VPC - Build Your Own Custom VPC Flashcards Preview

AWS SA > VPC - Build Your Own Custom VPC > Flashcards

Flashcards in VPC - Build Your Own Custom VPC Deck (18)
Loading flashcards...
1
Q

How to create a VPC with public and private subnets:

A
  1. Create VPC, which creates a main route table, default security group, and default network ACL.
  2. Create 2 subnets.
  3. Create and attach an IGW to the VPC.
  4. Create another route table.
  5. Associate the IGW and one of the subnets to the custom route table.
  6. Launch instance in the public subnet with a security group allowing HTTP, HTTPS, SSH.
  7. Launch instance in the private subnet with a security group allowing SSH, ICMP, .
  8. Launch NAT instance or create NAT gateway or Bastion.
  9. Create Network ACL mirroring security groups
2
Q

What is the purpose of the CIDR block?

A

Specifies IP address ranges

3
Q

What size can the CIDR be for a VPC or subnet?

A

Between /16 and /28

4
Q

What is meant by “Tenancy?”

A

Determines whether VPC and its assets are deployed onto shared hardware or dedicated hardware. Default is shared hardware.

5
Q

When would you want the Tenancy to be Dedicated?

A

Security concerns, e.g. regulatory requirements

6
Q

When you create a VPC, what else is created?

A

Main route table, default security group, default network ACL

7
Q

When you create a VPC, what is NOT created?

A

Subnets, Internet Gateway

8
Q

Can a subnet be the same size as your VPC?

A

Yes

9
Q

1 subnet always equals

A

1 Availability Zone

10
Q

To make a subnet public…

A

…create and attach an Internet Gateway, associate it with a route table, and associate the subnet with that route table. Additionally, enable auto-assign IP on that subnet.

11
Q

When you create a new subnet, is it associated with any route tables?

A

Yes, it will be associated with the main route table by default

12
Q

Why is it considered a best practice to keep the main route table private?

A

If there is a route out to the Internet from the main route table, all subnets in that route table will automatically be public, which is a security risk.

13
Q

If you forget to enable auto-assign public IP for a subnet…

A

…when you launch an EC2 instance you can enable auto-assign there.

14
Q

If you forget to assign a public IP address to a public EC2 instance…

A

…you can allocate an Elastic IP address to it

15
Q

When you launch an instance in the private subnet…

A

…traffic will be sourced from the public subnet.

16
Q

To SSH into your private instance from your public instance…

A

…you need to copy/paste your keypair into the public instance and chmod 600

17
Q

To be able to PING the private instance…

A

…allow ICMP on the private instance and ping the private IP from the public instance

18
Q

To perform security patches, install software, etc on a private instance…

A

…you need a way for that instance to access the Internet (NAT instance or NAT gateway)