VPC Design (3-tier)
Source: doonops-curriculum/aws-vpc--vpc-design.md
Doonops lesson
Goal
Draw 3-tier network in your head before writing HCL.
Simple explanation
VPC = your private colony. Public road (IGW), private houses (app), locked vault street (database). NAT = back gate to internet for private houses.
Technical view
VPC = your private colony. Public road (IGW), private houses (app), locked vault street (database). NAT = back gate to internet for private houses.
Think of it like
VPC = your private colony. Public road (IGW), private houses (app), locked vault street (database). NAT = back gate to internet for private houses.
Steps
- Read simple section
- Read analogy + diagram
- Copy project files
- Do local lab
Deep explanation
Layman words first, then technical detail — read slowly
Internet ↓ [ Internet Gateway ] ↓ PUBLIC subnets → ALB lives here (users can reach) ↓ PRIVATE app subnets → EC2 (no direct internet) ↓ PRIVATE DB subnets → RDS (only app can talk)
NAT Gateway lets private servers download updates outbound — costs money; use one NAT in labs.
Example (Doonops)
Modern HCL — names are examples, not from any third-party course
# see project files
Terraform runs on your computer — copy this HCL into a folder, then follow the local lab steps below.
Quick check
- Explain topic to a friend in 2 sentences
- Did local lab steps
Project files for this lab
Full implementation folder — copy all files, then run terraform commands
Lab project files (full folder)
Copy every file below into one folder — same as a real repo module. Then run the local lab steps.
Suggested folder: Suggested path: ~/doonops-terraform/09-vpc-design/
ARCHITECTURE.mdSee file purpose in the code below# 3-tier VPC design (Doonops)
```
Internet → IGW → Public subnets (ALB)
→ Private subnets (EC2)
→ DB subnets (RDS)
```
Next lab: 10-vpc-terraform implements this.