Study Guides/AWS Cybersecurity Notes/VPC Security: Difference between revisions
From Cramsession
Jump to navigationJump to search
✍️ Verified Author: Mflavell • Click to view professional profile & credentials
| Line 30: | Line 30: | ||
:* Elastic network interface - A virtual network card. | :* Elastic network interface - A virtual network card. | ||
== The NO NO IP addresses == | |||
Some IP's cannot be used. | |||
::* .0 - DUR!! | |||
::* .1 - The VPC router | |||
::* .2 - Rserved by AWS | |||
::* .3 - Reseved by AWS | |||
::* .255 - Don't think about it (broadcast address) | |||
Basically the same as most modern networks, except AWS takes .2 and .3 | |||
Latest revision as of 00:52, 13 June 2026
VPC Security
Important terms
- Subnets - Remember each subnet must stay within its AZ. No Multiple AZ's or regions.
- Security groups - Think of them as firewalls assigned to the EC2 instance.
- You can have up to 5 per instance
- These are stateful - they will remember.
- NACL - Network Access Control Lists
- Remember these are stateless - so you need to enable both directions.
- They are evaluated in order from low to high.
- NAT - Forwards traffic from a private subnet ot the internet or other AWS service.
- These are not secure - never use in production.
- VPC Endpoint
- Allows a resounce to connect you AWS VPC or AWS services without the public internet.
- AWS Direct Connect
- A direct connection to AWS - no public internet.
- Elastic network interface - A virtual network card.
The NO NO IP addresses
Some IP's cannot be used.
- .0 - DUR!!
- .1 - The VPC router
- .2 - Rserved by AWS
- .3 - Reseved by AWS
- .255 - Don't think about it (broadcast address)
Basically the same as most modern networks, except AWS takes .2 and .3
