Interview Questions.

AWS VPC Interview Questions and Answers


AWS VPC Interview Questions and Answers

Q1. What is Amazon Virtual Private Cloud?

Ans: Amazon VPC helps you to provision a logically isolated section of the Amazon Web Services (AWS) cloud where you could release AWS assets in a digital community that you outline. You have complete control over your virtual networking environment, which include choice of your personal IP deal with stages, advent of subnets, and configuration of course tables and network gateways. You can also create a hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter.

You can without problems personalize the network configuration for your Amazon VPC. For instance, you can create a public-dealing with subnet on your internet servers which have get right of entry to to the Internet, and area your backend structures including databases or utility servers in a private-facing subnet and not using a Internet get entry to. You can leverage more than one layers of safety, consisting of security organizations and network get right of entry to manipulate lists, to assist manage get admission to to Amazon EC2 instances in every subnet.

Q2. What are the components of Amazon VPC?

Ans: Amazon VPC accommodates a ramification of items so as to be familiar to customers with existing networks:

A Virtual Private Cloud: A logically isolated digital network within the AWS cloud. You outline a VPC’s IP address space from stages you pick.

Subnet: A section of a VPC’s IP address range wherein you can vicinity corporations of isolated assets.

Internet Gateway: The Amazon VPC aspect of a connection to the general public Internet.

NAT Gateway: A incredibly available, managed Network Address Translation (NAT) carrier in your assets in a non-public subnet to get right of entry to the Internet.

Hardware VPN Connection: A hardware-based VPN connection among your Amazon VPC and your datacenter, home network, or co-place facility.

Virtual Private Gateway: The Amazon VPC facet of a VPN connection.

Customer Gateway: Your side of a VPN connection.

Router: Routers interconnect subnets and direct visitors among Internet gateways, virtual non-public gateways, NAT gateways, and subnets.

Peering Connection: A peering connection enables you to route traffic through private IP addresses between two peered VPCs.

VPC Endpoints: Enables private connectivity to services hosted in AWS, from inside your VPC without using an an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies.

Egress-simplest Internet Gateway: A stateful gateway to offer egress handiest get entry to for IPv6 visitors from the VPC to the Internet.

Q3. What are the connectivity options for my VPC ?

Ans: You might also connect your VPC to:

The Internet (via an Internet gateway)

Your corporate facts center using a Hardware VPN connection (thru the digital personal gateway)

Both the Internet and your corporate records middle (using both an Internet gateway and a digital personal gateway)

Other AWS offerings (thru Internet gateway, NAT, digital non-public gateway, or VPC endpoints)

Other VPCs (through VPC peering connections)

Q4. How do you connect my VPC to the Internet ?

Ans: Amazon VPC supports the advent of an Internet gateway. This gateway enables Amazon EC2 times inside the VPC to at once get entry to the Internet.

Q5. What Are The Differences Between Security Groups In A Vpc And Network Acls In A Vpc?

Ans: Security businesses in a VPC specify which traffic is permitted to or from an Amazon EC2 example. Network ACLs perform on the subnet stage and examine site visitors entering and exiting a subnet. Network ACLs may be used to set both Allow and Deny guidelines. Network ACLs do no longer filter traffic between times inside the same subnet. In addition, network ACLs carry out stateless filtering while protection groups carry out stateful filtering.


Q6. How do instances in a VPC get right of entry to the Internet?

Ans: You can use public IP addresses, including Elastic IP addresses (EIPs), to present times in the VPC the potential to both at once talk outbound to the Internet and to acquire unsolicited inbound site visitors from the Internet (e.G., internet servers). You also can use the solutions inside the next query.

Q7. How does a hardware VPN connection work with Amazon VPC?

Ans: A hardware VPN connection connects your VPC in your datacenter. Amazon helps Internet Protocol protection (IPsec) VPN connections. Data transferred among your VPC and datacenter routes over an encrypted VPN connection to help preserve the confidentiality and integrity of records in transit. An Internet gateway isn't required to establish a hardware VPN connection.

Q8. What is IPsec?

Ans: IPsec is a protocol suite for securing Internet Protocol (IP) communications by way of authenticating and encrypting every IP packet of a information circulate.

Q9. Which consumer gateway devices can I use to connect to Amazon VPC

Ans: There are  styles of VPN connections that you can create: statically-routed VPN connections and dynamically-routed VPN connections. Customer gateway gadgets supporting statically-routed VPN connections ought to be able to:

Establish IKE Security Association the use of Pre-Shared Keys

Establish IPsec Security Associations in Tunnel mode

Utilize the AES 128-bit or 256-bit encryption feature

Utilize the SHA-1 or SHA-2 (256) hashing function

Utilize Diffie-Hellman (DH) Perfect Forward Secrecy in "Group 2" mode, or one of the additional DH companies we guide

Perform packet fragmentation prior to encryption

In addition to the above abilities, gadgets supporting dynamically-routed VPN connections have to be able to:

Establish Border Gateway Protocol (BGP) peerings

Bind tunnels to logical interfaces (direction-based VPN)

Utilize IPsec Dead Peer Detection

Q10. What is the approximate maximum throughput of a VPN connection?

Ans: VGW supports IPSEC VPN throughput upto 1.25 Gbps. Multiple VPN connections to the equal VPC are cumulatively bound by way of the VGW throughput of one.25 Gbps.

Q11. What elements have an effect on the throughput of my VPN connection?

Ans: VPN connection throughput can rely on multiple factors, together with the functionality of your Customer Gateway (CGW), the capacity of your connection, common packet size, the protocol being used (TCP vs. UDP), and the network latency among your CGW and the Virtual Private Gateway (VGW).

HubSpot Video

Q12. What gear are available to me to assist troubleshoot my Hardware VPN configuration?

Ans: The DescribeVPNConnection API shows the popularity of the VPN connection, including the nation ("up"/"down") of every VPN tunnel and corresponding error messages if either tunnel is "down". This statistics is also displayed in the AWS Management Console.

Q13. How do I connect a VPC to my corporate datacenter?

Ans: Establishing a hardware VPN connection among your present network and Amazon VPC allows you to interact with Amazon EC2 times inside a VPC as though they have been within your existing community. AWS does not carry out community deal with translation (NAT) on Amazon EC2 instances within a VPC accessed through a hardware VPN connection.

Q14. Can I NAT my CGW behind a router or firewall?

Ans: Yes, you'll need to allow NAT-T and open UDP port 4500 on your NAT device.

Q15. What IP address do I use for my CGW cope with?

Ans: You will use the general public IP cope with of your NAT tool.

Q16. How do I disable NAT-T on my connection?

Ans: You will need to disable NAT-T for your device. If you don’t plan on using NAT-T and it isn't disabled to your device, we are able to try and set up a tunnel over UDP port 4500. If that port isn't always open the tunnel will no longer establish.

Q17. Can Amazon EC2 times inside a VPC speak with Amazon EC2 times not within a VPC ?

Ans: Yes. If an Internet gateway has been configured, Amazon VPC site visitors bound for Amazon EC2 times no longer inside a VPC traverses the Internet gateway after which enters the public AWS community to reach the EC2 example. If an Internet gateway has no longer been configured, or if the example is in a subnet configured to direction through the digital private gateway, the site visitors traverses the VPN connection, egresses from your datacenter, and then re-enters the public AWS community.