Definitions
Since you're interviewing for a DevOps Consultant role at Infosys, you need to be thorough with AWS VPC (Virtual Private Cloud) concepts, components, and best practices. Here’s a structured breakdown with definitions and answers:
AWS VPC (Virtual Private Cloud) Overview
Definition: An AWS Virtual Private Cloud (VPC) is a logically isolated section of AWS where you can launch AWS resources in a virtual network that you define. It allows you to control network settings like IP addressing, subnets, route tables, and security.
Why is it important in DevOps?
Provides a secure, isolated environment for workloads.
Enables private networking for microservices and applications.
Supports hybrid cloud architecture with VPN or AWS Direct Connect.
Helps in network segmentation, improving security and compliance.
Key Components of AWS VPC
1. Subnets
Definition: A subnet is a range of IP addresses within a VPC.
Types:
Public Subnet: Has direct access to the internet via an Internet Gateway (IGW).
Private Subnet: No direct internet access, used for backend services.
Best Practices:
Place public-facing resources (e.g., web servers) in public subnets.
Keep databases and internal services in private subnets.
2. Route Table
Definition: A set of rules (routes) that determine how network traffic is directed.
Key Points:
Every subnet must be associated with a route table.
A default route table is created when a VPC is created.
Best Practices:
Use custom route tables for better control of traffic.
Implement route propagation in hybrid setups with VPN.
3. Internet Gateway (IGW)
Definition: A component that allows resources in a public subnet to access the internet.
Key Points:
Attached at the VPC level.
Works only for resources with public IP addresses or Elastic IPs.
Best Practices:
Use Elastic Load Balancer (ELB) with IGW for better traffic management.
Avoid direct SSH/RDP access; use bastion hosts instead.
4. NAT Gateway (NGW) & NAT Instance
Definition: Allows instances in a private subnet to access the internet while blocking inbound traffic.
Types:
NAT Gateway (Managed by AWS) → Recommended for scalability.
NAT Instance (EC2-based, manually managed) → Deprecated, less scalable.
Best Practices:
Use NAT Gateway in a high-availability mode (multi-AZ).
Ensure NAT Gateway is in the public subnet.
5. VPC Peering
Definition: A private connection between two VPCs in the same or different AWS accounts.
Key Points:
No transitive peering → If VPC A is peered with VPC B, and VPC B with VPC C, A cannot communicate with C.
Use Case:
Secure inter-service communication between multiple AWS accounts.
Best Practices:
Use AWS Transit Gateway for complex multi-VPC communication.
6. AWS Transit Gateway
Definition: A central hub that connects multiple VPCs, on-premises networks, and AWS services.
Key Points:
Solves VPC peering limitations (supports transitive routing).
Supports hybrid cloud networking with VPN & Direct Connect.
Best Practices:
Use route propagation for easier routing between VPCs.
7. Security Groups (SGs)
Definition: A stateful firewall that controls inbound and outbound traffic for instances (EC2, RDS, etc.).
Key Points:
Allows traffic explicitly defined (deny by default).
Stateful: If an inbound rule allows traffic, the response is automatically allowed.
Best Practices:
Follow least privilege principle.
Avoid open rules (0.0.0.0/0).
Use separate SGs for different workloads (e.g., web vs. database).
8. Network ACLs (NACLs)
Definition: A stateless firewall that controls inbound and outbound traffic at the subnet level.
Key Points:
Stateless: Each rule applies separately to inbound and outbound traffic.
Default allows all traffic, but custom NACLs start with deny all.
Best Practices:
Use for fine-grained network filtering.
Use DENY rules to block malicious IPs.
9. AWS VPN (Virtual Private Network)
Definition: A secure tunnel between AWS VPC and on-premises data centers or other networks.
Types:
Site-to-Site VPN (for connecting entire networks).
Client VPN (for individual users).
Best Practices:
Use Direct Connect for low latency & higher bandwidth in hybrid setups.
10. VPC Flow Logs
Definition: A feature that captures IP traffic logs for network interfaces in a VPC.
Key Points:
Helps in troubleshooting and security monitoring.
Logs are stored in CloudWatch or S3.
Best Practices:
Enable flow logs for security audits.
Integrate with AWS GuardDuty for threat detection.
Common VPC Interview Questions & Answers
1️⃣ What is the difference between Security Groups and NACLs? 👉 Security Groups are stateful (automatic response traffic allowed), while NACLs are stateless (must define rules for both directions).
2️⃣ Can a single VPC span multiple AWS regions? 👉 No, a VPC is region-specific. However, you can use AWS Transit Gateway or VPC Peering to connect multiple VPCs across regions.
3️⃣ How do you ensure high availability in a VPC? 👉 Deploy resources across multiple AZs, use NAT Gateway in each AZ, and configure ELB for failover.
4️⃣ How do you allow internet access to EC2 in a private subnet? 👉 Use a NAT Gateway in a public subnet and update the route table to direct outbound traffic to it.
5️⃣ What is the difference between IGW and NAT Gateway? 👉 IGW provides bidirectional internet access, while NAT Gateway allows only outbound internet access for private subnets.
Final Tips for the Infosys Interview
✅ Be ready to explain VPC designs for different use cases (e.g., Hybrid Cloud, Multi-AZ deployments, Microservices). ✅ Know security best practices (IAM, SGs, NACLs, VPN, Flow Logs). ✅ Prepare real-world scenarios (e.g., “How would you connect two VPCs securely?”). ✅ Be confident and concise while explaining concepts.
Would you like to practice mock interview questions based on this? 🚀
Last updated