Top AWS VPC frequently asked interview questions.
In this post we will look at AWS VPC Interview questions. Examples are provided with explanation.
-
What is Amazon VPC?
-
What are the components of Amazon VPC?
-
What Does an Amazon Vpc Router do?
-
What are Internet Gateways in VPC?
-
What is a NAT Device?
-
What is a subnet in VPC?
-
What are the steps to build a custom VPC?
-
What is the difference between stateful and stateless filtering?
-
How do you determine which Availability Zone my subnets are located in?
-
How many Amazon EC2 instances can you use within a VPC?
-
What is a default VPC?
-
What is the advantage of a default VPC?
-
What is Classiclink?
What is Amazon VPC?
Amazon VPC lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can also create a hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter.You can easily customize the network configuration for your Amazon VPC. For example, you can create a public-facing subnet for your web servers that have access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.
What are the components of Amazon VPC?
Components of Amazon VPC:
-
Virtual Private Cloud (VPC) - A logically isolated virtual network in the AWS cloud. You define a VPC's IP address space from a range you select.
-
Subnet - A segment of a VPC's IP address range where you can place groups of isolated resources.
-
Internet Gateway - The Amazon VPC side of a connection to the public Internet.
-
NAT Gateway - A highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the Internet.
-
Hardware VPN Connection - A hardware-based VPN connection between your Amazon VPC and your datacenter, home network, or co-location facility.
-
Virtual Private Gateway - The Amazon VPC side of a VPN connection. The Customer gateway is the customer side of a VPN connection.
-
Peering Connection - A peering connection enables you to route traffic via private IP addresses between two peered VPCs.
-
VPC Endpoint - Enables Amazon S3 access from within your VPC without using an Internet gateway or NAT, and allows you to control the access using VPC endpoint policies.
What Does an Amazon Vpc Router do?
An Amazon VPC router enables Amazon EC2 instances within subnets to communicate with Amazon EC2 instances in other subnets within the same VPC. The VPC router also enables subnets, Internet gateways, and virtual private gateways to communicate with each other. Network usage data is not available from the router; however, you can obtain network usage statistics from your instances using Amazon CloudWatch.
What are Internet Gateways in VPC?
An Internet Gateway is highly available, horizontally scaled VPC component. Gateways establish coherent connections between your Amazon VPC network and the internet. There can be only one gateway associated with each VPC. These are the VPC components that provide NAT (Network Address Translation) for instances which have already assigned public IP addresses. In the case of internet routable traffic, such a gateway provides a target in your VPC route tables.
What is a NAT Device?
A NAT device in your VPC will enable instances in the private subnet to trigger outbound IPv4 traffic to other AWS services/internet while hindering inbound traffic initiated on the internet. Here when traffic goes out to the internet, IP address gets replaced by NAT device's address and when the response comes back to the instances, the device translates the address of instances back to the private IP addresses. AWS has two types of NAT devices - NAT instance and NAT gateway. Linux AMIs are configured to run as NAT instances. NAT does not support IPv6 as well.
What is a subnet in VPC?
Subnetwork or subnet is a logical subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting. AWS provides two types of subnetting one is Public which allow the internet to access the machine and another is private which is hidden from the internet.