AWS VPC Questions And Answers

What Is Amazon Virtual Private Cloud (VPC) and Why Is It Used?

  • VPC stands for Virtual Private Cloud.
  • Amazon Virtual Private Cloud (Amazon VPC) provides a logically isolated area of the AWS cloud where you can launch AWS resources in a virtual network that you define.

By using Amazon VPC :

  • You have complete control over your virtual networking environment, including a selection of your IP address range, the creation of subnets, and the configuration of route tables and network gateways.
  • You can easily customize the network configuration for your Amazon Virtual Private Cloud. For example, you can create a public-facing subnet for web servers that can access the internet and can also place your backend system such as databases or application servers to a private-facing subnet.
  • You can provide multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.

 

What can we do with a VPC?

  • Launch instances in a subnet of your choosing. We can choose our own subnet address.
  • We can assign custom IP address ranges in each subnet.
  • We can configure route tables between subnets.
  • We can create an internet gateway and attach it to our VPC.
  • It provides much better security control over your AWS resources.
  • We can assign security groups to individual instances.
  • We also have subnet network access control lists (ACLS).

 

What is VPC Peering

  • VPC Peering is a networking connection that allows you to connect one VPC with another VPC through a direct network route using private IP addresses.
  • Instances behave as if they were on the same private network.
  • You can peer VPCs with other AWS accounts as well as other VPCs in the same account.
  • Peering is in a star configuration, i.e., 1 VPC peers other 4 VPCs.
  • It has no Transitive Peering!!.

Note: Non-Transitive Peering means the networks that you want to connect are directly linked.

  • You can peer between regions. Suppose you have one VPC in one region and the other VPC in another region, then you can peer the VPCs between different regions.

Let’s understand the example of non-transitive peering through an example.

VPC

The above figure shows that VPC B has peered to the VPC A, so instance in VPC B can talk to VPC A. However, VPC B cannot talk to VPC C through VPC A. This is known as Non-Transitive Peering, i.e., both VPC C and VPC B are not directly linked so they cannot talk to each other.

So, to communicate between VPC B and VPC C, we need to peer them as shown in the below figure.

VPC

 

Can you establish a Peering connection to a VPC in a different region?

Yes, we can establish a peering connection to a VPC in a different region. It is called inter-region VPC peering connection.

 

Do you need an internet gateway to use peering connections?

Yes, the Internet gateway is needed to use VPC (virtual private cloud peering) connections.

 

List Some ranges of the private subnet

  • 10.0.0.0 – 10.255.255.255 (10/8 prefix)
  • 172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
  • 192.168.0.0 – 192.168.255.255 (192.108/16 prefix)

 

Name and explain some security products and features available in VPC?

  • Security groups – This acts as a firewall for the EC2 instances, controlling inbound and outbound traffic at the instance level.
  • Network access control lists – It acts as a firewall for the subnets, controlling inbound and outbound traffic at the subnet level.
  • Flow logs – These capture the inbound and outbound traffic from the network interfaces in your VPC.

 

How do you monitor Amazon VPC?

You can monitor VPC by using:

  • CloudWatch and CloudWatch logs
  • VPC Flow Logs

 

How many VPCs can be created per region in an AWS account

5

 

How many Elastic IPs are allowed to be created by AWS?

5 VPC Elastic IP addresses are allowed for each AWS account.

 

What is meant by subnet?

A large section of IP Addresses divided into chunks is known as subnets.

 

 

Why do we make subnets?

Creating subnets means dividing a large network into smaller ones. These subnets can be created for several reasons.

For example, creating and using subnets can help reduce congestion by making sure that the traffic destined for a subnet stays in that subnet. This helps efficiently route the traffic coming to the network, reducing the network’s load.

 

How many Subnets can you have per VPC?

We can have up to 200 Subnets per Amazon Virtual Private Cloud (VPC).

 

In VPC with private and public subnets, database servers should ideally be launched into which subnet?

With private and public subnets in VPC, database servers should ideally launch into private subnets.

 

Is the property of broadcast or multicast supported by Amazon VPC?

No, currently Amazon VPI does not provide support for broadcast or multicast.

 

Can you launch Amazon Elastic Compute Cloud (EC2) instances with predetermined private IP addresses? If yes, then with which Amazon service it is possible?

Yes. It is possible by using VPC (Virtual Private Cloud).

 

Suppose I created a subnet and launched an EC2 instance in the subnet with default settings. Which of the following options will be ready to use on the EC2 instance as soon as it is launched?

  • Elastic IP
  • Private IP
  • Public IP
  • Internet Gateway

Private IP. Private IP is automatically assigned to the instance as soon as it is launched. While elastic IP has to be set manually, Public IP needs an Internet Gateway, which has to be created since it’s a new VPC.

 

Can you name the additional network interface that can be created and attached to your Amazon EC2 instance launched in your VPC?

Elastic Network Interface

 

Your company wants you to propose a solution so that the company’s data center can be connected to the Amazon cloud network. What would be your proposal?

The data center can be connected to the Amazon cloud network by establishing a virtual private network (VPN) between the VPC and the data center.

A virtual private network lets you establish a secure pathway or tunnel from your premise or device to AWS global network.

 

What kind of IP address can you use for your customer gateway (CGW) address?

We can use the Internet routable IP address, which is a public IP address of your NAT device.

 

VPC is not resolving the server through DNS. What might be the issue, and how can you fix it?

To fix this problem, you need to enable the DNS hostname resolution, so that the problem resolves itself.

 

You are an AWS Architect in your company, and you are asked to create a new VPC in the N.Virginia Region with two Public and two Private subnets using the following CIDR blocks:

VPC CIDR = 10.10.10.0/24

Public Subnet

Subnet01 : 10.10.10.0/26
Subnet02 : 10.10.10.64/26

Private Subnet

Subnet03: 10.10.10.128/26
Subnet04: 10.10.10.192/26

Using the above CIDRs you created a new VPC, and you launched EC2 instances in all subnets as per the need.

Now, you are facing an issue in private instances that you are unable to update operating systems from the internet. So, what architectural changes and configurations will you suggest to resolve the issue?

NAT G/W to be installed in one public subnet and will configure the route-table associated with private subnets to add NAT G/W entry to provide internet access to private instances.

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *