NAT

  • Network Address Translation (NAT) gateway is used to enable instances in a private subnet to connect to the Internet or other AWS services, but prevent the Internet from initiating a connection with those instances.

NETWORK ACL

  • A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.

  • VPC automatically comes with a modifiable default network ACL. By default, it allows all inbound and outbound IPv4 traffic and, if applicable, IPv6 traffic.

  • We can create a custom network ACL and associate it with a subnet. By default, each custom network ACL denies all inbound and outbound traffic until you add rules.

  • We can associate a network ACL with multiple subnets; however, a subnet can be associated with only one network ACL at a time.

  • A network ACL contains a numbered list of rules that we evaluate in order, starting with the lowest numbered rule, to determine whether traffic is allowed in or out of any subnet associated with the network ACL. The highest number that you can use for a rule is 32766

VPC peering

  • A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses

  • Instances in either VPC can communicate with each other as if they are within the same network.

  • We can peer VPC with other AWS account as well as with other VPC in the same account, but VPCs must be in the same reg

VPN

  • We can connect your VPC to remote networks by using a VPN connection.

  • Here we use AWS hardware VPN.

Egress only internet gateway

  • An egress-only Internet gateway is a VPC component that allows outbound communication over IPv6 from instances in your VPC to the Internet, and prevents the Internet from initiating an IPv6 connection with your instances.

DHCP Options Set

  • The Dynamic Host Configuration Protocol (DHCP) provides a standard for passing configuration information to hosts on a TCP/IP network.

VPC endpoint

  • A VPC endpoint enables you to create a private connection between your VPC and another AWS service without requiring access over the Internet.

  • An endpoint enables instances in your VPC to use their private IP addresses to communicate with resources in other services. Your instances do not require public IPv4 addresses, and you do not need an Internet gateway, a NAT device, or a virtual private gateway in your VPC.

  • We use endpoint policies to control access to resources in other services.

  • Traffic between your VPC and the AWS service does not leave the Amazon network.

(note: only s3 is supported as of now)

  1. VPC Restrictions 1. 5 elastic IP per VPC.

  2. 5 internet gateways per region.

  3. 5 VPC per region (can be increased upon request).

  4. 5 NAT per region.

  5. 5 virtual private gateways per region.

  6. 50 VPN connection per region.

  7. 50 rules per sg.

  8. 50 customer gateways per region. (The customer gateway is the appliance at your end of the VPN connection)

  9. . 100 security group per VPC.

  10. 200 network ACL per region.

  11. 200 Route table per region

PreviousVPCNextPRACTICAL

Last updated