Engineering Playbook

Cloud Networking

VPCs, Subnets, CIDR, and DNS.

Networking Basics

Networking is the plumbing. When it works, no one notices. When it breaks, nothing works.

VPC (Virtual Private Cloud)

Your isolated slice of the cloud.

Subnets

You slice your VPC into smaller networks.

  1. Public Subnet: Has an Internet Gateway (IGW). Resources here have public IPs. (Load Balancers, NAT Gateways).
  2. Private Subnet: No direct internet access. Resources here only have private IPs. (Databases, App Servers).

How do Private apps talk to the internet? They route traffic through a NAT Gateway sitting in the Public Subnet.

CIDR Notation (The Math)

CIDR (/16, /24) defines how many IP addresses you have.

  • Smaller number = More IPs.
  • /32 = 1 IP (Specific host).
  • /24 = 256 IPs (Standard subnet).
  • /16 = 65,536 IPs (Standard VPC size).

Don't overlap CIDRs

If your VPC is 10.0.0.0/16 and your office VPN is also 10.0.0.0/16, you cannot peer them. Always plan your IP ranges to be unique across the organization.

DNS

Translating names to IPs.

  • A Record: Maps api.com -> 1.2.3.4 (IP).
  • CNAME: Maps api.com -> lb.aws.com (Another name). Cannot be used at the root domain (apex).
  • Alias (AWS specific): Like a CNAME, but works at the root domain. Used for AWS Load Balancers and S3 buckets.

Load Balancers

  • L4 (Network LB): Dumb, fast. Routes based on IP/Port. (TCP/UDP). Good for gaming or non-HTTP traffic.
  • L7 (Application LB): Smart, slower. Routes based on URL path, Headers, Cookies. (HTTP/HTTPS). Good for Microservices routing (/api -> Service A, /web -> Service B).

Manifests & GitOps

Helm, Kustomize, and ArgoCD.

IDPs & Portals

Internal Developer Platforms, Backstage, and the Service Catalog.

On this page

Networking BasicsVPC (Virtual Private Cloud)SubnetsCIDR Notation (The Math)DNSLoad Balancers