#VPC
8 posts
-
AWS VPC Edge Routing Guide Part 5: Four Standard Patterns — From Decision Tree to First Sketch
After Parts 0–4 unpack the decision trees, the blank canvas still feels paralyzing because trees give you candidates and forks but never the starting point, ordering, or interdependencies. This closing post pins down the four standard patterns that 90% of real workloads converge on (Serverless API / Container Web / Global Latency-sensitive / Hybrid Enterprise), maps each pattern's defaults onto Parts 0–4's decision trees, and recasts the trees as the tool you reach for when you need to deviate from the pattern — not as the starting point itself.
-
AWS VPC Edge Routing Guide Part 4: DNS Decisions and Route 53 — Hosted Zones, the Six Routing Policies, Alias vs CNAME, and Health Checks
The decision that always comes before the entry points in Parts 1, 2, and 3 — DNS. Route 53's Public vs Private Hosted Zones, the decisive difference between A / CNAME / Alias records, the six Routing Policies (Simple / Weighted / Latency / Geolocation / Geoproximity / Multi-value / Failover), the three kinds of Health Check, and the decision boundary among Route 53, Global Accelerator, and CloudFront. The DNS layer in the series; the synthesis closes in Part 5.
-
AWS VPC Edge Routing Guide Part 3: How Packets Actually Flow Inside a VPC — IGW, NAT Gateway, Route Tables, Security Group vs NACL
The four components (IGW, NAT GW, Route Table, SG vs NACL) that decide where packets go inside a VPC and where they get blocked. The real difference between Public and Private subnets, NAT Gateway mechanics, Route Table evaluation order, the decisive split between stateful and stateless firewalls, and the common anti-patterns. The final post in the AWS VPC Edge Routing Guide series.
-
AWS VPC Edge Routing Guide Part 2: Connecting a VPC to Other VPCs, AWS Services, and On-Prem — A Decision Tree for VPC Endpoint, PrivateLink, Peering, Transit Gateway, and Direct Connect
There are six ways to connect a VPC to another VPC, an AWS-managed service, or on-premises. Which decision problem each one solves, where they split on cost, scalability, and transitivity, and the common anti-patterns. A practical guide that ends in a single decision tree. Part 2 of the AWS VPC Edge Routing Guide series.
-
AWS VPC Edge Routing Guide Part 1: Picking the Right Entry Point — A Decision Tree for ALB, NLB, API Gateway, CloudFront, and Global Accelerator
There are five candidates for fronting a VPC on AWS. Which OSI layer each one operates at, the decision variables that separate them, and the common anti-patterns. A practical guide that ends in a single decision tree. Part 1 of the AWS network service blocks series.
-
AWS VPC Edge Routing Guide Part 0: Network and AWS Fundamentals — OSI, VPC, CIDR, ENI, Reverse Proxies, and the Core AWS Services You Need Before the Series
A primer that lands before the decision-tree posts. OSI 7-layer and L4/L7, VPC / Subnet / CIDR / AZ, ENI / EIP / Source NAT, HTTPS / TLS / mTLS / auth jargon, reverse proxies, and a one-page taxonomy of core AWS services — every concept the rest of the series leans on, gathered into one post.
-
AWS Private EC2 Operations Guide Part 2: Building VPC Infrastructure with Terraform — VPC/Subnet/Route Table/SG/ALB/EC2 in a Single main.tf
Turn the Part 1 architecture into real code. We build a 10.0.0.0/16 VPC, 2AZ Public/Private subnets, IGW/NAT Gateway, the SG-references-SG pattern, and ALB + EC2 — all in one main.tf that comes up with a single terraform apply.
-
AWS Private EC2 Operations Guide Part 1: Why Private Subnet? — The ALB + NAT Gateway Standard Architecture and Sizing-Based Decision Criteria
We unpack the 'why' behind the standard pattern of placing EC2 in a Private Subnet wrapped by ALB and NAT Gateway. Public IPv4 vs Elastic IP, sizing recommendations, HA basics, and the concrete risks of putting PII-handling servers in a Public Subnet. Part 1 of a Bastion-less AWS EC2 operations series.