A solid understanding of Virtual Private Cloud (VPC) architecture is central to just about everything connected to the Amazon Web Services universe. But if you’re thinking of taking the AWS Solutions Architect Associate level exam, it’s critical.
In this post, I will explain why I believe this to be true and specify which VPC elements will require your greatest focus if you’re serious about passing this exam.
Take a look at the AWS Solutions Architect exam blueprint. You will see a table breaking the exam material down into four areas:
|Designing highly available, cost-efficient, fault tolerant, scalable systems.||60%|
As you can see, 60% of the exam is specifically focused on Designing highly available, cost-efficient, fault tolerant, scalable systems. In my experience, what that really means is…understand the virtual private cloud.
So let’s outline the virtual private cloud elements I think are the most critical.
Critical Virtual Private Cloud Elements
1. Security Groups and Network ACLs
Amazon virtual private clouds come with two built-in security tools:
- Security groups work at the instance level to control all traffic into and out of associated Amazon EC2 instances.
- Network access control lists (ACLs) work at the subnet level to control all traffic into and out of associated subnets.
As a complete guide to VPC security is way beyond the scope of this post, be sure to read through the excellent Amazon documentation on the subject. A valid course to deep dive into AWS Networking is this Networking Fundamentals for AWS course in the Cloud Academy library.
For now, here’s an excellent illustrative diagram from Amazon’s documentation:
2. Public and Private IP Addresses
Make sure you understand the difference between public and private IP addresses. Simply put: private IP addresses are not accessible from the Internet but are used for communication between instances within your virtual private cloud. Public IP addresses, on the other hand, are accessible from the Internet and can be used for communication between your instances and the Internet, or with other AWS services that have public endpoints.
The Solutions Architect exam may contain some tricky IP-related questions. You might be expected to know how to connect a private IP to the internet or to understand how specific protocols can affect connectivity. You’ll also need to understand how public and private IP Addresses interact with Security Groups and Network ACLs.
Again, AWS documentation and the Cloud Academy’s Creating and Configuring Basics for Your EC2 Network course are your two best friends here.
3. NAT Instances
You are almost certain to see at least one Network Address Translation (NAT) question on the exam. How, for instance, can you connect an instance from a private subnet to the internet (to allow software updates)? You could create a special NAT instance in a public subnet in your virtual private cloud to provide controlled outbound connectivity to instances in the private subnet while restricting all inbound traffic.
If you’ve never set up a virtual private cloud on AWS, I suggest that you do it now. Play around with various VPC configuration profiles to see for yourself how your public and private networks interact between themselves and the outside world.
4. Virtual private cloud peering
A VPC peering connection is a networking connection between two virtual private clouds that enables you to route traffic between them using private IP addresses. This configuration scenario is important enough that you might face a related question on the exam. Again, the best option is to play around on the AWS console and try and set up 2 or more VPC’s and then play around with routing traffic between them using private IP addresses.
Conclusion and other virtual private cloud concepts
I cannot overstate the importance of fully understanding VPCs for passing the AWS Solutions Architect Associate exam. This article obviously doesn’t cover the whole topic. You’ll still need to work on other pieces of the puzzle like Network Interfaces, Route tables, and Internet gateways, and how they all interact with each other.
The AWS exam is well designed as a challenging test of your practical skills. As there are very few obvious or easy answers, you should definitely not take passing for granted, and perhaps more than any other topic, you should focus your preparations on VPC.
New on Cloud Academy: AWS Solution Architect Lab Challenge, Azure Hands-on Labs, Foundation Certificate in Cyber Security, and Much More
Now that Thanksgiving is over and the craziness of Black Friday has died down, it's now time for the busiest season of the year. Whether you're a last-minute shopper or you already have your shopping done, the holidays bring so much more excitement than any other time of year. Since our...
Understanding Enterprise Cloud Migration
What is enterprise cloud migration? Cloud migration is about moving your data, applications, and even infrastructure from your on-premises computers or infrastructure to a virtual pool of on-demand, shared resources that offer compute, storage, and network services at scale. Why d...
6 Reasons Why You Should Get an AWS Certification This Year
In the past decade, the rise of cloud computing has been undeniable. Businesses of all sizes are moving their infrastructure and applications to the cloud. This is partly because the cloud allows businesses and their employees to access important information from just about anywhere. ...
AWS Regions and Availability Zones: The Simplest Explanation You Will Ever Find Around
The basics of AWS Regions and Availability Zones We’re going to treat this article as a sort of AWS 101 — it’ll be a quick primer on AWS Regions and Availability Zones that will be useful for understanding the basics of how AWS infrastructure is organized. We’ll define each section,...
Application Load Balancer vs. Classic Load Balancer
What is an Elastic Load Balancer? This post covers basics of what an Elastic Load Balancer is, and two of its examples: Application Load Balancers and Classic Load Balancers. For additional information — including a comparison that explains Network Load Balancers — check out our post o...
Advantages and Disadvantages of Microservices Architecture
What are microservices? Let's start our discussion by setting a foundation of what microservices are. Microservices are a way of breaking large software projects into loosely coupled modules, which communicate with each other through simple Application Programming Interfaces (APIs). ...
Kubernetes Services: AWS vs. Azure vs. Google Cloud
Kubernetes is a popular open-source container orchestration platform that allows us to deploy and manage multi-container applications at scale. Businesses are rapidly adopting this revolutionary technology to modernize their applications. Cloud service providers — such as Amazon Web Ser...
AWS Internet of Things (IoT): The 3 Services You Need to Know
The Internet of Things (IoT) embeds technology into any physical thing to enable never-before-seen levels of connectivity. IoT is revolutionizing industries and creating many new market opportunities. Cloud services play an important role in enabling deployment of IoT solutions that min...
Which Certifications Should I Get?
As we mentioned in an earlier post, the old AWS slogan, “Cloud is the new normal” is indeed a reality today. Really, cloud has been the new normal for a while now and getting credentials has become an increasingly effective way to quickly showcase your abilities to recruiters and compan...
How to Go Serverless Like a Pro
So, no servers? Yeah, I checked and there are definitely no servers. Well...the cloud service providers do need servers to host and run the code, but we don’t have to worry about it. Which operating system to use, how and when to run the instances, the scalability, and all the arch...
AWS Security: Bastion Hosts, NAT instances and VPC Peering
Effective security requires close control over your data and resources. Bastion hosts, NAT instances, and VPC peering can help you secure your AWS infrastructure. Welcome to part four of my AWS Security overview. In part three, we looked at network security at the subnet level. This ti...
Top 13 Amazon Virtual Private Cloud (VPC) Best Practices
Amazon Virtual Private Cloud (VPC) brings a host of advantages to the table, including static private IP addresses, Elastic Network Interfaces, secure bastion host setup, DHCP options, Advanced Network Access Control, predictable internal IP ranges, VPN connectivity, movement of interna...