————————-Athena code
Select * from cloudtrail_logs where eventname=’ListSubscriptionsByTopic’;
—————Advanced Routing
Network ACL’s on a Subnet are stateless
Security groups can be used as a source
Security groups are stateful on EC2’s
——-NAT Gateways vs Internet Gateways
A NAT Gateway provides internet for multiple Private IP’s on EC2’s
The route table needs an entry for 0.0.0.0 -> NAT Gateway
A internet gateway provides internet IF you have a public IP
Associated to an interface.The route table
Is considered a public subnet if you have an entry for 0.0.0.0 -> Internet Gateway
———VPC Endpoints
There are two types of VPC Endpoints
Interface – One per availability zone. Requires Route53 private hosted zones.Can be accessed over the direct connect but not VPN.
Gateway – Only supports S3 and Dynamo DB. Cannot be accessed over direct connect or VPN.
—VPC
You cannot resize a CIDR Block to be larger
You can add additional secondary CIDR subnets of the same size or smaller
—VGW
1.25 Gbps VPN
You can get 2.5 gbps from a EC2 Through an internet Gateway
–Getting all public IP’s for a service
1. Apply the proxy to powershell
netsh winhttp import proxy source=ie
2.Download the Json file for AWS_CONNECT
Get-AWSPublicIpAddressRange -ServiceKey AMAZON_CONNECT | select IpPrefix