VPC Networking Fundamentals

Questions and Answers

What is a VPC in AWS?

A private network to deploy your resources

What is the purpose of subnets in a VPC?

To partition your network inside your VPC

What type of subnet is accessible from the internet?

Public subnet

What is used to define access to the internet and between subnets?

Route Tables

What type of resource is a VPC in AWS?

Regional resource

What is the primary purpose of a NAT Gateway or Instance?

To allow private subnets to access the internet

What is the benefit of using a VPC Endpoint?

It provides private access to AWS services within a VPC

What is the primary difference between a NAT Gateway and a NAT Instance?

A NAT Instance is managed by AWS, while a NAT Gateway is managed by the user

What is the purpose of a VPC Flow Log?

To capture network traffic logs for security and monitoring

What is the primary benefit of using a Transit Gateway?

It connects thousands of VPC and on-premises networks together

Study Notes

Virtual Private Cloud (VPC)

• A VPC is a private network to deploy resources, and it's a regional resource.
• A VPC allows partitioning of the network inside it using subnets.

Subnets

• Subnets are a way to partition a network inside a VPC.
• A subnet is a resource specific to an Availability Zone.

Types of Subnets

• A public subnet is a subnet that is accessible from the internet.
• A private subnet is a subnet that is not accessible from the internet.

Route Tables

• Route Tables are used to define access to the internet and between subnets.

VPC Components

• A VPC is a Virtual Private Cloud that can be partitioned into subnets, which are tied to an Availability Zone (AZ).
• An Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that provides Internet access at the VPC level.
• NAT Gateways/Instances provide internet access to private subnets, while ensuring that the private subnets remain private.
• Network Access Control Lists (NACLs) are stateless and operate at the subnet level, filtering inbound and outbound traffic based on rules.

Security and Connectivity

• Security Groups are stateful and operate at the EC2 instance level or Elastic Network Interface (ENI), controlling inbound and outbound traffic.
• VPC Peering connects two VPCs with non-overlapping IP ranges, but is non-transitive, meaning it does not enable connectivity between VPCs that are not directly peered.
• Elastic IP addresses are fixed public IPv4 addresses that incur an ongoing cost if not in use.

Accessing AWS Services

• VPC Endpoints provide private access to AWS services within a VPC, eliminating the need for internet gateways or NAT gateways.
• PrivateLink enables private connections to services in third-party VPCs.

Monitoring and Logging

• VPC Flow Logs provide logs for network traffic, allowing for monitoring and analysis.

VPN and Direct Connect

• Site-to-Site VPN establishes a VPN connection over the public internet between an on-premises data center and AWS.
• Client VPN enables an OpenVPN connection from a computer into a VPC.
• Direct Connect provides a direct, private connection to AWS, bypassing the public internet.
• Transit Gateway allows connecting thousands of VPCs and on-premises networks together, enabling a scalable and secure network architecture.

Description

Learn the basics of Virtual Private Cloud (VPC) networking, including subnets, route tables, and access control. Understand the difference between public and private subnets and how to deploy resources in a VPC.