Virtual Private Cloud

  • View your VPCs
    • View your subnets
    • View your route tables
    • View your internet gateways
    • View your network ACLs
    • View your security groups
  • Create a VPC
    • Name Tag
    • IPv4 CIDR Block
    • Amazon provided IPv6 CIDR block
    • Tenancy: default
  • View the resources provisioned with the VPC
    • Subnet
    • Route Tables
    • Internet Gateways
    • Network ACLs
    • Security Groups
  • Create two subnets
    • Enable auto-assign public IPv4 address
  • Create Internet Gateway
    • Attach to VPC
  • Attempt to attach a second internet gateway to the VPC
  • Create a route table
    • Create a route for IPv4 internet traffic
    • Create a route for IPv6 internet traffic
    • Associate a subnet with the route table
  • Launch an EC2 instance into the public subnet
    • Create security group
  • Launch an EC2 instance into the private subnet
  • SSH into EC2 instance in public subnet
  • SSH into EC2 instance in private subnet
    • Attempt to update the EC2 instance
  • Launch a NAT Instance
    • Disable source/destination checks
    • Create route for NAT instance
    • Update EC2 instance in the private subnet
    • Delete NAT instance
    • Attempt to install Apache on EC2 instance in private subnet
    • Remove route for NAT instance
  • Create a NAT Gateway
    • Verify NAT gateway is available
    • Create route for NAT gateway
    • Install MySQL on EC2 instance in private subnet
  • Create a Network Access Control List
    • Install Apache on public EC2 instance
    • Create index.html file
    • View the web page from the public internet
    • Associate the NACL with the public subnet
    • View the web page from the public internet
    • Configure inbound NACL rules
      • HTTP
      • HTTPS
      • SSH
    • Counfigure outbound NACL rules
      • Ephemeral
    • View the web page from the public internet
    • Attempt to update the server
    • Configure inbound ephemeral ports
    • Update the server
  • Create Load Balancer
    • Application Load Balancer
      • Name
      • Scheme: Internet-Facing
      • IP address type: IPv4
      • Availability Zones
  • VPC Flow Logs
    • Create a destination log group
    • Create the VPC Flow Log at the VPC, subnet, or EC2 instance
    • Generate traffic to the EC2 instance
    • View the VPC Flow Logs
  • Configure Direct Connect
    • Create a virtual interface in the Direct Connect console. This is a public virtual interface.
    • Go to the VPC console and then to VPN connections. Create a Customer Gateway.
    • Create a Virtual Private Gateway
    • Attach the Virtual Private Gateway to the desired VPC
    • Select VPN Connections and create new VPN connection
    • Select the Virtual Private Gateway and the Customer Gateway
    • Once the VPN is available, setup the VPN on the customer gateway or firewall
  • Global Accelerator
    • Launch endpoint (EC2 instance)
    • Create accelerator
    • Configure listeners
    • Configure endpoint group
    • Add endpoints
    • Verify Global Accelerator has “Deployed”
    • Delete the accelerator
  • VPC Endpoint
    • Create IAM Role
    • Add role to EC2 instance in private subnet
    • Add both subnets to the default NACL
    • SSH into EC2 instance in private subnet
    • View S3 buckets from command line
    • Create file
    • Copy file to S3
    • View file in S3 bucket
    • Remove route to NAT gateway
    • Verify EC2 instance cannot view S3 buckets
    • Create endpoint
    • Verify the route in the route table
    • View the S3 buckets