VPC

Question 1

VPC

Answer 1

Virtual Private Cloud

*A virtual data center in the cloud

Question 2

3 tier VPC architecture

Answer 2

Web:

• public facing subnet
• http port 80
• http port 443

Application:

• private subnet
• can only speak to web tier and database

Database:

• private subnet
• can only speak to application tier

Question 3

Hardware VPN (VPN)

Answer 3

Connection between your corporate data center and your VPC to leverage the cloud as an extension of your corporate data center.
- needs a virtual private gateway hardware device

Question 4

CIDR IP Addresses*

Answer 4

CIDR.xyz is a tool to visualize IP address ranges

• block sizes must be between /16 (largest) and /28 (smallest) net mask*
• 10.0.0.0 (10/8 or 10/16) - used by most corporations
• 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
• 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) - most common for home networking

Question 5

What can you use to block specific IP addresses?*

Answer 5

NACLs (not security groups)

Question 6

Default VPC

Answer 6

• user friendly
• all subnets have a route out to the internet
• each EC2 instance has both a public & private IP address
• every account in AWS has a default VPC for every region (172.31.0.0/16)

Question 7

How many AZ can a subnet be in?

Answer 7

only one. Subnets cannot span multiple AZs

Question 8

Day before exam

Answer 8

Re-watch VPC Demo 1 & 2 and build your own VPC from scratch.

Question 9

Tenancy

Answer 9

• Default

- Dedicated - dedicated host (costly)

Question 10

When you create a custom VPC it creates:*

Answer 10

• default security group
• route table
• main network ACL

Question 11

Subnet

Answer 11

• a virtual firewall
• public (internet accessible)
• private
• naming convention: 10.0.1.0-us-east-1a
  (where 10.0.1.0 is the CICR address range and us-east-1a AZ)