
fully managed NAT service that replaces NAT instances on EC2
must be in public subnet
what is security group
acts like a firewall at the instance level
operates at the network interface level
can only assign permit rules, no deny rules
what is security group’s default setting
custom security groups do not have inbound allow rules i.e. all inbound traffic is denied
inbound allow rules i.e. allowing traffic from within the group
