Please enable JavaScript.
Coggle requires JavaScript to display documents.
VPC (Security Groups (operate at specific VPC (Applied to NICS…
VPC
Security Groups
operate at specific VPC
Applied to NICS
ELB/RDS/Lambda
IGW to talk from VPC router to Public endpoints/customers
private is default
Troubleshooting
Routing
Routes rqd on both sides
overlapping CIDR
Fitlering
NACL
Explicit blocks
stateless
ordered
corssing a subnet
one per subnet
SG
applies to NICS
no deny
stateful
refernece other SGs in a region
logical Destinations
no order, all rules evaluated
Logging
VPC flow logs for allow/deny
allow/deny pair indidcate NACL allowing SG
Cloudwatch Logs/Metrics
VPC Peering
secure routed connection between 2 vpc's
can be in different account
across regions
cannot reference SG
VPC Endpoints
Interface Endpoint
connect to AWS services
one subnet per AZ
10G
same region only
HA
creates an interface
VPC private DNS support is required
Gateway
only same region
ipv4 only
requires route in route tables where gateway will be used
no sourceip
allow access to public AWS services without requiring Internet Gateway
NAT gateways
Managed NAT service
located in single subnet
utilize elastic IPs
provide inernet access for ec2 within vpc
NACLS
Source service can have an attached SG
cannot ssh
45G
Egress only gateways
IPVT6 internet gateway