Scribd
Upload
35 views

Notes

Security groups control traffic to and from an EC2 instance's elastic network interface and can permit ingress and egress traffic. Network access control lists control traffic between instances within the same subnet. A NAT gateway allows EC2 instances in a private subnet to connect to the internet by translating private IP addresses to public IP addresses.

Uploaded by

Ashwin Ajmera
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
35 views

Notes

Security groups control traffic to and from an EC2 instance's elastic network interface and can permit ingress and egress traffic. Network access control lists control traffic between instances within the same subnet. A NAT gateway allows EC2 instances in a private subnet to connect to the internet by translating private IP addresses to public IP addresses.

Uploaded by

Ashwin Ajmera
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

SECURITY GROUP ATTACHED TO ENI

NETWORK ACCESS CONTROL LIST (ACL) ATTACHED TO SUBNET

SECURITY GROUP Control traffic to and from an instance by permitting ingress – egress instance ENI
ACL Control traffic between instances in the same subnet
NAT Gateway:
 EC2 sends packet to Host on Internet
o EC2 Instance Private IP sends packet to Elastic Public IP (EIP)
o EIP sends packet to the Internet Gateway
o Internet Gateway sends the request using the EIP public IP address
 Host on Internet sends back packet to EC2 Instance
o Internet Gateway sends packet to EIP public IP address
o EIP public address sends back to EC2 private IP address
VPC Peering

The allowed range of prefix lengths for a VPC CIDR is between /16 and /28 inclusive.
X.509 certificates are used for encrypting SOAP requests, not authentication.

You might also like