* Qus :- Difference Between Default Routing Table , Main Routing Table and Custom Routing Table ?
Routing Tables :
1. Default Routing Table :- Whenever we create a AWS account, by Default one Routing table is created that is called Default Routing Table.
2. Main Routing Table :- Whenever we Create VPC, by default AWS created one Routing Table for every VPC that is called Main Routing Table.
3. Custom Routing Table:- Whenever we create our own Routing table that is called Custom Routing table
*Ques:- How to access the VPN link ???******
1. Network people will send the mail with an URL
2. Click the URL link which is in Email and enter the username & Password which is given by Network People. And then enter RSA token 6 digit number
3. now you are in clients network..
username and password also provide by networking people by using email to us..
*Ques:- How to access / connect application instances in your organization ??? *******
For this First we must be connect with VPN link..
Eg :- Sreenivas working in TCS and his client is DBS and this client is in Singapore.
1. here Sreenivas need to login into the AWS account.
3. IAM Admin team create one AWS account for Sreenivas.
4. Sreenivas will login into the AWS account with username and passowrd. If the user is not able to login there is a second level security. (i.e MFA (Multi Factor Authentication).
This second level security having 2 ways..
1. Mobile number. OTP ( 6 digits number). once enter OTP then we are able to login AWS account.
2. we need to install mobile app to get google authenticator for login AWS account here we will get QR code then SCAN the QR code, here we will get 6 digits number, by using this number to login AWS account login.
All the PEM files are located in Jumpserver
From Jumpserver we have to do the SSH configuration.
Important key point to connect Application Instances:
1. Jump servers / jump instances / bastion host used for security purpose
every project having 5 to 7 jump servers. And these servers are managed by N/W people.
2. login Application instances from these Jump servers then provide the application to EndUsers.
first you need to login into jump server, after that you need to login into application instances.
Eg : jumpserver IP = 192.168.5.10 through putty we will connect these jumpserver.
now you are in jump server. ==>> through ssh we will connect application instances.
ssh -i /tmp/central.pem ec2-user@appinstanceIP( elastic / private ) ==>> enter ==>>> now you are in application instance.
*Ques : -How to provide security to the VPC.
two ways :
1. security group
2. NACL ( network access control list )
1. security group :
It is a virtual firewall at ec2 instance level.
It contains set of rules.
Source have 3 options :
1. custom
2. Anywhere
3. MYIP
1. Custom : with in our organization network ( 10.20.5.0/16 )
2. Anywhere : all access our application
3. MYIP : wifi ==>> IPaddress but perticular Ip : 117.208.194.37/32
Inbound access : internet ==>> IGW to ec2 instance
Outbound access : internet ===>>> ec2 instance to IGW
Security groups are stateful.
Security groups are sub service of ec2 instance level..
No comments:
Post a Comment