Udemy Netowking course

Question 1

Amazon VPC Fundamentals: Scope of VPC with Respect to AWS Account, Region & AZ
VPCs are region-specific but span across Availability Zones. Subnets are specific to AZs, and services like ELB can span across all AZs within the VPC.

Question 2

Amazon VPC Fundamentals: VPC Building Blocks - Core Components

A VPC contains subnets. Each subnet can contain EC2 instances, and security groups can be applied to EC2s while NACLs can be used to secure entire subnets.

Question 3

Amazon VPC Fundamentals: VPC Addressing (CIDR)
CIDR notation defines how IP addresses are allocated in a network. For example, 192.168.0.0/16 means the first 16 bits are reserved for the network portion.

Question 4

Amazon VPC Fundamentals: VPC Route Tables
VPCs are assigned a default route table, which allows communication between subnets. To connect to the internet, add an Internet Gateway and modify the route table.

Question 5

Amazon VPC Fundamentals: IP Addresses - Private vs Public vs Elastic & IPv4 vs IPv6
Elastic IPs retain their IPs even if the instance is stopped. Public IPs are reassigned when the EC2 instance is terminated.

Question 6

Amazon VPC Fundamentals: VPC Firewall - Security Group
Security Groups are stateful firewalls that allow two-way communication between instances. By default, all inbound traffic is blocked, and all outbound traffic is allowed.

Question 7

Amazon VPC Fundamentals: VPC Firewall - Network Access Control List (NACL)
NACLs are stateless firewalls that require inbound and outbound rules to be set. They allow you to control traffic based on IP and port.

Question 8

Amazon VPC Fundamentals: Hands-On: Creating VPC with Public Subnet
This video guides you through creating a VPC with a public subnet and setting up an EC2 instance with a key pair.

Question 9

Amazon VPC Fundamentals: NAT Gateway
NAT allows outbound traffic from private subnets. It translates the private IP of instances to a public IP for internet access while blocking unsolicited inbound traffic.

Question 10

Additional VPC Features: Extending VPC Address Space
You can add a second CIDR range to your VPC if you run out of IPs in the first one. However, overlapping ranges are not allowed as secondary CIDR.

Question 11

Additional VPC Features: Elastic Network Interface (ENI) Deep Dive
ENIs are the building blocks of AWS networking. They provide IPs and enable communication across the network.

Question 12

VPC DNS and DHCP: How DNS Works
DNS (Domain Name System) translates domain names to IP addresses, allowing you to access websites using human-readable addresses.

Question 13

VPC DNS and DHCP: Amazon VPC DNS Server (Route53 Resolver)
Route 53 DNS Resolver is automatically added to each VPC. Its IP address is the base address + 2, and there’s also a virtual IP for internal VPC use.

Question 14

VPC DNS and DHCP: VPC DHCP Option Sets
By default, when a VPC is created, the DHCP option set is configured. For DNS resolution, Route 53 Resolver is used for instances within the VPC.

Question 15

VPC Traffic Monitoring: VPC Flow Logs - Permissions
To allow flow logs to go to CloudWatch, ensure the VPC has an IAM role with the appropriate permissions.

Question 16

VPC Traffic Monitoring: VPC Flow Logs
To create flow logs, set up an IAM role to allow VPC logs to be sent to CloudWatch or other destinations. Logs are created every 10 minutes.

Question 17

VPC Traffic Monitoring: VPC Traffic Mirroring
Traffic mirroring lets you monitor all inbound and outbound traffic routing logs to networking tools without affecting latency.

Question 18

VPC Traffic Monitoring: VPC Reachability Analyzer
The Reachability Analyzer helps test if two sources can communicate. It’s a useful troubleshooting tool for connectivity.

Question 19

VPC Traffic Monitoring: VPC Network Access Analyzer
The Network Access Analyzer ensures services in different VPCs (e.g., prod and dev) can’t reach each other unless specified.

Question 20

VPC Private Connectivity: VPC Peering
VPC peering can be done between VPCs in different regions or accounts, but the VPCs must have non-overlapping CIDR blocks. You also need to update the route table in both VPCs.

Question 21

VPC Private Connectivity: VPC Peering - Invalid Scenarios

No overlapping CIDR

Peering ends within the VPC, so you can’t access external resources (e.g., internet gateway) via the peering connection.

Question 22

VPC Private Connectivity: VPC Gateway Endpoints - Hands-On to Access S3 Bucket
Make sure to create an IAM role for your EC2 instance and grant permissions like AmazonS3FullAccess to allow it to access S3.

Question 23

VPC Private Connectivity: VPC Gateway Endpoint - S3 Bucket Policy
You can restrict access to an S3 bucket using a policy that only allows specific endpoints to access it.

Question 24

VPC Private Connectivity: VPC Gateway Endpoint - Hands-On to Access S3 Bucket
To set up a VPC Gateway endpoint for accessing S3, add a policy to the VPCE to restrict access to specific S3 buckets.

Question 25

**VPC Private Connectivity: VPC Gateway Endpoints - Introduction to VPC Endpoints** A Gateway endpoint must be used in route tables and is only for S3 and DynamoDB. Interface endpoints allow more services and create a private IP.

Question 26

**VPC Private Connectivity: Introduction to VPC Interface Endpoint** An interface endpoint creates an ENI that can be used to access external AWS services or other people's VPCs.

Question 27

**VPC Private Connectivity: VPC Interface Endpoint Features** An interface endpoint provisions a private IP and ENI, allowing you to securely access AWS services (e.g., SQS). It also requires a policy and security group to allow traffic.

