Amazon Virtual Private Cloud (VPC) Fundamentals

Questions and Answers

PDF Questions PDF Answers

What is the main purpose of Amazon Virtual Private Cloud (VPC)?

To provide a default subnet mask for all AWS resources

To enable launching AWS resources into a virtual network (correct)

To allow easy migration from local infrastructure to the cloud

To create a public network in the Amazon Cloud

What is the default subnet mask for the default VPC?

24 subnet mask

8 subnet mask

20 subnet mask

16 subnet mask (correct)

What is the benefit of creating a custom VPC?

It makes your virtual network less secure

It is only available for public subnets

It allows you to define your own IP address range (correct)

It is only available for default VPCs

What is the effect of a VPC spanning multiple availability zones in a region?

It allows for more flexibility in resource deployment

What is the relationship between a VPC and other virtual networks in the AWS cloud?

They are logically isolated from each other

What comes with each Amazon account?

A default VPC

What is a best practice for resources that don't need to be accessible from the Internet?

Use private subnets

What is charged for each hour in a VPC?

VPN connection hour

What is the purpose of a NAT gateway in a VPC?

To provide secure Internet access to instances in private subnets

How many VPCs should be created for different environments?

Four

What is the CIDR block of the custom VPC in the practice assignment?

10.0.0.0/16

What is the purpose of a virtual private gateway in a VPN connection?

To provide a secure connection on your side in your data center

What is the main benefit of VPC peering?

To allow connections between your own VPCs or with a VPC in another AWS account

What is the purpose of a private IP address?

For communication between instances in the same network

What is the difference between a public and private subnet?

A public subnet is used for resources that must be connected to the Internet

What is the purpose of a NAT device?

To enable instances in a private subnet to connect to the Internet or other AWS services

What is the purpose of a route table?

To determine where network traffic is directed

What is the purpose of a security group?

To act as a virtual firewall that controls traffic for one or more instances

What is the purpose of a network ACL?

To act as an optional layer of security for a VPC that controls traffic in and out of one or more subnets

What is the default net mask for the default subnet in a VPC?

20

What is the benefit of using a NAT Gateway?

It provides better availability and bandwidth

What is the association between an ACL and a subnet in a VPC?

Each subnet in a VPC must be associated with an ACL

What is the benefit of using separate VPCs for different environments?

It makes it easier to manage and organize resources

What is charged for data transferred via a VPN connection or NAT gateway?

Standard AWS data transfer charges

What is the purpose of a NAT device in a private subnet?

To provide access to the Internet for instances in a private subnet

What is the total number of subnets created in the practice assignment?

Two

What is the primary function of Amazon Virtual Private Cloud (VPC)?

To enable launching AWS resources into a virtual network

What is the characteristic of a VPC in the Amazon Cloud?

It is logically isolated from other virtual networks

What is the benefit of using a custom VPC over the default VPC?

It allows you to define your own IP address range

What is the maximum number of private IP addresses available in a default VPC?

65,536

What is the purpose of a VPC in relation to EC2 resources?

It is used as the network layer for EC2 resources

What is the relationship between a VPC and the local infrastructure?

A VPC integrates with the local infrastructure

What is a key consideration when creating a VPC peering connection?

Ensuring the VPCs do not have overlapping CIDRs

What is the purpose of a customer gateway in a VPN connection?

To connect to a data center

What is the limitation of a VPC peering connection?

It is a one-to-one relationship

What is the difference between a public and private IP address?

Public IP addresses are reachable from the internet, while private IP addresses are not

What is the purpose of a subnet in a VPC?

To provide a range of IP addresses for launching AWS resources

What is the limitation of a default VPC?

It cannot be restored once deleted

What is the benefit of using an Elastic IP address?

It provides a static public IP address that can be allocated to and from instances

What is the purpose of a route table in a VPC?

To determine where network traffic is directed

What is the benefit of using a NAT device in a private subnet?

It allows instances in the private subnet to initiate connections to the internet

What is the charge associated with an Elastic IP address?

Only when it is not allocated to an instance

Study Notes

• Migrating to the cloud doesn't mean resources become completely separated from the local infrastructure, and AWS offers services to integrate local resources with the cloud.

• One such service is Amazon Virtual Private Cloud (VPC), which allows creating virtual networks that closely resemble those in your own data centers.

• In this lesson, you'll learn about VPC, understand its concept, and know the difference between public, private, and elastic IP addresses.

• You'll learn about public and private subnets, Internet gateways, route tables, NAT gateways, security groups, and Network ACLs.

• Amazon VPC best practices and costs associated with running a VPC in the Amazon Cloud will also be reviewed.

