🃏 VPC & Connectivity Flashcards

Q: What is the maximum number of VPCs that can peer with a single VPC?

A: 125 peering connections per VPC (soft limit). VPC peering is non-transitive — each pair needs its own connection.

Q: How does Transit Gateway route table isolation work?

A: Create separate route tables for segments (prod/dev). Associate attachments to specific tables. Only propagate routes between tables that should communicate.

Q: What is a Transit VIF?

A: A Direct Connect virtual interface that connects to a Transit Gateway via DX Gateway. Enables single DX connection to reach multiple VPCs across regions.

Q: What is VPC sharing via RAM?

A: Resource Access Manager shares VPC subnets with other accounts in the same Organization. Workloads in different accounts share the same VPC network.

Q: What is the difference between interface and gateway VPC endpoints?

A: Gateway: S3/DynamoDB only, free, route table entry. Interface: ENI-based PrivateLink, most services, cost per hour + data processed.

Q: What is Transit Gateway appliance mode?

A: Ensures symmetric routing through a stateful appliance (firewall). Without it, return traffic may use a different AZ path, breaking stateful inspection.

Q: What is a Transit Gateway Connect attachment?

A: Native support for SD-WAN appliances using GRE tunnels over VPC attachment. Higher bandwidth (up to 5 Gbps per tunnel) than VPN tunnels.

Q: How does PrivateLink differ from VPC peering?

A: PrivateLink is unidirectional (consumer → service), scales to thousands of consumers, and never exposes the provider VPC CIDR to the consumer.

Q: What is AWS IPAM?

A: IP Address Manager for planning, tracking, and auditing IP addresses across the organization. Automates CIDR allocation and prevents overlaps.

Q: What are secondary CIDRs used for?

A: Extend VPC address space when primary CIDR is exhausted. Can add up to 4 secondary IPv4 CIDRs. Must not overlap with existing CIDRs or peered VPCs.