AWS VPC Interview Questions and Answers
1. What is Amazon VPC?
Amazon Virtual Private Cloud (VPC) is a service that allows you to launch AWS resources into a virtual network that you’ve defined. With VPC, you can control access to resources, as well as manage network traffic.
2. What are the benefits of using Amazon VPC?
The benefits of using Amazon VPC include:
- Increased security and control over your AWS resources
- The ability to launch AWS resources into a virtual network that is isolated from the public internet
- The ability to customize network configurations, such as subnets, route tables, and network gateways
- The ability to use multiple IP address ranges and assign IP addresses to instances
3. What is the difference between a public subnet and a private subnet?
A public subnet is a subnet that has direct access to the internet, while a private subnet does not. Instances launched into a public subnet can communicate with the internet, while instances in a private subnet cannot. Private subnets are typically used for resources that should not be directly accessible from the internet, such as databases or application servers.
4. What is a security group in Amazon VPC?
A security group in Amazon VPC acts as a firewall for EC2 instances. It controls the traffic that is allowed to reach the instances by specifying the protocols, ports, and source IP ranges that are permitted. Each instance in a VPC must be associated with one or more security groups, and each security group can be associated with multiple instances.
5. What is a VPC endpoint?
A VPC endpoint is a mechanism for accessing AWS services privately from within a VPC without going over the public internet. This allows you to securely connect to AWS services, such as S3 or DynamoDB, from within your VPC without exposing the connection to the internet.
6. What is a VPC peering connection?
A VPC peering connection is a way to connect two Amazon VPCs so that instances in either VPC can communicate with each other as if they are within the same network. VPC peering connections do not allow instances to communicate with each other over the public internet, and they do not rely on an Internet Gateway or VPN connection.
7. What is an Internet Gateway in Amazon VPC?
An Internet Gateway (IGW) in Amazon VPC is a horizontally scaleable, redundant, and highly available VPC component that allows communication between instances in a VPC and the internet. An IGW serves as the target of the default route in the main route table for the VPC, and it provides a way for instances to send and receive data over the internet.
8. What is a NAT Gateway in Amazon VPC?
A Network Address Translation (NAT) Gateway in Amazon VPC allows instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating connections with those instances. A NAT Gateway is horizontally scalable and provides automatic failover, and it can be used to enable instances in private subnets to communicate with the internet while preserving their private IP addresses.
9. What is a VPC Endpoint Service?
A VPC Endpoint Service is a service that enables you to connect to AWS services from your Amazon VPC without requiring a NAT gateway, VPN connection, or AWS Direct Connect connection. VPC Endpoint Services allow you to communicate with AWS services over an Amazon VPC endpoint, which is a highly available, scalable, and redundant network interface.
10. What is an Elastic IP address in Amazon VPC?
An Elastic IP address in Amazon VPC is a static IPv4 address that can be assigned to an instance, and it remains associated with the instance even if it is stopped or terminated. Elastic IP addresses are used to preserve the public IP address of an instance when it is stopped or terminated, and to allow instances to be reachable even if the instance is moved to a different subnet in the VPC.
11. What is a route table in Amazon VPC?
A route table in Amazon VPC is a component that contains a set of rules, called routes, that are used to determine where network traffic is directed. Each subnet in a VPC must be associated with a route table, which controls the traffic routing for the subnet.
12. What is a subnet in Amazon VPC?
A subnet in Amazon VPC is a range of IP addresses in a VPC’s IP address range that is separated into a distinct segment. Subnets can be used to group instances into different network segments, and they can also be used to control network access and traffic routing.
13. What is a network ACL in Amazon VPC?
A network ACL (Access Control List) in Amazon VPC is a component that acts as a firewall for controlling traffic in and out of a subnet. A network ACL contains a set of rules that allow or deny traffic, and it can be associated with one or more subnets in a VPC.
