Whether you're a DevOps engineer, Cloud Architect, or SRE, mastering VPC (Virtual Private Cloud) scenarios is critical. These questions are tailored to test your practical knowledge โ not just theory.
1. ๐ You want to connect your on-premises network to AWS securely. What do you use?
Use AWS Site-to-Site VPN or AWS Direct Connect.
- VPN: Quick setup, encrypted over the internet
- Direct Connect: Dedicated line, low latency, higher cost
2. ๐ Your EC2 in a private subnet needs internet access. Whatโs the solution?
Use a NAT Gateway in a public subnet and update the route table of the private subnet to send 0.0.0.0/0 through the NAT.
3. ๐ How can two VPCs communicate without public IPs?
Use VPC Peering.
- Setup peering
- Add routes to both route tables
- Ensure no CIDR block overlap
4. ๐ Whatโs the difference between Internet Gateway and NAT Gateway?
| Feature | Internet Gateway | NAT Gateway |
|---|---|---|
| Access Type | Inbound & Outbound | Outbound only |
| Use Case | Public subnets | Private subnets |
| IPs Needed | Public IP required | Elastic IP required |
5. ๐งฉ You created a VPC, but instances can't access the internet. Why?
Possible reasons:
- No Internet Gateway attached
- Missing route to 0.0.0.0/0
- Security Group or NACL blocking traffic
6. ๐ก๏ธ You need to isolate a subnet from others in the same VPC. What do you do?
Use custom route tables, NACLs, and security groups to control access. Donโt allow internal routes if isolation is required.
7. ๐งฑ Can two subnets have overlapping CIDRs?
No. Subnets within the same VPC must have unique, non-overlapping CIDRs.
8. ๐ How do you connect VPCs across different AWS regions?
Use Inter-Region VPC Peering.
- Lower latency than VPN
- No internet traversal
- Still uses private IPs
9. ๐ How do you isolate workloads in the same VPC?
- Use different subnets
- Set strict NACLs
- Apply role-specific security groups
- Separate route tables if needed
10. ๐ How to allow SSH access only from your office IP?
Edit Security Group:
Allow TCP port 22 from your static office IP address (e.g., 203.0.113.10/32).
11. ๐ซ Can a VPC have multiple Internet Gateways?
No. A VPC can only have one Internet Gateway attached at any time.
12. ๐งญ What does a route table do?
It defines how traffic flows:
- Between subnets
- To the internet (via IGW)
- To other VPCs (via peering or VPN)
13. โ ๏ธ Your NAT Gateway stopped working. What could be wrong?
Check:
- NAT is in a public subnet with IGW
- Elastic IP is not released
- Route table correctly points 0.0.0.0/0 to NAT
14. ๐ Whatโs the default VPC limit per region?
5 VPCs per region per account (soft limit โ can be increased via a service quota request).
15. ๐ก๏ธ How to restrict EC2 access to S3 over VPC only?
- Create a VPC Endpoint for S3
- Add a bucket policy allowing access only from that VPC endpoint
๐ก Mastering VPC is key to building secure, scalable, and high-performing AWS architectures. These questions reflect real-world challenges engineers face daily.
๐จ๏ธ Got more scenario questions or want an advanced VPC deep dive? Drop a comment!
Top comments (0)