VPC | AWS Network Infrastructure | Fluid Attacks Help

Virtual Private Cloud (VPC)

VPC provides network solutions to AWS resources.
A Virtual Private Cloud (VPC) represents a traditional network, but on the cloud.

Public Oath

Fluid Attacks will look for a cloud network architecture that properly balances security, simplicity, and accessibility.

Architecture

vpc arch
  1. vpc owns the network configuration for AWS.
  2. It is managed as code using Terraform.
  3. There is a single VPC for the entire company called fluid-vpc.
  4. It has subnets for:
    1. common: Default resources like the ERP.
    2. batch: Batch jobs
    3. ci: GitLab CI.
    4. k8s: Kubernetes Cluster.
    5. lambda: integrates lambdas.
    6. observes: observes ETLs.
    7. machine_learning: Sorts trainings.
  5. All components have subnets in multiple availability zones in order to grant higher redundancy and broader access to spot instances.
  6. It has an Internet Gateway that allows resources in public subnets to reach the Internet.
  7. It has NAT gateways that allow resources in private subnets to reach the Internet.
  8. It uses Flow Logs to sends network logs to CloudWatch.
  9. The observes subnets use VPC endpoints for privately connecting to Kinesis and Glue.
  10. There is a security group called CloudFlare, which allows income traffic from the CloudFlare IP addresses.

Contributing

Please read the contributing page first.

Idea
Tip
Have an idea to simplify our architecture or noticed docs that could use some love? Don't hesitate to open an issue or submit improvements.