5 exercises on AWS networking — VPC peering, Transit Gateway, PrivateLink, Security Groups vs NACLs.
0 / 5 completed
1 / 5
What is VPC peering and what is its key limitation?
VPC peering: traffic between peered VPCs stays on the AWS backbone. However, if VPC-A peers with VPC-B and VPC-B peers with VPC-C, VPC-A cannot reach VPC-C through VPC-B. For hub-and-spoke connectivity at scale, Transit Gateway is the solution.
2 / 5
What problem does AWS Transit Gateway solve?
Transit Gateway: with 10 VPCs, full-mesh peering requires 45 connections. Transit Gateway acts as a regional router — each VPC attaches once and TGW handles routing between them, to on-premises via VPN/Direct Connect, and cross-region.
3 / 5
What is the difference between a Security Group and a Network ACL (NACL) in AWS?
Security Group vs NACL: Security Groups remember connection state (return traffic is automatically allowed). NACLs evaluate every packet independently — you must add explicit rules for both inbound and outbound traffic including return traffic.
4 / 5
What is AWS PrivateLink used for?
PrivateLink: the service provider creates a Network Load Balancer and a VPC Endpoint Service. Consumers create an Interface Endpoint in their VPC, which gets a private IP. Traffic never leaves the AWS network and the VPCs are not peered.
5 / 5
What is a VPC Endpoint and why use it?
VPC Endpoint: Gateway Endpoints (S3, DynamoDB) add routes to your route table for free. Interface Endpoints (most other services) create ENIs with private IPs. Both improve security and can reduce NAT Gateway data-processing costs.