The Solace Fashion App is ready to redefine how customers shop and engage with style. And at the heart of this exciting journey lies a critical mission: designing and deploying a robust Virtual Private Cloud (VPC) architecture to power it all.

As the cloud network engineer, you are entrusted with the responsibility of turning this vision into a seamless, scalable, and secure reality. From planning subnets and routing tables to implementing security policies that safeguard sensitive user data, your role is to lay the foundation that ensures the app operates flawlessly under any circumstance. This is more than just building infrastructure; it’s about delivering the reliability, performance, and agility needed to match the bold ambitions of the Solace Fashion App.

Let’s dive into how we’ll bring this cloud architecture to life and ensure saclability.
The architecture consists of the following virtual private clouds (VPCs):

1. Frontend App VPC: 10.10.100.0/16
2. Backend VPC: 172.30.100.0/16
3. Database VPC: 192.168.100.0/16

The objectives of the architecture are as follows:

• Restrict Communication: Only allow the App VPC (10.10.100.0/24) to connect to the Backend VPC (172.30.100.0/24).
• Controlled Access: Permit the Backend VPC (172.30.100.0/24) to communicate with the Database VPC (192.168.100.0/24).
• Enforce Isolation: Ensure that direct communication between the App VPC and the Database VPC is strictly prohibited.

We are utilizing Terraform to efficiently manage the development and deployment of the architecture.

• Develop Terraform code in a modular structure to enhance maintainability and efficiency by isolating components like VPCs, subnets, and transit gateway into reusable modules.

• Using a transit gateway to efficiently manage and centralize the connections between VPCs, ensuring scalability, simplified routing, and streamlined network management.

• Using the following commands to install terraform

wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update
sudo apt install terraform

• Applying aws credentials on the terminal, either using aws configure or environment variables on your working terminal

• The Transit Gateway comprises three key components:

  1. Attachment: Connects VPCs, on-premises networks, or other resources to the Transit Gateway.
  2. Route: Defines the traffic flow between attachments through routing tables.
  3. Propagation: Automatically shares routes from attached resources to the Transit Gateway routing tables, enabling dynamic updates.

• Creating each vpc using terraform

• Creating the transit gateway and each vpc attachment and route-table

for testing purpose, I will be using the public subnet only

• Creating EC2 instances for reachability tests to verify network connectivity between VPCs.

• Initializing the terraform code using terrfarom init

• Formatting the terraform code using terraform fmt

• Planning the terraform code using terraform plan

• Applying the terraform code after the plan was successful using terraform apply --auto-approve

• Testing connectivity from Frontend VPC

PING TO BACKEND VPC REACHABLE

PING TO DATABASE VPC NOT REACHABLE

• Testing connectivity from Database VPC

PING TO BACKEND VPC REACHABLE

PING TO FRONTEND APP VPC NOT REACHABLE

Whaooooo!!!
Been a long ride, I hope you follow through and practice at your pace
Check the Project_CodeBase