Search Tutorials


Top AWS VPC (2021) frequently asked interview questions | JavaInUse

Top AWS VPC frequently asked interview questions.

In this post we will look at AWS VPC Interview questions. Examples are provided with explanation.

  1. What is Amazon VPC?
  2. What are the components of Amazon VPC?
  3. What Does an Amazon Vpc Router do?
  4. What are Internet Gateways in VPC?
  5. What is a NAT Device?
  6. What is a subnet in VPC?
  7. What are the steps to build a custom VPC?
  8. What is the difference between stateful and stateless filtering?
  9. How do you determine which Availability Zone my subnets are located in?
  10. How many Amazon EC2 instances can you use within a VPC?
  11. What is a default VPC?
  12. What is the advantage of a default VPC?
  13. What is Classiclink?


What is Amazon VPC?

Amazon VPC lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can also create a hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter.You can easily customize the network configuration for your Amazon VPC. For example, you can create a public-facing subnet for your web servers that have access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.

What are the components of Amazon VPC?

Components of Amazon VPC:
  • Virtual Private Cloud (VPC) - A logically isolated virtual network in the AWS cloud. You define a VPC's IP address space from a range you select.
  • Subnet - A segment of a VPC's IP address range where you can place groups of isolated resources.
  • Internet Gateway - The Amazon VPC side of a connection to the public Internet.
  • NAT Gateway - A highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the Internet.
  • Hardware VPN Connection - A hardware-based VPN connection between your Amazon VPC and your datacenter, home network, or co-location facility.
  • Virtual Private Gateway - The Amazon VPC side of a VPN connection. The Customer gateway is the customer side of a VPN connection.
  • Peering Connection - A peering connection enables you to route traffic via private IP addresses between two peered VPCs.
  • VPC Endpoint - Enables Amazon S3 access from within your VPC without using an Internet gateway or NAT, and allows you to control the access using VPC endpoint policies.

What Does an Amazon Vpc Router do?

An Amazon VPC router enables Amazon EC2 instances within subnets to communicate with Amazon EC2 instances in other subnets within the same VPC. The VPC router also enables subnets, Internet gateways, and virtual private gateways to communicate with each other. Network usage data is not available from the router; however, you can obtain network usage statistics from your instances using Amazon CloudWatch.

What are Internet Gateways in VPC?

An Internet Gateway is highly available, horizontally scaled VPC component. Gateways establish coherent connections between your Amazon VPC network and the internet. There can be only one gateway associated with each VPC. These are the VPC components that provide NAT (Network Address Translation) for instances which have already assigned public IP addresses. In the case of internet routable traffic, such a gateway provides a target in your VPC route tables.

What is a NAT Device?

A NAT device in your VPC will enable instances in the private subnet to trigger outbound IPv4 traffic to other AWS services/internet while hindering inbound traffic initiated on the internet. Here when traffic goes out to the internet, IP address gets replaced by NAT device's address and when the response comes back to the instances, the device translates the address of instances back to the private IP addresses. AWS has two types of NAT devices - NAT instance and NAT gateway. Linux AMIs are configured to run as NAT instances. NAT does not support IPv6 as well.

What is a subnet in VPC?

Subnetwork or subnet is a logical subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting. AWS provides two types of subnetting one is Public which allow the internet to access the machine and another is private which is hidden from the internet.


What are the steps to build a custom VPC?

Below is the steps to building a custom VPC:
  • Create a VPC
  • Create subnets
  • Create an internet gateway (IGW)
  • Attach the new IGW to your VPC
  • Create a new route table (RT)
  • Add the IGW as a route to the new RT
  • Add a subnet to the RTs subnet associations
  • Create webserver (public subnet) and database server instances
  • Create a new security group for the NAT instance
  • Add HTTP and HTTPS inbound rules that allow traffic from the private subnets IP
  • Create a NAT instance
  • Community AMIs
  • Choose the first image
  • Diable Auto-assign Public IP
  • Add it to the NAT security group
  • Create an Elastic IP
  • Associate the Elastic IP to the NAT
  • Disable Source/Destination Checks for the NAT
  • Add the NAT instance as a route to the initial VPC RT

What is the difference between stateful and stateless filtering?

Stateful filtering tracks the origin of a request and can automatically allow the reply to the request to be returned to the originating computer. For example, a stateful filter that allows inbound traffic to TCP port 80 on a web server will allow the return traffic, usually on a high numbered port (e.g., destination TCP port 63, 912) to pass through the stateful filter between the client and the webserver. The filtering device maintains a state table that tracks the origin and destination port numbers and IP addresses. Only one rule is required on the filtering device: Allow traffic inbound to the web server on TCP port 80.
Stateless filtering, on the other hand, only examines the source or destination IP address and the destination port, ignoring whether the traffic is a new request or a reply to a request. In the above example, two rules would need to be implemented on the filtering device: one rule to allow traffic inbound to the web server on TCP port 80, and another rule to allow outbound traffic from the webserver (TCP port range 49, 152 through 65, 535).


How do you determine which Availability Zone my subnets are located in?

When you create a subnet you must specify the Availability Zone in which to place the subnet. When using the VPC Wizard, you can select the subnet's Availability Zone in the wizard confirmation screen. When using the API or the CLI you can specify the Availability Zone for the subnet as you create the subnet. If you don't specify an Availability Zone, the default "No Preference" option will be selected and the subnet will be created in an available Availability Zone in the region.

How many Amazon EC2 instances can you use within a VPC?

You can run any number of Amazon EC2 instances within a VPC, so long as your VPC is appropriately sized to have an IP address assigned to each instance. You are initially limited to launching 20 Amazon EC2 instances at any one time and a maximum VPC size of /16 (65,536 IPs). If you would like to increase these limits, please complete the following form.

What is a default VPC?

A default VPC is a logically isolated virtual network in the AWS cloud that is automatically created for your AWS account the first time you provision Amazon EC2 resources. When you launch an instance without specifying a subnet-ID, your instance will be launched in your default VPC.

What is the advantage of a default VPC?

When you launch resources in a default VPC, you can benefit from the advanced networking functionalities of Amazon VPC (EC2-VPC) with the ease of use of Amazon EC2 (EC2-Classic). You can enjoy features such as changing security group membership on the fly, security group egress filtering, multiple IP addresses, and multiple network interfaces without having to explicitly create a VPC and launch instances in the VPC.

What is Classiclink?

Amazon Virtual Private Cloud (VPC) ClassicLink allows EC2 instances in the EC2-Classic platform to communicate with instances in a VPC using private IP addresses. To use ClassicLink, enable it for a VPC in your account, and associate a Security Group from that VPC with an instance in EC2-Classic. All the rules of your VPC Security Group will apply to communications between instances in EC2-Classic and instances in the VPC.

See Also

Spring Boot Interview Questions Apache Camel Interview Questions Drools Interview Questions Java 8 Interview Questions Enterprise Service Bus- ESB Interview Questions. JBoss Fuse Interview Questions Angular 2 Interview Questions