Interview AWS

What is a VPC, and what are its core components (subnets, route tables, IGW, NAT)?

AWS · Basic level

Answer

A VPC is a logically isolated network in AWS. Its core pieces are CIDR ranges, subnets, route tables, internet gateways, NAT gateways, security groups, NACLs, and endpoints; together they define placement, routing, ingress, egress, and segmentation.

Technical explanation

The VPC CIDR must be planned up front to avoid overlap with peered VPCs, Transit Gateway attachments, and on-prem networks.

In AWS networking, always separate placement, routing, and filtering: subnets place resources, route tables decide next hops, and SG/NACL rules filter traffic.

Design for failure domains by spreading public, private, and data subnets across multiple AZs and avoiding single-AZ dependencies where production availability matters.

Troubleshooting should follow packet flow: source, SG, NACL, route table, endpoint/NAT/IGW/TGW, destination SG, and service listener.

Hands-on example

1. Create a sandbox VPC with two AZs, public subnets, private subnets, route tables, IGW, NAT Gateway, security groups, and one VPC endpoint relevant to the topic.

2. Deploy a small test instance or pod in the correct subnet and validate routing with curl, traceroute where allowed, and VPC Flow Logs.

3. Change one control at a time - route, SG, NACL, endpoint policy, NAT, or TGW route - and observe exactly how connectivity changes.

4. Document the final production pattern as an architecture diagram plus a troubleshooting checklist.

Preparing for an interview?

Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.

More AWS interview questions

← All AWS questions