- A virtual network which is isolated and define by customer
- VPC is the network layer for EC2
- Creation needs IPv4 address range CIDR and should not be address that will overlap with other networks
- Components
- Subnets
- 1st four IPs and last IP address in a subnet are reserved by AWS
- Public, Private, VPN
- Route tables
- Determine where traffic is sent and applied to all subnets
- Default route called local route
- VPC has an implicit router
- VPC automatically comes with a main route table
- Each subnet must e associated with a route table. Subnets will use the main route table if not assigned
- Can replace main route table with custom table
- Route table enlists destination CIDR and target
- Internet Gateways
- horizontally scaled
- redundant
- highly available
- provides a target for internet traffic
- Creation
- Attach and IGW
- Then for non local (0.0.0.0) traffic, instantiate a subnet route table
- configure network ACL and Security Groups
- For sending and receiving traffic via IGW, public IP address is needed by the instance
- DHCP Options
- Name servers
- domain name
- NTP servers
- Netbios name servers
- Netbios node type
- Elastic IP Addresses (EIP)
- Allocate then assign them
- Specific to region
- 1 to 1 relationship with network interfaces
- can move EIPs
- Stays with account until explicitly release
- Elastic Network Interfaces (ENI)
- virtual network interface you can assign to an instance
- associate with a subnet
- instance can be dual homed
- Virtual data center in the cloud
- A maximum of 5 VPCs in a AWS region is allowed. It can also be increased
- subnets present in the default VPC have an attached IGW
- Multiple IGW’s can be created, but only a single IGW can be attached to a VPC.. No exceptions
- Again, You can only have 1 Internet gateway per VPC
- Both public and private IP address are present with EC2 instance
- If you delete the default VPC, the only way to get it back is to submit a support ticket
- This answer is correct for the current iteration of tests, however AWS has now crated a mechanism in the console that allows you to recreate a default VPC
- By default when you create a VPC, a default main routing table automatically gets created as well.
- Subnets are associated with single AZ only and not multiple AZ’s
- largest CIDR block for a VPC is /16
- smallest CIDR block for a VPC is /28
- AWS reserves 3 IP addresses in every subnet, as
- x.x.x.0 – Always subnet network address and is never usable
- x.x.x.1 – Reserved by AWS for the VPC router
- x.x.x.2 – Reserved by AWS for subnet DNS
- x.x.x.3 – Reserved by AWS for future use
- x.x.x.255 – Always subnet broadcast address and is never usable.
- 169.254.169.253 – Amazon DNS
- By default all traffic between subnets is allowed
- By default not all subnets have access to the Internet. Either an Internet Gateway or NAT gateway is required for private subnets
- security group can span to multiple AZ’s
- Security Groups are stateful (Don’t need to open inbound and outbound, if inbound is allowed, outbound is auto allowed)
- Network Access Control Lists (NACLs) are stateless (Must define both inbound and outbound rules)
- Hardware VPN connection can be made amongst corporate data center and VPC. Thus, AWS acts as extension of corporate data center
AWS Certified Developer - Associate Free Practice TestTake a Quiz