{"id":69326,"date":"2019-01-04T08:27:39","date_gmt":"2019-01-04T08:27:39","guid":{"rendered":"https:\/\/www.whizlabs.com\/blog\/?p=69326"},"modified":"2020-08-31T17:56:30","modified_gmt":"2020-08-31T17:56:30","slug":"why-not-have-a-way-out-to-the-internet-from-main-route-table","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/why-not-have-a-way-out-to-the-internet-from-main-route-table\/","title":{"rendered":"Why You should NOT have a Way Out to the Internet from Main Route Table"},"content":{"rendered":"

In-depth knowledge of Virtual Private Cloud<\/a> (VPC) and its related components viz. Subnets, Route tables & Internet Gateway is a must before you appear in any AWS Certification exam<\/a>. Sometimes even the seasoned professionals miss-out on a specific nitty-gritty of a topic that may lead to losing a few marks in the exam. Here in this article, we\u2019re going to explore such a concept that has generated more than a dozen queries in our helpdesk system.<\/span><\/p>\n

Covering this topic is recommended for all the aspirants preparing for any of the AWS certifications.\u00a0 But if you are preparing for the\u00a0AWS Certified SysOps Administrator Associate exam<\/a>\u00a0or\u00a0AWS Certified Solutions Architect Associate exam<\/a>, It is mandatory to cover this topic.<\/p>\n

\"AWS<\/a><\/p>\n

Why You should NOT have a Way Out to the Internet from Main Route Table<\/b><\/p>\n

Or this can be rephrased as:<\/span><\/p>\n

Why it\u2019s Not a Good Security Practice to Associate the Public Subnet with Main Route Table?<\/b><\/p>\n

To put things into perspective here\u2019s a question (see below screenshot) that will tickle you to think about the Route Tables & Subnets in AWS VPC.<\/span><\/p>\n

You are the Systems Administrator for a Company. You have been instructed to create a VPC setup which has a public and private subnet. The public subnet needs to have a NAT Gateway which will be used to route traffic to the internet for instances in the private subnet. Which of the following routing entries would you create in the respective main and custom route tables. (Choose 2 Answers from the options given below<\/strong>).<\/p>\n

    \n
  1. In the main route table add a route with destination of 0.0.0.0\/0 and the NAT Gateway ID.<\/li>\n
  2. In the main route table add a route with destination of 0.0.0.0\/0 and the Internet Gateway ID.<\/li>\n
  3. In the custom route table add a route with destination of 0.0.0.0\/0 and the NAT Gateway ID.<\/li>\n
  4. In the custom route table add a route with destination of 0.0.0.0\/0 and the Internet Gateway ID.<\/li>\n<\/ol>\n

    You are working as a System Administrator in a company. As per the instructions, you need to create a VPC setup that has a private and public subnet. The public subnet requires a NAT gateway that will be used to route traffic to the internet for Instances in the private subnet. Which of the following routing entries will you create in the respective main and custom route tables?<\/span><\/p>\n

    And the solution will be – <\/span><\/p>\n