• Amazon VPC is a virtual private cloud that enables you to launch AWS resources into a virtual network that you've defined.

• A VPC is your own virtual network in the Amazon Cloud, used as the network layer for your EC2 resources.

• Each VPC is logically isolated from other virtual networks in the AWS cloud, fully customizable, and can span multiple availability zones in a region.

• Each Amazon account comes with a default VPC that's pre-configured for you to start using straight away.

• The CIDR block for the default VPC is always a 16 subnet mask, providing up to 65,536 private IP addresses.

• Creating a custom VPC allows you to make things more secure and customize your virtual network as you can define your own IP address range.

• You can create your own subnets that are both private and public, and tighten new security settings.

• By default, instances that you launch into a VPC can't communicate with your own network.

• You can connect your VPCs to your existing data center using a hardware VPN access, creating a hybrid environment.

• A virtual private gateway is required on the Amazon side of the VPN connection, and a customer gateway is required on your side in your data center.

• VPC peering is an important concept to understand, allowing connections between your own VPCs or with a VPC in another AWS account in the same region.

• Peering is a one-to-one relationship, and a VPC can have multiple peering connections to other VPCs.

• Transitive peering is not supported, and VPCs with overlapping CIDRs cannot be paired.

• If you delete the default VPC, you need to contact AWS support to get it back again.

• To create a custom VPC, you can use the VPC wizard or create it manually, giving it a name, CIDR block, and subnet mask.

• Private IP addresses are not reachable over the internet and are used for communication between instances in the same network.

• Public IP addresses are reachable from the internet and are associated with your instances from the Amazon pool of public IP addresses.

• Elastic IP addresses are static or persistent public IP addresses allocated to your account and can be associated with and from your instances as required.

• There is a charge associated with an elastic IP address if it's in your account but not actually allocated to an instance.

• AWS defines a subnet as a range of IP addresses in your VPC, and you can launch AWS resources into a subnet that you select.

• You can use a public subnet for resources that must be connected to the Internet and a private subnet for resources that won't be connected to the Internet.

• The net mask for the default subnet in your VPC is always 20, which provides up to 4096 addresses per subnet.

• A few of them are reserved for AWS use, and the VPC can span multiple availability zones but the subnet is always mapped to a single availability zone.

• Subnets are important for redundancy and failover purposes, and you can spread them across availability zones.

• There are two different types of subnets: public and private, with public subnets used for resources that must be connected to the Internet and private subnets for resources that don't need an internet connection or that you want to protect from the internet.Here is a summary of the text in detailed bullet points:

• Private Subnet and Public Subnet: Create a private subnet for resources that don't need to be accessible from the Internet, and a public subnet for resources that do need to be accessible from the Internet.

• Internet Gateway: Attach an Internet Gateway to a VPC to enable instances in the VPC to connect to the Internet. Only one Internet Gateway can be attached to a VPC.

• Route Table: A route table determines where network traffic is directed. Every subnet must be associated with a route table, and a subnet can only be associated with one route table. Multiple subnets can be associated with the same route table.

• NAT Device: A NAT device enables instances in a private subnet to connect to the Internet or other AWS services, but prevents the Internet from initiating connections with instances in the private subnet. There are two types of NAT devices: NAT Gateway and NAT Instance. AWS recommends using NAT Gateway, which is a managed service that provides better availability and bandwidth.

• Security Group: A security group acts as a virtual firewall that controls traffic for one or more instances. Add rules to each security group to allow traffic to or from its associated instances. Security groups are stateful, and rules are always permissive.

• Network ACL: A network ACL is an optional layer of security for a VPC that acts as a firewall for controlling traffic in and out of one or more subnets. Each subnet in a VPC must be associated with an ACL, and an ACL can be associated with multiple subnets.

• Best Practices: Always use public and private subnets, use private subnets for resources that don't need to be accessible from the Internet, and use NAT devices to provide secure Internet access to instances in private subnets. Choose CIDR blocks carefully, and create separate VPCs for development, staging, test, and production.

• Costs: You are charged for each VPN connection hour, each NAT gateway hour, and standard AWS data transfer charges for data transferred via the VPN connection or NAT gateway.

• Practice Assignment: Create a custom VPC with a CIDR block of 10.0.0.0/16, two subnets (one public and one private), one Internet gateway, one NAT gateway, and two security groups (one for web servers and one for DB servers).

Description

Learn the basics of Amazon Virtual Private Cloud (VPC), including its concept, components, and best practices. Understand how to create a custom VPC, configure subnets, and use security groups and NAT gateways to control traffic. Discover how to integrate local resources with the cloud and manage costs associated with running a VPC.