• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/12

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

12 Cards in this Set

  • Front
  • Back

What is the big idea of the white paper?
  • You can use the internet, or you can use an AWS Direct connection as the plumbing to link together all the network parts (the backbone)
  • The connection can terminate into either AWS managed endpoints, or your own internal networks
  • The other configuration option you have is HOW routing is delivered between AWS and your own on-premises services.

What is the idea of a VPC itself?

It's a section of the AWS cloud that you can own, unlike say a SAAS where you don't control their IP

What are the 3 kinds of connection discussed?
  • Network-to-Amazon VPC Connectivity Options
  • VPC to VPC Connectivity
  • Internal user to VPC

What is the big idea behind Network to VPC Connectivity?
  • For extending onsite services into the AWS Cloud
  • The best practice is use a different, contiguous CIDR block per VPC
  • A managed VPN is a customer network connection to a gateway, whereby the gateway can have different availability zones
  • The customer network (on-prem) uses a gateway on its end to 'reach out'
  • Gateway to gateway comms over an IpSec tu nnel

How does AWS Direct Connect work?
  • AWS has a VPC gateway with VPC subnets in multiple availability zones
  • There is a VLAN connection between the gateway and and the AWS Direct Connect Endpoint
  • The AWS Direct Connect Endpoint is connected to the customer network via a WLAN, which the WLAN provider needs to set up
  • VPC's have EC2 instances in a private subnet, so only you can connect to them from the outside world.

How do you use AWS Direct Connect as a 'traffic cop', even if they are in different regions?

Because the customer network (on-prem) side deals with a single connection - on the other end, it doesn't matter.

How does direct connect with a VPN work?
  • Same as Direct Connect, except on the VPC side there is a VPN.
  • This means that the customer network can deal with the private part of the VPC via the tunnel
  • Outside of direct connect the only way in is via the public part

What is a transit VPC?
  • Provide one VPC to connect disparate, multi region VPCS
  • Can centralise network rules filtering etc here

What is the use case for VPC to VPC peering?
  • Integrating multiple VPC's into a larger one
  • Billing and security can be segregated but the resources of the network appears to be transparently linked

What is the security benefit of VPC peering?

Even if resources communicated across accounts and regions, the traffic never leaves the AWS backbone

What is the advantage of a managed VPN?
  • You have one outbound connection from a customer network point of view
  • These are hubs out to multiple different VPC's depending on the header traffic

What is AWS private link used for?
  • You create a network interface in your VPC
  • That connect with resources in another VPC transparently in different accounts