VPC - Network Address Translation (NAT) Flashcards Preview

AWS CSA Study > VPC - Network Address Translation (NAT) > Flashcards

Flashcards in VPC - Network Address Translation (NAT) Deck (14)
Loading flashcards...
1
Q

To allow private instances to access the internet…

A

…use a NAT instance or a NAT gateway and allow a route out from the private route table > NAT > Internet.

2
Q

To launch a NAT instance…

A

…search “nat” in the Community AMIs

3
Q

After NAT instance is launched…

A

…disable Source/Dest check

4
Q

In which subnet should the NAT instance or NAT gateway be deployed?

A

Public subnet

5
Q

Is a security group required for a NAT instance?

A

Yes

6
Q

Is a security group required for a NAT gateway?

A

No

7
Q

What happens when you create a NAT gateway?

A

You create an Elastic IP since it is required to create one or use an existing one. In addition, a message pops up that explains that you need to edit your main route table to include a route with a target = NAT gatway.

8
Q

What is meant by Source/Dest check?

A

By default, EC2 instances are either the source or destination of any traffic, and traffic does not go through an EC2 instance.

9
Q

What happens if the NAT instance goes down, or its availability zone goes down?

A

The NAT instance is a single point of failure, so you will lose any internet access to everything in the private subnet.

10
Q

To prevent a NAT instance from going down…

A

…set it behind an Auto Scaling group, set min number = 1, or use multiple public subnets and deploy NAT instances in each

11
Q

With NAT gateways, do you need Auto Scaling?

A

No

12
Q

When a NAT instance’s bandwidth is used up (bottlenecked), what do you do?

A

Increase the instance size, change instance family so you can support more traffic

13
Q

T/F: When you deploy a NAT instance, you must assign a public IP address.

A

True

14
Q

To create high availability with NAT instances…

A

…use Auto Scaling Groups, multiple subnets in different AZs, and a script to automate failover.