Regions and AZs | Controlling VPC Traffic | Integrating On-Premises Components | CIDR and Subnets | Potpourri |
---|---|---|---|---|
Two
How many AZs should you use generally (without a compelling reason to do otherwise)?
|
Security Groups
This virtual firewall service remembers state, so once it allows an inbound request, the corresponding outbound request is OKed automatically.
|
On-Premises (Components)
What is the name used by AWS to refer to hardware at the customer location?
|
16 = 2^4
172.32.0.0/28 contains how many IP addresses? (including the 5 reserved ones)
|
One
How many VPC peering connections are allowed between any pair of VPCs?
|
Two
How many AZs exist at minimum inside of a Region?
|
Route Table
This serves as a map to how to enter and leave the network.
|
VPN
This type of connection is more secure but not faster than accessing AWS through the internet. You can use an AWS Gateway or setup your own EC2 instance in a public subnet to use this.
|
/16 to /28
What is the range of possible CIDR post-fixes (ends) from largest to smallest?
|
Root
The name of the base of the Organizations tree.
|
Data sovereignty and compliance
When choosing a Region, this factor is primary and concerns where your data can even be stored (physically).
|
Network Access Control List (NACL)
This virtual firewall service controls security on the subnet level (rather than per-instance).
|
AWS Direct Connect
This is the fastest, most secure way to connect on-premises components to AWS that is also the most expensive.
|
Multi-VPC
This is the name of an architecture with a single account and multiple VPCs managed by one account.
|
Service Control Policy
These can be attached to either OUs or users (or the root) in Organizations to limit or allow access to stuff.
|
Cost Effectiveness
This is the fourth and least important consideration when deciding what Region to host your application in.
|
VPC flow logs
This is the name of the collection of accepted and rejected traffic on a VPC.
|
All US Regions and GovCloud
AWS Direct Connect provides direct access to the region it is a part of as well as which regions?
|
Multi-account
This is the name of the architecture where there are multiple VPCs but each VPC is managed by a different user account.
|
A handshake
What is the name of the exchange of information between parties in AWS Organizations?
|
Proximity to User
Amazon found that a 100 ms delay led to a 1% drop in sales. This factor of choosing a Region is why.
|
chaining diagram
The name of the diagram used in the slides to show how Security Groups can interlock to create layered security.
|
Amazon Virtual Gateway (VGW)
What is the name of the Amazon service that accepts multiple VPN connections?
|
”jump” box
A NAT/proxy/bastion host for restricted outbound-only public internet access from a private VPC that is barely mentioned in the slides.
|
transitivity
The slide reader was very insistent that peering does not have what mathematical property that might make you think that having VPC A peered to VPC B and B peered to C would automatically mean VPCs A and C are peers now.
|