• Home
  • Disclaimer
  • Contact
  • Archives
  • About
  • Subscribe
  • Support
  • Advertise

Kernel Talks

Unix, Linux, & Cloud!

  • How-to guides
    • Howto
    • Disk management
    • Configurations
    • Troubleshooting
  • OS
    • HPUX
    • Linux
  • Miscellaneous
    • Software & Tools
    • Cloud Services
    • System services
    • Virtualization
  • Certification Preparations
    • AWS Certified Solutions Architect – Associate
    • AWS Certified Solutions Architect – Professional
    • AWS Certified SysOps Administrator – Associate
    • AWS Certified Cloud Practitioner
    • Certified Kubernetes Administrator
    • Hashicorp Certified Terraform Associate
    • Oracle Cloud Infrastructure Foundations 2020 – Associate
  • Tips & Tricks
  • Linux commands
You are here: Home / Virtualization

AWS VPC, Route53, IAM revision before the CSA exam

Published: April 14, 2017 | Modified: June 24, 2020



Quick revision on topics AWS VPC, Route53, IAM before appearing AWS Certified Solutions Architect – Associate exam.

VPC, Route53, IAM revision!

This article notes down a few important points about AWS (Amazon Web Services) VPC, Route53, and IAM. This can be helpful in last-minute revision before appearing for the AWS Certified Solutions Architect – Associate level certification exam.

This is the second part of the AWS CSA revision series. Rest of the series listed below :

  • AWS CSA revision part I (EC2, S3, RDS)
  • AWS CSA revision part III (Cloudfront, SNS, SQS)
  • AWS CSA revision part IV (SWF,Beanstalk, EMR, Cloudfomation)

In this article, we are checking out key points about VPC (Virtual Private Cloud), Route53 (DNS Service) and IAM (Identity and Access Management).

Recommended read : AWS CSA exam preparation guide

Lets get started :

VPC (Virtual Private Cloud)

  • NACL (Network Access Control List) controls traffic security at the subnet level
  • Security groups control traffic security at the instance level
  • NACL is stateless (i.e. all traffic need to exclusively allow) while Security groups are stateful (i.e. response traffic is automatically allowed)
  • Only 1 Internet gateway per VPC is allowed.
  • VPC peering can be done between two AWS accounts or other VPS within the same region.
  • VPC peering is a direct network route between two VPC enabling sharing resources in different subnets.
  • Limits :
    • 5 VPC per region
    • 50 customer gateways per region
    • 200 route table per region
    • 50 entries per route table
    • 5 elastic IP
    • 5 security group per network interface
    • 500 security groups per VPC
    • 50 rules per security group
  • First 4 and last 1 IP of each subnet is reserved by AWS as below :
    • x.x.x.0: Network IP
    • x.x.x.1 : VPC router IP
    • x.x.x.2: For VPC DNS
    • x.x.x.3: For future use
    • x.x.x.255: Broadcast IP

Route 53

  • Can register domain, act as DNS, Check health of resources.
  • Port 53 used to serve request by DNS hence the name route 53!
  • Primarily TCP used to serve DNS request but if the response is more than 512 bytes it will use TCP.
  • Currently supported records :
    • A (address record)
    • AAAA (IPv6 address record)
    • CNAME (canonical name record)
    • MX (mail exchange record)
    • NAPTR (name authority pointer record)
    • NS (name server record)
    • PTR (pointer record)
    • SOA (start of authority record)
    • SPF (sender policy framework)
    • SRV (service locator)
    • TXT (text record)
  • Routing policies :
    • Simple routing: Single resource serving traffic
    • Weighted routing: Divert proportion wise traffic to multiple resources
    • Latency routing: Returns result with the lowest latency to requestor origin
    • Failover routing: Active-passive. One resource takes traffic when the other one is failed
    • Geolocation routing: Returns DNS queries based on the geolocation of the user
  • Limits :
    • 500 hosted zones per AWS account
    • 50 domains per AWS account
  • Ideal TTL values for CNAME to the existing domain are 24 hours and CNAM to S3 or ELB is 1 hour.
  • There is no default TTL for any record type in Route 53. You have to specify TTL for your records.
  • Weights can be assigned as integer 0 to 255. 0 means no weight i.e. don’t route to that record. The probability of routing to be done to a particular record equals to the weight of that record/Sum of all record weights.

IAM (Identity and Access Management)

  • Never use the root account for login. Create an admin user and use it for administrative tasks
  • Created users, groups and roles are global and available across all regions in the same AWS account
  • Prebuilt policy for :
    • Administrator – All access
    • Power-user – Everything administrator has except IAM management access
    • Read-only – Only view access (accounting purpose)
  • By default, the newly created user has normal deny on all AWS resources. Explicit allow will override normal deny.
  • Cross account roles can be defined. It assumes access of other users granted to another user.
  • The public key can be viewed in the account settings anytime. The private key visible only at the time of creation.  If lost can not be retrieved and need to create fresh key pair to use.
⇠ Previous article
AWS EC2, S3, RDS revision before the CSA exam
Next article ⇢
How to find MAC address of LAN card in HPUX

Related stuff:

  • How to add a GitHub connection from an AWS account?
  • Amazon ECS basics for beginners
  • Complete AWS CSA Associate exam preparation guide!
  • How to find AWS resources that need to be tagged
  • How to transfer data between two EC2 Linux instances
  • Creating Application Load Balancer in AWS
  • AWS SWF, Beanstalk, EMR, Cloudfomation revision before the CSA exam
  • How to install EC2 Linux server in AWS with screenshots
  • Amazon ECR: Creating repository and pushing first container image
  • How to create S3 bucket in AWS
  • The Container configurations in Amazon ECS
  • Exploring the Latest AWS Console-to-Code Feature

Filed Under: Cloud Services, Virtualization Tagged With: Amazon web services Certified Solutions Architect - Associate level exam study material, AWS Certified Solutions Architect Associate level exam, AWS CSA flash cards, AWS CSA study material, aws iam, aws route53, aws vpc, iam cheatsheet, route 53 cheatsheet, vpc cheatsheet

If you like my tutorials and if they helped you in any way, then

  • Consider buying me a cup of coffee via paypal!
  • Subscribe to our newsletter here!
  • Like KernelTalks Facebook page.
  • Follow us on Twitter.
  • Add our RSS feed to your feed reader.

Comments

  1. Braz Braganza says

    June 30, 2018 at 2:42 pm

    unser Route 53- Primarily TCP used to serve DNS request but if response is more than 512 bytes it will use TCP. This is incorrect. DNS responses sent over UDP are limited to 512 bytes in size. Responses exceeding 512 bytes are truncated and the resolver must re-issue the request over TCP. Can you please update it. Thanks for your notes!

    Reply

Share Your Comments & Feedback: Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get fresh content from KernelTalks

  • Email
  • Facebook
  • RSS
  • Twitter

Get Linux & Unix stuff right into your mailbox. Subscribe now!

* indicates required

This work is licensed under a CC-BY-NC license · Privacy Policy
© Copyright 2016-2023 KernelTalks · All Rights Reserved.
The content is copyrighted to Shrikant Lavhate & can not be reproduced either online or offline without prior permission.