1. What is a Virtual Private Cloud (VPC)?
Answer:
A VPC is an isolated section of the AWS cloud where resources can be launched within a defined virtual network. It allows complete control over IP address ranges, subnets, route tables, and security configurations.
2. What are the key components of a VPC?
Answer:
Subnets: Divide a VPC into smaller networks.
Route Tables: Manage routing for subnets.
Internet Gateway (IGW): Allows internet access.
NAT Gateway: Enables private instances to access the internet.
Security Groups: Act as a virtual firewall for resources.
Network ACLs: Control traffic at the subnet level.
3. How do you connect multiple VPCs?
Answer:
Use VPC Peering or Transit Gateway:
VPC Peering: For direct, one-to-one connections.
Transit Gateway: For scalable, one-to-many or many-to-many connections.
4. What is the difference between Security Groups and Network ACLs?
Answer:
Security Groups: Operate at the instance level, stateful, and allow only specific traffic.
Network ACLs: Operate at the subnet level, stateless, and allow or deny traffic.
5. Explain the differences between public and private subnets.
Answer:
Public Subnet: Connected to the internet via an IGW.
Private Subnet: Access the internet via a NAT Gateway or NAT instance.
6. What are NAT Gateways and NAT Instances?
Answer:
NAT Gateway: Fully managed, high availability, scales automatically.
NAT Instance: User-managed EC2 instance, that requires manual scaling and maintenance.
7. How does an Internet Gateway differ from a NAT Gateway?
Answer:
Internet Gateway: Provides internet access to resources in a VPC.
NAT Gateway: Allows outbound internet access for private subnet resources.
8. What is the difference between Elastic IP and Public IP?
Answer:
Elastic IP: A static IPv4 address associated with your AWS account.
Public IP: A dynamically assigned IP address for EC2 instances, released when the instance stops.
9. What is a VPC Flow Log?
Answer:
A VPC Flow Log captures IP traffic metadata flowing in and out of VPCs, subnets, or network interfaces. It is useful for troubleshooting and compliance.
10. How does AWS ensure high availability and fault tolerance in a VPC?
Answer:
AWS uses:
Multiple Availability Zones (AZs) for redundancy.
Elastic Load Balancers (ELBs) and Auto Scaling Groups (ASGs) for distribution and scalability.
Cross-region VPC peering for disaster recovery.
11. What are VPC Endpoints?
Answer:
VPC Endpoints enable private access to AWS services without using the internet:
Interface Endpoint: Uses ENI for services like S3, and DynamoDB.
Gateway Endpoint: Used specifically for S3 and DynamoDB.
12. Can you explain AWS Transit Gateway?
Answer:
A Transit Gateway connects multiple VPCs and on-premises networks through a central hub, simplifying complex architectures.
13. How do you secure a VPC?
Answer:
Use IAM roles for access control.
Enable encryption for data in transit and at rest.
Set up flow logs for monitoring.
Implement security groups and NACLs for granular traffic control.
14. What is the role of DHCP in a VPC?
Answer:
DHCP Options Sets in a VPC specify configuration settings such as domain names and DNS servers for instances.
15. What are the key considerations when designing a VPC?
Answer:
Plan CIDR ranges to avoid IP conflicts.
Optimize subnet placement across AZs.
Configure high availability and disaster recovery.
Ensure scalability with NAT Gateways, ELBs, and ASGs.
🎯Conclusion
Mastering AWS VPC networking concepts is essential for building secure, scalable, and efficient cloud architectures. By understanding the core components, connectivity options, and security features, you can design and manage VPCs tailored to diverse business needs.