Think of networking as the roads and boundaries of your Lego city. Without well‑planned roads, traffic jams and accidents are inevitable. In Terraform, networking ensures that each tier (Web, App, DB) is properly isolated, secure, and connected.

This chapter builds the VPC, subnets, gateways, and security groups that allow safe communication between tiers while protecting sensitive resources.

Key Concepts

1. Virtual Private Cloud (VPC)

• Definition: A logically isolated section of AWS cloud.
• CIDR Block: Example 10.0.0.0/16.
• Acts as the city boundary for all resources.

2. Subnets

• Public Subnets: For web tier (accessible from the internet).
• Private Subnets: For app and DB tiers (internal only).
• Multi‑AZ Deployment: Spread subnets across availability zones for resilience.

3. Gateways

• Internet Gateway (IGW): Allows public subnets to connect to the internet.
• NAT Gateway: Allows private subnets to access the internet (e.g., for updates) without being exposed.

4. Security Groups

• Web SG: Allow HTTP/HTTPS from the internet.
• App SG: Allow traffic only from Web SG.
• DB SG: Allow traffic only from App SG.
• Acts like firewalls between tiers.

Hands‑On Lab / Demo

Lab: Networking Setup with Terraform

Configure Security Groups:

resource "aws_security_group" "web_sg" {
  vpc_id = aws_vpc.main.id

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Attach Internet Gateway:

resource "aws_internet_gateway" "igw" {
  vpc_id = aws_vpc.main.id
}

Create Subnets:

resource "aws_subnet" "public" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.1.0/24"
  map_public_ip_on_launch = true
}

resource "aws_subnet" "private" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.2.0/24"
}

Create VPC:

resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
}

Pro Tips & Best Practices

• Always separate public and private subnets.
• Use NAT Gateway for private instances needing internet access.
• Restrict DB access to App tier only.
• Document CIDR ranges to avoid overlap.
• Spread subnets across AZs for high availability.

Summary & Cheatsheet

• VPC = City boundary.
• Subnets = Neighborhoods (public vs private).
• Gateways = Roads to/from the city.
• Security Groups = Firewalls between neighborhoods.

Quick mnemonic: “VPC → Subnets → Gateways → Security.”

The Hackers Notebook

Networking is the foundation of your 3‑tier infrastructure. By designing VPCs, subnets, gateways, and security groups, you ensure secure communication between tiers and protect sensitive resources.