Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

VPC Overview

  1. Home
  3. AWS Certified SysOps Administrator – Associate (SOA-C01)
  5. VPC Overview
  • Customer define virtual network isolated section of AWS
  • VPC is the network layer for EC2
  • Creation needs IPv4 address range CIDR and should not be address that will overlap with other networks
  • Components
  • Subnets
    • AWS reserves the 1st four IPs and the last IP
    • Public, Private, VPN
  • Route tables
    • Determine where traffic is sent and applied to all subnets
    • Default route called local route
    • VPC has an implicit router
    • VPC automatically comes with a main route table
    • Each subnet must e associated with a route table. Subnets will use the main route table if not assigned
    • Can replace main route table with custom table
    • Each route table specifies a destination CIDR and a target
  • Internet Gateways
    • horizontally scaled
    • redundant
    • highly available
    • provides a target for internet traffic
    • Creation
      • Attach and IGW
      • create a subnet route table to send all non local (0.0.0.0) traffic to IGW
      • configure network ACL and Security Groups
      • EC2 instance must have a public ip to send and receive traffic through the IGW
  • DHCP Options
    • Name servers
    • domain name
    • NTP servers
    • Netbios name servers
    • Netbios node type
  • Elastic IP Addresses (EIP)
    • Allocate then assign them
    • Specific to region
    • 1 to 1 relationship with  network interfaces
    • can move EIPs
    • Stays with account until explicitly release
  • Elastic Network Interfaces (ENI)
    • virtual network interface you can assign to an instance
    • associate with a subnet
    • instance can be dual homed
  • Virtual data center in the cloud
  • Allowed up to 5 VPCs in each AWS region by default. This limit can be increased with a support ticket request
  • All subnets in default VPC have an Internet gateway attached
  • Multiple IGW’s can be created, but only a single IGW can be attached to a VPC.. No exceptions
  • Again, You can only have 1 Internet gateway per VPC
  • Each EC2 instance has both a public and private IP address
  • If you delete the default VPC, the only way to get it back is to submit a support ticket
  • This answer is correct for the current iteration of tests, however AWS has now crated a mechanism in the console that allows you to recreate a default VPC
  • By default when you create a VPC, a default main routing table automatically gets created as well.
  • Subnets are always mapped to a single AZ
  • Subnets can not be mapped to multiple AZ’s
  • /16 is the largest CIDR block available when provisioning an IP space for a VPC
  • /28 is the smallest CIDR block available when provisioning an IP space for a VPC
  • Amazon uses 3 of the available IP addresses in a newly created subnet
    • x.x.x.0 – Always subnet network address and is never usable
    • x.x.x.1 – Reserved by AWS for the VPC router
    • x.x.x.2 – Reserved by AWS for subnet DNS
    • x.x.x.3 – Reserved by AWS for future use
    • x.x.x.255 – Always subnet broadcast address and is never usable.
  • 169.254.169.253 – Amazon DNS
  • By default all traffic between subnets is allowed
  • By default not all subnets have access to the Internet. Either an Internet Gateway or NAT gateway is required for private subnets
  • A security group can stretch across different AZ’s
  • Security Groups are stateful (Don’t need to open inbound and outbound, if inbound is allowed, outbound is auto allowed)
  • Network Access Control Lists (NACLs) are stateless (Must define both inbound and outbound rules)
  • You can also create Hardware Virtual Private Network (VPN) connection between your corporate data center and your VPC and leverage the AWS cloud as an extension of your corporate data center
Menu