pavan's blog

AWS-Day2-Assignment

Pavan Kumar Gudipati's photo
Pavan Kumar Gudipati
·

4 min read

  1. What are AWS security groups?

    Ans: A security group controls the traffic that is allowed to reach and leave the resources that it is associated with. For example, after you associate a security group with an EC2 instance, it controls the inbound and outbound traffic for the instance. You can associate a security group only with resources in the VPC for which it is created.

  2. What is VPC?

    Ans: With Amazon Virtual Private Cloud (Amazon VPC), you can launch AWS resources in a logically isolated virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS. The following diagram shows an example of VPC.

    A VPC with an internet gateway and subnets in three Availability Zones.

  3. What is meant by subnet?

    Ans: A subnet is a range of IP addresses in your VPC. You can create AWS resources, such as EC2 instances, in specific subnets.

    Each subnet must reside entirely within one Availability Zone and cannot span zones. By launching AWS resources in separate Availability Zones, you can protect your applications from the failure of a single Availability Zone.

    A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP network into multiple, smaller network segments.

    The following diagram shows two VPCs in a Region. Each VPC has public and private subnets and an internet gateway.

    A VPC with subnets in Availability Zones and a Local Zone.

  4. How can you convert a public subnet to a private subnet?

    Ans:

    Yes, it is possible to convert a public subnet to a private subnet after creation. To do this you will need to make the following changes:

    1. Confirm there is already an IGW (Internet Gateway) attached to the VPC. Remove the IGW connection to the public subnet. Create a NAT Gateway in the public subnet and attach it to the subnet you are going to convert with the route table.

  5. What is the difference between security groups and network access control list?

    Ans: NACLs operate at the subnet level and control traffic in and out of a VPC, while Security Groups operate at the instance level and control traffic to and from individual EC2 instances.

    Scope of application: NACLs apply to all instances in a subnet, while Security Groups apply to individual instances.

  6. By default how many IP addresses does AWS reserve in a subnet?

    Ans: Amazon reserves the first four (4) IP addresses and the last one (1) IP address of every subnet for IP networking purposes.

  7. What are route tables? What is the difference between Private Route and Public Route tables?

    Ans:

    A routing table is a set of rules, often viewed in table format, that's used to determine where data packets traveling over an Internet Protocol (IP) network will be directed. This table is usually stored inside the Random Access Memory of forwarding devices, such as routers and network switches.

    The Route table which is routed to IGW is the Public route table and The route table which is routed to NAT Gateway is the Private route table.

  8. What are VPC flow logs?

    Ans: VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs and Amazon S3. After you've created a flow log, you can retrieve and view its data in the chosen destination.

  9. What is VPC peering?

    Ans: A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network.

  10. Create a NAT Gateway, attach it to a private subnet and run apt update to check it works. Identify the difference between IGW and NAT Gateway.

    Ans:

    IgW allows both inbound and outbound access to the internet whereas the NAT Gateway only allows outbound access. Thus, IgW allows instances with public IPs to access the internet whereas NAT Gateway allows instances with private IPs to access the internet.

AWS