Why This Cheat Sheet Matters for ANS-C01
This cheat sheet covers the most important VPC Design concepts tested on the ANS-C01 (AWS Advanced Networking Specialty) certification exam. It contains 4 sections with 16 key points that you should memorize before exam day. Master VPC CIDR planning, subnet design, route tables, NAT gateways, VPC endpoints, IPv6, and multi-VPC architectures for the ANS-C01 exam. Use this as a quick-reference guide during your final review sessions.
4Sections
16Key Points
CIDR Planning
- VPC: /16 to /28 (65,536 to 16 IPs)
- Cannot change primary CIDR; can add secondary CIDRs
- RFC 1918: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
- 5 IPs reserved per subnet (network, VPC router, DNS, future, broadcast)
Subnet Design
- Public subnet: route to IGW (0.0.0.0/0 → igw-xxx)
- Private subnet: route to NAT GW for internet access
- Isolated subnet: no internet route at all
- Spread across AZs for high availability
VPC Endpoints
- Gateway endpoints: S3 and DynamoDB only, free, route table entry
- Interface endpoints: ENI-based, PrivateLink, cost per hour + data
- Endpoint policies: restrict which actions/resources are accessible
- DNS: private DNS associates endpoint with service domain
Multi-VPC Patterns
- VPC Peering: 1-to-1, non-transitive, cross-account/cross-region
- Transit Gateway: hub-and-spoke, transitive, route table isolation
- PrivateLink: service-to-consumer, unidirectional, cross-account
- Shared VPC (RAM): share subnets across accounts in Organization
Practice VPC Design Questions
Put your knowledge to the test with practice questions.