VPC BULLET POINTS

  1. VPC stands for Virtual Private Cloud
  2. The VPC can be considered as the starting point for all architecture in AWS
  3. Creating a VPC necessitates determining which ip ranges are currently in use by the organization being designed for
  4. To determine how many ranges a business will require, determine the number of regions the business will operate in
  5. The ip range is known as a CIDR block
  6. CIDR stands for Classless Inter-Domain Routing
  7. This is an advancement over the formerly used classful addressing
  8. The CIDR block is determined based on what size the VPC will be
  9. The CIDR block looks like an ip address with a slash and a number (1.1.1.1/8)
  10. The slash indicates the subnet mask used to determine the network portion
  11. The default AWS CIDR block is 172.31.0.0/16
  12. The default should be avoided whenever possible
  13. VPC sizing is based on various factors, including number of subnets, total ip’s, ip’s per subnet, number of availability zones the VPC will use
  14. Services run from subnets in the VPC, not directly from the VPC itself
  15. Subnets are created and run from one AZ
  16. One AZ can have multiple subnets
  17. DNS can be used in VPC
  18. DNS is provided by Rte. 53
  19. DHCP can be applied to a VPC by the DHCP options set
  20. The options set is created with each VPC
  21. DHCP options sets can also be created
  22. The created options set cannot be edited
  23. This controls things like DNS and NTP servers
  24. The options set can auto assign Public IPv4
  25. The options set can auto assign IPV6
  26. Internet gateways enable data to enter from and exit to the AWS public zone on the public internet
  27. There is a VPC router that is part of every VPC; there is a default version and can be created
  28. A VPC has a main route table connected with it
  29. Custom route tables can be created: this dissociates the default route table
  30. A subnet can only have one route table associated with it
  31. A route table can be associated with multiple subnets
  32. A route table is simply a list of routes
  33. The VPC uses the route table to verify destination addresses
  34. IGW stands for Internet Gateway
  35. The internet gateway enable for private ip addresses to be associated with public ip addresses for the purposes of routing traffic into and out of the VPC
  36. This helps preserve security inside the VPC
  37. Bastion hosts are another security feature connected to VPC’s
  38. The Bastion host serves as the single point of focus for traffic entering and leaving the VPC
  39. The combination of the VPC router, Internet Gateway and Bastion host work together
  40. NACL means Network Access Control List
  41. The NACL is a firewall that surrounds the VPC subnet
  42. It is associated directly with the subnet, not any specific resource
  43. The NACL is formed of an inbound set of rules and an outbound set of rules
  44. These inbound and outbound set of rules regulate data moving into the VPC
  45. SG stands for Security Group
  46. Security groups operate at a higher level than NACL’s
  47. Integrates closely with products and services
  48. It acts as a boundary that filters internet traffic
  49. NAT stands for Network Address Translation
  50. This is a process for giving a resource outgoing only access to the internet
  51. This is the AWS implementation available in a VPC
  52. NAT is a set of processes for remapping source or destination ip’s
  53. Internet Gateways use static NAT
  54. When packets leave Internet Gateways, NAT adjusts private ip addresses to public
  55. When packets enter Internet Gateways, NAT adjust the public ip addresses to private
  56. NAT uses IP masquerading which hides many private IP’s behind one public IP

Published by pauldparadis

Working towards cloud networking security as a profession.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: