• A virtual network which is isolated and define  by customer
  • VPC is the network layer for EC2
  • Creation needs IPv4 address range CIDR and should not be address that will overlap with other networks
  • Components
  • Subnets
    • 1st four IPs and last IP address in a subnet are reserved by AWS
    • Public, Private, VPN
  • Route tables
    • Determine where traffic is sent and applied to all subnets
    • Default route called local route
    • VPC has an implicit router
    • VPC automatically comes with a main route table
    • Each subnet must e associated with a route table. Subnets will use the main route table if not assigned
    • Can replace main route table with custom table
    • Route table enlists destination CIDR and target
  • Internet Gateways
    • horizontally scaled
    • redundant
    • highly available
    • provides a target for internet traffic
    • Creation
      • Attach and IGW
      • Then for non local (0.0.0.0) traffic, instantiate a subnet route table
      • configure network ACL and Security Groups
      • For sending and receiving traffic via IGW, public IP address is needed by the instance
  • DHCP Options
    • Name servers
    • domain name
    • NTP servers
    • Netbios name servers
    • Netbios node type
  • Elastic IP Addresses (EIP)
    • Allocate then assign them
    • Specific to region
    • 1 to 1 relationship with  network interfaces
    • can move EIPs
    • Stays with account until explicitly release
  • Elastic Network Interfaces (ENI)
    • virtual network interface you can assign to an instance
    • associate with a subnet
    • instance can be dual homed
  • Virtual data center in the cloud
  • A maximum of 5 VPCs in a AWS region is allowed. It can also be increased
  • subnets present in the default VPC have an attached IGW
  • Multiple IGW’s can be created, but only a single IGW can be attached to a VPC.. No exceptions
  • Again, You can only have 1 Internet gateway per VPC
  • Both public and private IP address are present with EC2 instance
  • If you delete the default VPC, the only way to get it back is to submit a support ticket
  • This answer is correct for the current iteration of tests, however AWS has now crated a mechanism in the console that allows you to recreate a default VPC
  • By default when you create a VPC, a default main routing table automatically gets created as well.
  • Subnets are associated with single AZ only and not multiple AZ’s
  • largest CIDR block  for a VPC is /16
  • smallest CIDR block  for a VPC is /28
  • AWS reserves 3 IP addresses in every subnet, as
    • x.x.x.0 – Always subnet network address and is never usable
    • x.x.x.1 – Reserved by AWS for the VPC router
    • x.x.x.2 – Reserved by AWS for subnet DNS
    • x.x.x.3 – Reserved by AWS for future use
    • x.x.x.255 – Always subnet broadcast address and is never usable.
  • 169.254.169.253 – Amazon DNS
  • By default all traffic between subnets is allowed
  • By default not all subnets have access to the Internet. Either an Internet Gateway or NAT gateway is required for private subnets
  • security group can span to multiple AZ’s
  • Security Groups are stateful (Don’t need to open inbound and outbound, if inbound is allowed, outbound is auto allowed)
  • Network Access Control Lists (NACLs) are stateless (Must define both inbound and outbound rules)
  • Hardware VPN connection can be made amongst corporate data center and VPC. Thus, AWS acts as extension of corporate data center
Menu