Allows you to connect one VPC with another via a direct network route using private IP addresses.
Instances behave as if they were on the same private network.
You can peer VPC’s with other AWS accounts as well as with other VPCs in the same account.
Peering is in a star configuration,i e 1 central VPC peers with 4 others.NO TRANSITIVE PEERING!!!
- Peeringisinastarconfiguration,ie1centralVPCpeerswith4others.NOTRANSITIVE PEERING!!!
VPC Flow log Creation:
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.Flow log data is stored using Amazon Cloud Watch Logs.After you’ve created a flow log,you can view and retrieve its data in Amazon Cloud Watch Logs.
- To enable the VPC Flow Log,Select the VPC and navigate to Create Flow Log under Actions.
2. Before creating the Flow Log on VPc,We need to Create log Group in cloud watch.Navigate to cloud watch and select the Logs option and select the create log group option.
3. Select the Log group and Create a Log Stream as shown in below image
4. Now navigate back to VPC and create a Flow Log.
5. Select the Filter and choose what traffic(All/Accept/Reject)you want to gets in Log.
6. Create a new IAM role to perform the task on behalf of us.Click on Setup Permissions option and it’ll navigate a new tab and select allow
7. Select the newly created Log Group in Cloud Watch,and all the traffic will be logged into Cloud Watch Logs under Log stream
When you delete the VPC,Automatically all the resources attached to the VPC also deletes.As mentioned below image,Subnets,Security groups,Network ACLs,internet Gateways,Route tables etc will delete along with VPC.
Bastion hosts are instances that sit within our public subnet and are typically accessed using SSH or RDP.Once remote connectivity has been established with the bastion host,it then acts as a ‘jump’ server,allowing you to use SSH or RDP to login to other instances(with in private subnets)deeper within your VPC. When properly configured through the use of security groups and Network ACLs (NACLs),the bastion essentially acts as a bridge to your private instances via the internet.