1 Answer
- Newest
- Most votes
- Most comments
1
There are several factors which can determine the design of your VPC. I have summarized the different factor with some possible solutions. Feel free to deviate from this if you have different requirements.
Designing VPCs and Subnets
- Public and Private Subnets:
- Separate public subnet for resources that need internet access (load balancers, bastion hosts)
- Private subnet(s) for resources that shouldn't be publicly accessible (application servers, databases)
Note: The reson for doing this is that route tables are applied on a subnet level.
- Number of Subnets:
- At least two private subnets, each in a different Availability Zone (AZ) for high availability
- Frontend and backend components can share private subnets and use security groups (SG's) for allow appropriate traffic to the microservice. Remeber, SG's can reference itself or other SG's.
- Microservices:
- Deploy microservices within the same private subnets
- Use security groups and network ACLs to control communication between microservices and other components
- Security Groups and Network ACLs:
- Security groups act as stateful virtual firewalls for instances (inbound/outbound traffic)
- Network ACLs act as stateless firewalls at the subnet level - usually SGs meets the requirements of customers, i recommend proceeding with SG's as your stateful firewall.
- Use them to enforce strict security policies and control traffic between subnets and components
- Resiliency and High Availability:
- Deploy components across multiple AZs to ensure resiliency
- If one AZ goes down, workloads can failover to other AZ(s)
- Scalability:
- Consider future growth when sizing CIDR blocks for subnets to avoid IP address exhaustion. By leveraging fewer subnets, you mitigate the risks of certain subnets exausts their IP allocation. It might be very hard to estimate which worklaods are going to consume IP addresses if you priceed with DB subnet, app subnet, frontent subnet and so on.
Design your VPC and subnets based on your application's security, availability, and scalability requirement.
This architecture illustrate what i'm talking about above:
Taken form this link.
Hope this helps.
answered a month ago
Relevant content
- Accepted Answerasked 9 months ago
- asked a year ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 4 months ago