Most Asked Interview Questions and Answers on AWS VPC

What is Amazon VPC, and why is it important?

Amazon VPC allows you to provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. It's important because it gives you control over your networking environment, including the selection of your IP address range, creation of subnets, and configuration of route tables and network gateways.

Explain the difference between a public and private subnet.

A public subnet is a subnet that has a route to an internet gateway, making its instances accessible from the internet. A private subnet does not have a route to an internet gateway, so its instances are not directly accessible from the Internet.

How do Security Groups and Network ACLs differ in VPC?

Security Groups are stateful, meaning they remember the state of a connection and automatically allow return traffic, whereas Network ACLs are stateless, requiring explicit rules for both inbound and outbound traffic. Security Groups operate at the instance level, while Network ACLs operate at the subnet level.

What are the main components of a VPC?

The main components include subnets, route tables, internet gateways, NAT gateways, VPC peering connections, VPC endpoints, and security groups.

How does a NAT Gateway differ from a NAT Instance?

A NAT Gateway is a managed service that provides better availability and higher bandwidth, requiring less administrative overhead. A NAT Instance is an EC2 instance that acts as a gateway, requiring you to manage scaling, availability, and updates.

What is VPC Peering, and how does it work?

VPC Peering allows you to connect two VPCs using the private IP addresses, enabling instances in different VPCs to communicate as if they were within the same network. This connection is done over AWS’s global network and is non-transitive.

Describe how to set up a VPC with public and private subnets.

To set up a VPC with public and private subnets, create a VPC and divide it into subnets. Associate the public subnet with a route table that has a route to an internet gateway, and associate the private subnet with a route table that directs traffic to a NAT Gateway or NAT Instance.

What is a VPC Endpoint, and what types are available?

A VPC Endpoint allows you to privately connect your VPC to supported AWS services without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect. There are two types: Interface Endpoints (powered by PrivateLink) and Gateway Endpoints (for S3 and DynamoDB).

Explain how to secure a VPC.

Security in a VPC can be achieved by using Security Groups and Network ACLs to control traffic, encrypting data in transit and at rest, implementing VPNs or Direct Connect for secure connections, enabling VPC Flow Logs for monitoring, and regularly reviewing and updating access controls.

What are VPC Flow Logs and how are they useful?

VPC Flow Logs capture information about the IP traffic going to and from network interfaces in your VPC. They are useful for monitoring traffic, diagnosing network issues, and improving security by analyzing traffic patterns and identifying unauthorized access.