What is the difference between a NAT instance and a Bastion Server
A Nat instance is used to provide internet access to servers in a private subnet
A Bastion is used to securely administer instances in a private subnet
What is VPC peering?
Allows you to connect VPCs using private IPs
At what level do security groups operate at?
At what level do ACLs operate at?
How many Internet Gateways per VPC can you have?
Do default VPC subnets have access to the internet?
Yes, private subnets need to be created
What is created by default when you create a new VPC?
What is the difference between Egress only internet gateways and Nat Gateways?
Nat Gateways operate on IPv4, Egress Only operate on IPv6
What is the default setting for the default Network ACL?
Allows all inbound/outbound traffic
What is the default setting for a custom Network ACL?
All inbound/outbound traffic is denied
What subnet should a Nat Instance be in?
A public subnet
What conditions apply to use VPC peering?
No matching CIDR block
Must be in same region
No transitive peering
What setting should you disable on a Nat Instance?
How many Nat Gateways do you need?
One per Availability Zone
What are sticky sessions?
When a client is associated with a specific server using cookies
Can Network ACLs span AZs?
How do you create High Availability for Nat Instances?
Auto Scaling Groups
Multi AZ in different Regions
Script to automate failover
What are ingress/egress rules?
Firewalls to protect the network from incoming traffic and to prevent traffic from leaving
How many VPCs per region can you have?
How many Network ACLs can a subnet be associated with?
How many subnets can a Network ACL be associated with?
What are the 9 steps to create a VPC?
Create VPC Create subnets Add Internet Gateway Attach Internet Gateway to VPC Create new Route Table Add new route for internet access Update Subnet Association Auto Assign IP addresses Launch instances
What does a security group do?
Defines what protocols are allowed communicate with the resources behind it
How many subnets in an availability zone
One subnet per AZ
What is a subnet?
A CIDR address range - equates to one availability zone