Cloud Intermediate

AWS VPC — Virtual Private Cloud¶

AWSVPCNetworkingSecurity Groups 5 min read

VPC design, subnets, NAT Gateway, Transit Gateway, and security groups.

VPC Architecture¶

VPC: 10.0.0.0/16
├── Public Subnet AZ-a:  10.0.1.0/24  (IGW)
├── Public Subnet AZ-b:  10.0.2.0/24  (IGW)
├── Private Subnet AZ-a: 10.0.10.0/24 (NAT GW)
├── Private Subnet AZ-b: 10.0.20.0/24 (NAT GW)
├── Data Subnet AZ-a:    10.0.100.0/24 (isolated)
└── Data Subnet AZ-b:    10.0.200.0/24 (isolated)

Security Groups vs NACLs¶

SG — stateful, allow-only, instance level
NACL — stateless, allow+deny, subnet level, sequential evaluation

Transit Gateway¶

Hub-and-spoke for connecting multiple VPCs instead of mesh peering. Up to 5000 attachments.

Summary¶

Proper VPC design = the foundation of secure AWS infra. Principle of least connectivity.

Need Help with Implementation?¶

Our team has experience designing and implementing modern architectures. We’re happy to help.

Free Consultation

CORE SYSTEMS tým

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Všechny články

AWS VPC — Virtual Private Cloud

AWS VPC — Virtual Private Cloud¶

VPC Architecture¶

Security Groups vs NACLs¶

Transit Gateway¶

Summary¶

Need Help with Implementation?¶

CORE SYSTEMS tým

Další know-how

OpenStack — building a private cloud from scratch

Container orchestration: Kubernetes vs Mesos vs Swarm

Kubernetes 1.0: Production Container Orchestration Is Here