The Solace Fashion App is ready to redefine how customers shop and engage with style. And at the heart of this exciting journey lies a critical mission: designing and deploying a robust Virtual Private Cloud (VPC) architecture to power it all.
As the cloud network engineer, you are entrusted with the responsibility of turning this vision into a seamless, scalable, and secure reality. From planning subnets and routing tables to implementing security policies that safeguard sensitive user data, your role is to lay the foundation that ensures the app operates flawlessly under any circumstance. This is more than just building infrastructure; it’s about delivering the reliability, performance, and agility needed to match the bold ambitions of the Solace Fashion App.
Let’s dive into how we’ll bring this cloud architecture to life and ensure saclability.
The architecture consists of the following virtual private clouds (VPCs):
- Frontend App VPC: 10.10.100.0/16
- Backend VPC: 172.30.100.0/16
- Database VPC: 192.168.100.0/16
The objectives of the architecture are as follows:
- Restrict Communication: Only allow the App VPC (10.10.100.0/24) to connect to the Backend VPC (172.30.100.0/24).
- Controlled Access: Permit the Backend VPC (172.30.100.0/24) to communicate with the Database VPC (192.168.100.0/24).
- Enforce Isolation: Ensure that direct communication between the App VPC and the Database VPC is strictly prohibited.
We are utilizing Terraform to efficiently manage the development and deployment of the architecture.
- Develop Terraform code in a modular structure to enhance maintainability and efficiency by isolating components like VPCs, subnets, and transit gateway into reusable modules.
- Using a transit gateway to efficiently manage and centralize the connections between VPCs, ensuring scalability, simplified routing, and streamlined network management.
- Using the following commands to install terraform
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update
sudo apt install terraform
Applying aws credentials on the terminal, either using
aws configureor environment variables on your working terminal-
The Transit Gateway comprises three key components:
- Attachment: Connects VPCs, on-premises networks, or other resources to the Transit Gateway.
- Route: Defines the traffic flow between attachments through routing tables.
- Propagation: Automatically shares routes from attached resources to the Transit Gateway routing tables, enabling dynamic updates.
Creating each vpc using terraform
- Creating the transit gateway and each vpc attachment and route-table
for testing purpose, I will be using the public subnet only
- Creating EC2 instances for reachability tests to verify network connectivity between VPCs.
- Initializing the terraform code using
terrfarom init
- Formatting the terraform code using
terraform fmt
- Planning the terraform code using
terraform plan
- Applying the terraform code after the plan was successful using
terraform apply --auto-approve
- Testing connectivity from Frontend VPC
PING TO BACKEND VPC REACHABLE
PING TO DATABASE VPC NOT REACHABLE
- Testing connectivity from Database VPC
PING TO BACKEND VPC REACHABLE
PING TO FRONTEND APP VPC NOT REACHABLE
Whaooooo!!!
Been a long ride, I hope you follow through and practice at your pace
Check the Project_CodeBase
Top comments (0)