14. What is an Amazon VPC flow log?
An Amazon VPC flow log is a feature that enables you to capture information about the IP traffic flowing to and from network interfaces in a VPC. VPC flow logs can be used for network traffic analysis, security auditing, and troubleshooting.
15. What is Amazon VPC traffic mirroring?
Amazon VPC traffic mirroring is a feature that enables you to duplicate and forward traffic from an Amazon Elastic Network Interface to another resource in the same VPC or a different VPC. Traffic mirroring can be used for network traffic analysis, security auditing, and troubleshooting.
16. What is an Amazon VPC VPN connection?
An Amazon VPC VPN connection is a VPN connection between a VPC and an on-premises data center, or between two VPCs. A VPN connection can be used to extend the network of an on-premises data center into a VPC, or to connect two VPCs to each other.
17. What is a VPC endpoint for Amazon S3?
A VPC endpoint for Amazon S3 is a VPC component that enables you to connect to Amazon S3 from your VPC without requiring a NAT gateway, VPN connection, or AWS Direct Connect connection. A VPC endpoint for Amazon S3 allows you to communicate with Amazon S3 over a VPC endpoint, which is a highly available, scalable, and redundant network interface.
18. What is Amazon VPC Ingress Routing?
Amazon VPC Ingress Routing is a feature that enables you to route incoming traffic to a VPC to one or more network load balancers, network address translation (NAT) gateways, VPN gateways, or peered VPCs. VPC Ingress Routing allows you to control incoming traffic to your VPC, and it provides a way to route incoming traffic to different components of your VPC network.
19. What is an Amazon VPC egress-only Internet Gateway?
An Amazon VPC egress-only Internet Gateway is a VPC component that enables instances in a VPC to send traffic to the internet, but prevents the internet from initiating connections with those instances. An egress-only Internet Gateway provides a secure way for instances in a VPC to access the internet without exposing their private IP addresses.
20. What is an Amazon VPC endpoint policy?
An Amazon VPC endpoint policy is a policy document that is used to control access to an Amazon VPC endpoint. An endpoint policy is a JSON document that specifies the permissions for accessing the resources in an Amazon S3 bucket, Amazon SQS queue, or other AWS services. Endpoint policies can be used to control access to specific resources within a service and to specify who can access those resources.
21. What is the purpose of Amazon VPC security groups?
Amazon VPC security groups act as a firewall for Amazon EC2 instances, controlling both inbound and outbound traffic. Security groups allow you to specify which traffic is allowed to reach your instances and which traffic should be blocked. You can create rules that specify source and destination, protocol, and port range, and security groups can be assigned to multiple instances.
22. How does Amazon VPC peering work?
Amazon VPC peering is a way to connect two Amazon VPCs in the same region and allow communication between instances in the VPCs as if they were within the same network. With VPC peering, instances in either VPC can communicate with each other using their private IP addresses. VPC peering does not allow communication between the Internet and instances in either VPC.
23. What is a VPC endpoint for AWS services?
A VPC endpoint for AWS services is a VPC component that enables communication between instances in a VPC and AWS services without requiring traffic to flow over the Internet. Endpoints for AWS services provide a way for instances in a VPC to securely communicate with other AWS services without going through the public Internet.
24. What is Amazon VPC traffic isolation?
Amazon VPC traffic isolation is a feature that allows you to isolate network traffic within a VPC by using multiple subnets, security groups, network ACLs, and route tables. Traffic isolation enables you to create a secure and isolated environment for sensitive applications and data within a VPC.
25. What is the difference between Amazon VPC and Amazon EC2?
Amazon VPC is a virtual network in the cloud that enables you to launch Amazon Web Services (AWS) resources into a virtual network. Amazon EC2 is a service that provides scalable computing capacity in the cloud. While Amazon VPC provides the networking infrastructure for your resources, Amazon EC2 provides the computing resources. You can launch instances in an Amazon VPC to create your own virtual network in the cloud.