VPC Subnets Flashcards
What is a VPC Subnet?
A VPC Subnet is a segmented piece of a VPC’s IP address range where you can place groups of isolated resources within a Virtual Private Cloud (VPC). Subnets allow you to segment the network within a VPC and allocate IP address ranges to different types of resources based on security, operational needs, or other organizational structures.
How are subnets classified in AWS VPC?
Subnets in AWS VPC are classified into two main types: Public Subnets, where the resources can initiate outbound traffic to the internet via an Internet Gateway (IGW); and Private Subnets, which do not have direct access to the internet and are used for resources that should not be directly accessible from the internet.
What is the purpose of subnetting a VPC?
The purpose of subnetting a VPC is to organize resources within a VPC into separate network segments for better security, management, and to meet compliance requirements. It also enables you to design a network within AWS that closely resembles a traditional network that you might operate in an on-premises data center.
Can a single AWS VPC have multiple subnets?
Yes, a single AWS VPC can have multiple subnets. This allows you to design a network that segments resources based on their needs, such as public-facing web servers in public subnets and backend systems in private subnets, each with different security requirements.
How does subnetting affect VPC resources?
Subnetting affects VPC resources by determining their IP addressing, internet accessibility, and how they can be accessed both from within the VPC and from external sources. Subnetting provides the foundation for applying access control lists (NACLs) and security group rules.
What factors to consider when planning subnet sizes in a VPC?
When planning subnet sizes in a VPC, consider factors such as the anticipated number of resources to be deployed, the need for growth, network architecture, compliance requirements, and the requirement for public or private access to resources.
How is traffic routed between subnets in a VPC?
Traffic is routed between subnets in a VPC using route tables associated with each subnet. You define rules in these route tables to direct the traffic to specific destinations, such as to an internet gateway, virtual private gateway, NAT device, or another subnet.
What is an Availability Zone and how does it relate to VPC subnets?
An Availability Zone (AZ) is a physically separate location within an AWS Region that is designed to be insulated from failures in other AZs. VPC subnets are created within a specific AZ, enabling you to deploy AWS resources across multiple AZs for high availability and fault tolerance.
What is the difference between the default VPC and custom VPC subnets?
The default VPC comes pre-configured with a default subnet in each Availability Zone, allowing instant deployment of resources. Custom VPCs, and their subnets, are user-defined, providing flexibility to create a network architecture tailored to specific requirements for security, architecture, and subnetting strategies.
Can VPC subnets span across Availability Zones?
No, VPC subnets cannot span across Availability Zones. Each subnet must reside entirely within one Availability Zone, allowing you to architect applications that utilize multiple AZs for higher availability and redundancy.