- Barajar
ActivarDesactivar
- Alphabetizar
ActivarDesactivar
- Frente Primero
ActivarDesactivar
- Ambos lados
ActivarDesactivar
- Leer
ActivarDesactivar
Leyendo...
Cómo estudiar sus tarjetas
Teclas de Derecha/Izquierda: Navegar entre tarjetas.tecla derechatecla izquierda
Teclas Arriba/Abajo: Colvea la carta entre frente y dorso.tecla abajotecla arriba
Tecla H: Muestra pista (3er lado).tecla h
Tecla N: Lea el texto en voz.tecla n
Boton play
Boton play
18 Cartas en este set
- Frente
- Atrás
|
When you create a VPC you create automatically
|
*Route Table
*Netwrok ACL *Security Group |
|
How we storage data from Redshift to S3 bucket only be transported within the AWS private Network?
|
*Enable Amazon Redshift Enhanced VPC Routing.
*Create and configure an Amazon S3 VPC endpoint. Redshift will not be able to access the S3 VPC endpoints without enabling Enhanced VPC routing. |
|
VPC flow logs
|
Get the source IP addressess that access in a Private Subnet
Monitor traffic flowing in and out of EC2. The EC2 is in a VPC. VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs. |
|
EC2 is in a private subnet.
EC2 need to access to S3. |
*Create a VPC endpoint for S3.
*Use route table to control which instances can Access to S3 via endpoint. *The traffic go inside Amazon Private network. |
|
Application needs to access resources from another AWS account of another VPC in the same regions. How can do this?
|
VPC Peering between both accounts.
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC Peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region. |
|
Connect two applications and use the internal AWS network between two different VPCs. The solution will be highly scalable and secure.
|
* Deploy Network Load Balancer with VPC endpoint services (AWS Private Link) to establish connectivity between the VPC's in the Region.
|
|
When you use a VPC Endpoints?
|
When you want to connect AWS services without leaving Amazon Internal Network
|
|
Types of VPC endpoints
|
Interface endpoint
Gateway endpoint *Useful to connect S3 and DynamoDB |
|
VPC Peering
|
Connect 1 VPC with other
Transitive peering is not supported Peer between regions No overlapping CIDR address ranges |
|
AWS PrivateLink
|
Peering VPCs to 10, 100 or 1000 of customer VPCs.
Require a NLB on the VPC and ENI on the customer VPC. |
|
VPN Connections
|
Connect VPCs with On-premise Network
"VPN Connections" encrypts the traffic. By default, instances that you launch into an Amazon VPC can't communicate with your own (remote) network. You can enable access to your remote network from your VPC by attaching a virtual private gateway to the VPC, creating a custom route table, updating your security group rules, and creating an AWS managed VPN connection. |
|
AWS Direct Connect
|
Allow to connect VPC with on-premise network
AWS Direct Connect does not encrypt traffic in connections between AWS VPCs and the On-premises network. |
|
Prerequisite to establish connection between on-premise network to the VPC.
|
Public IP address on the customer gateway for the on-premise network.
Virtual Private Gateway attached to the VPC. "VPN Connections" encrypts the traffic. By default, instances that you launch into an Amazon VPC can't communicate with your own (remote) network. You can enable access to your remote network from your VPC by attaching a virtual private gateway to the VPC, creating a custom route table, updating your security group rules, and creating an AWS managed VPN connection. |
|
Connection between on-premise network to the VPC with "redundacy"
|
Direct Connect with LAG enable
|
|
Transit Gateway
|
Limit how VPCs talk to one another
Work with Direct Connect and VPN Connections |
|
Company use AWS transit gateway to interconnect VPC and on-premise network. The security team asks to implement a control that allow or block traffic between EC2 network interfaces and Transit Gateway. What is a good approach to accomplish?
|
Apply NACL rules between EC2 instances in the subnets and Transit Gateway associations to control the traffic.
|
|
Your company uses REST APIs to expose critical patient data to internal front-end systems. The data is stored in Aurora.
How can you ensure that patient data REST endpoints is only accessed by authorized internal users? |
Use IAM resource policies to restrict access to your REST APIs by adding the aws:SourceVpce condition to the API Gateway resource policy
Use an Interface VPC Endpoint to make your REST endpoint private and only accessible from within your VPC and through your VPC endpoint. |
|
You have EC2 instance in a subnet of VPC.
EC2 instances should have completed access to the internet. EC2 is in a public subnet. What of the following is necessary ? |
Add routes for 0.0.0.0/0 in the Internet Gateway
|
