L'acardia Academy

AWS Networking Demonstrations

Terraform examples, architecture walkthroughs, troubleshooting guides

VPC Foundation

Create a VPC with DNS hostnames, IPv4 CIDR, and tagging strategy for multi-environment reuse.

VPCEC2

infrastructure/terraform/examples/aws-networking/vpc-foundation

Single VPC /16 with /24 public and private subnets per AZ.

Troubleshooting

  • DNS resolution fails - enable enableDnsSupport and hostnames.
  • Subnet too small - plan growth with secondary CIDR.

Public & Private Subnets

Map subnets to route tables; public via IGW, private via NAT.

VPCSubnetRoute TableIGWNAT Gateway

infrastructure/terraform/examples/aws-networking/nat-gateway

2 AZs × (public + private) with NAT in public tier.

Troubleshooting

  • Private subnet no internet - check NAT route and SG egress.
  • Asymmetric routing - verify return path.

Security Groups & NACLs

Stateful SG vs stateless NACL defense-in-depth for a three-tier app.

Security GroupNACL

infrastructure/terraform/examples/aws-networking/security

SG for instance-level; NACL for subnet boundary deny rules.

Troubleshooting

  • Ephemeral port blocked - allow return traffic in NACL.
  • SG referenced wrong - check source SG ID.

Transit Gateway Hub

Hub-spoke with TGW route tables for shared services VPC.

Transit GatewayVPC AttachmentRAM

infrastructure/terraform/examples/aws-networking/transit-gateway

Spoke VPCs attach to TGW; inspection VPC optional.

Troubleshooting

  • Blackhole routes - verify TGW RT propagation.
  • Cross-account - RAM acceptance pending.

VPC Peering

Non-transitive peering between two VPCs with route table updates.

VPC Peering

infrastructure/terraform/examples/aws-networking/vpc-peering

Peering connection + bi-directional routes; no transitive routing.

Troubleshooting

  • Overlapping CIDR - peering impossible; renumber.
  • DNS across peers - enable private DNS resolution.

Site-to-Site VPN

Virtual private gateway and customer gateway with IPsec tunnels.

VPN GatewayCustomer GatewayVPN Connection

infrastructure/terraform/examples/aws-networking/vpn

Dual-tunnel BGP or static routing to on-premises.

Troubleshooting

  • Phase 1 down - IKE mismatch.
  • Asymmetric routing - prefer BGP.

Direct Connect Concepts

Dedicated connectivity, VIF types, and DX Gateway vs Transit VIF.

Direct ConnectDX Gateway

infrastructure/terraform/examples/aws-networking/direct-connect

Private VIF to VPC; Transit VIF to TGW for hub designs.

Troubleshooting

  • BGP not established - verify ASN and MD5.
  • MACsec - hardware dependent.

Application & Network Load Balancers

ALB path-based routing vs NLB static IP for TCP workloads.

ALBNLBTarget Group

infrastructure/terraform/examples/aws-networking/load-balancers

ALB in public subnets; targets in private with SG referencing.

Troubleshooting

  • Health check failing - security group and path.
  • Idle timeout - tune for long-lived TCP.

Route 53 DNS

Routing policies: simple, weighted, latency, failover, geolocation.

Route 53

infrastructure/terraform/examples/aws-networking/route53

Hosted zone with health checks and failover to secondary region.

Troubleshooting

  • TTL caching - lower for failover tests.
  • Alias to ELB - use A alias not CNAME.

CloudFront CDN

Origin access control, cache behaviors, and custom TLS.

CloudFrontS3ACM

infrastructure/terraform/examples/aws-networking/cloudfront

CloudFront → S3 OAC with geo restriction optional.

Troubleshooting

  • 403 from origin - OAC policy on bucket.
  • Stale content - invalidate paths.

Deploy locally from infrastructure/terraform/examples/aws-networking/