My Cloud Journey | Module5 project | VPC Design

Designing a secure and highly available VPC on AWS

This task aims to design a secure and highly available VPC architecture on AWS for XYZ Limited.

I will use my understanding of AWS’s Global Infrastructure, VPC, subnets, route tables, Network Access Control Lists (NACLs), NAT Gateways, to design a cloud environment that is both scalable and secure.

Requirements

Requirements were given to design a secure VPC architecture on AWS for XYZ Limited's new web application in a scalable and secure environment with high availability. The architecture must include a public-facing web component accessible from the internet and a backend database accessible only within the VPC.

Design

Summary of Design

The VPC architecture consisted of a VPC with a CIDR block of 10.0.0.0/16 to fulfil the requirements given. There are six subnets — two for each tier of Web, Application and Database across two Availability Zones (AZs) to ensure fault tolerance and high availability.

Internet connectivity is established through an Internet Gateway attached to the VPC for public subnets. A NAT Gateway is implemented in one of the public subnets to enable internet access for instances in the private subnets without direct internet exposure.

Route tables are configured to direct traffic properly, with public route tables directing internet-bound traffic to the Internet Gateway and private route tables directing internet-bound traffic to the NAT Gateway.

Security measures include Network Access Control Lists (NACLs) and Security Groups to enforce access control policies, ensuring that only necessary traffic is allowed and restricting access to the database servers from the application servers.

Overall, the VPC architecture design focuses on meeting the requirements for secure internet access, high availability, and restricted access to the database, providing a scalable and robust environment for XYZ Limited's web application deployment on AWS.

In future articles, I will share the implementation of this design using the AWS console and IaC (AWS CloudFormation).

Stay tuned!

Feel free to contact me to discuss Agile, cloud adoption, or anything tech-related. 🚀
You can also connect with me on LinkedIn.