Question 28

**VPC Private Connectivity: Hands-On: VPC PrivateLink to Access Customer or 3rd Party Services** To create a PrivateLink endpoint, create an endpoint service (e.g., on a load balancer) and then create an endpoint in the source VPC pointing to that service.

Question 29

**VPC Private Connectivity: VPC Interface Endpoint and PrivateLink - VPC PrivateLink vs VPC Peering** VPC Peering: Bi-directional. PrivateLink: Only the consumer can originate the traffic, offering more security than peering.

Question 30

**Transit Gateway: Introduction to Transit Gateway** Transit Gateway allows us to connect multiple VPCs together or to on-premises data centers without the need for peering between multiple VPCs.

Question 31

**Transit Gateway: Hands-On: Transit Gateway & VPCs with Full Routing** TGW operates at the subnet level. When creating attachments, access must be allowed for each subnet in each AZ that you want to communicate over the network.

Question 32

**Transit Gateway: Hands-On: Transit Gateway & VPCs with Restricted Routing** You can limit which VPCs can communicate by editing the Transit Gateway (TGW) route table. Use propagations to automatically allow new CIDRs in the VPC to communicate.

Question 33

**Transit Gateway: Transit Gateway AZ Affinity & Appliance Mode** TGW AZ Affinity: Ensures traffic stays within the same AZ if possible to reduce latency and costs. Appliance Mode: Ensures traffic flows through the same path, regardless of AZ.

Question 34

**Transit Gateway: Transit Gateway Peering** Transit Gateway Peering allows cross-region connections, similar to VPC peering. It requires static routes between TGWs, and all data transferred is encrypted by default with 50GB bandwidth.

Question 35

**Hybrid Network Basics: Static Routing vs Dynamic Routing** Static Routing: Manual configuration of all routes in the route tables. Dynamic Routing: Automatically updates route tables when new routers are learned using protocols like BGP.

Question 36

**Hybrid Network Basics: How BGP Works** BGP is used for exchanging routing information between Autonomous Systems (AS). It allows traffic to be routed dynamically, and different routes can be taken in failover scenarios.

Question 37

**Hybrid Network Basics: BGP Route Selection - ASPATH, LOCAL_PREF, MED** BGP (Border Gateway Protocol) will route traffic between the shortest distance (less router hops) regardless of bandwidth. ASPATH allows us to add extra paths to route tables to tell routers to take a different route.

Question 38

**AWS Cloud WAN: What is AWS Cloud WAN?** Cloud WAN allows us to connect multiple different networks together and manage them through a single dashboard.

Question 39

**VPC Lattice: VPC Lattice Introduction** VPC Lattice provides service-to-service connections rather than network-to-network connections.

Question 40

**VPC Lattice: Hands-On: VPC Lattice Service Access with Custom Domain Name** VPC Lattice allows service-to-service connections. You need to set up the VPC Lattice service network, which sits between the client and the services. For example, if we set up a Lambda, we can call it /lambda. To call this Lambda from the client, we can use the hostname /lambda.

Question 41

**CloudFront: CloudFront Overview** CloudFront is a Content Delivery Network (CDN). It provides caches around the world, so users don’t always need to hit a service’s S3 bucket.

Question 42

**CloudFront: CloudFront Origins** CloudFront can have an origin that points to any HTTP endpoint—EC2, ELB, API Gateway, S3... anything you want.

Question 43

**CloudFront: Hands-On: CloudFront Origin Groups** CloudFront origin groups allow us to create failovers if the main service we are trying to reach is down. For example, set up a static website in S3 and have a failover to an EC2 instance that only gets hit if S3 is unavailable.

Question 44

**CloudFront: Hands-On: Restrict an ALB to CloudFront** CloudFront can restrict direct access to services unless hit through CloudFront. For example, a CloudFront distribution can be set up to send requests to an Elastic Load Balancer (ELB) with a header key:value, and the ELB listener rules can be configured to allow traffic only with that header.

Question 45

**CloudFront: Hands-On: CloudFront Functions** CloudFront functions allow us to direct users to different versions of our websites based on the user's geo-location. We need to write code in our function using the cloudfront-viewer-country logic to check the header (e.g., "fr") against a list of two-letter country names outlined here. These functions run at the edge location.

Question 46

**Route 53: Creating Our First Records** Route 53 allows us to purchase and host our DNS names. It allows us to set up records that map our IP from any other service, e.g., an EC2 instance, to our DNS name.

Question 47

**Route 53: TTL** Route 53 TTL - You can set up multiple records in Route 53 and set different TTLs on them. The TTL is the amount of time the webpage will cache before refreshing. Caching saves Route 53 lookups, reducing costs, but the page may not always be up-to-date.

Question 48

**Route 53: Route 53 CNAME vs Alias** CNAME record: Point from a host name to any other host name (re-routing) Alias: Point from a hostname to an AWS Resource

Question 49

**Route 53: Routing Policy - Simple** Routing policies - need to watch these to understand them all. Here are some examples from the AWS docs: Link to AWS Docs -> https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html

Question 50

**Route 53: 3rd Party Domains & Route 53** Domain registrars are where you buy the domain name, but you don't have to host the server there. For example, you can buy the domain on GoDaddy and use AWS Route 53 to manage your DNS.

Question 51

**Route 53: Common Route 53 Scenarios** Route 53 record types - Link to AWS Docs A name maps an IPV4 to a server like EC2. A common practice when routing to EC2 is to use the Public IPv4 DNS rather than the IPv4 IP. This is done because the EC2 DNS will map any internal traffic to the private IP of the instance and any external traffic to the Public address.