Skip to main content
HashnodeRacheal Kuranchie's blog

Command Palette

Search for a command to run...

AWS Networking Simplified Guide

A Beginner’s Guide to VPC, CIDR, Route 53, and CloudFront

Published
5 min read
R
Racheal Kuranchie
Part of seriesAWS Cloud Essentials

In my last post, I talked about compute. But even the best app won’t do much if it can’t talk to users or other services. That’s where networking comes in.

Think of AWS networking like designing a city with roads, neighborhoods, gates, and addresses, all making sure people (data) get where they need to go.

VPC: Your Private City

A VPC (Virtual Private Cloud) is like your own private city inside AWS. Nobody else can build roads there unless you allow it. Inside this city, you decide how wide the roads are (CIDR ranges), where neighborhoods are located (subnets), and who gets access.

Subnets: The Neighborhoods

A Subnet is like a neighborhood in your city.

  • Public Subnet → houses with driveways that open onto a main road (accessible from outside).

  • Private Subnet → gated communities without direct public roads (internal-only).

Why it matters: put sensitive things (like your database) in a private subnet, or it’s like leaving your valuables on the porch.

Internet Gateway: The City Gate

An Internet Gateway (IGW) is like the city’s main entrance/exit gate. Without it, no one can drive in or out of your city. Attach it to your public subnet, and suddenly your app can talk to the internet.

IP Address: Your Home Address

Every house in your city needs an address. That’s your IP address.

  • Private IPs: only make sense inside your city. Example → 10.0.1.25.

  • Public IPs: can be reached from the outside world. Example → 3.22.150.7.

Why it matters: If you accidentally expose a database with a public IP, anyone on the internet can knock on its door.

Route Tables: The GPS System

A Route Table is like a GPS for your city. It tells cars (data packets) which roads to take.

  • For external visitors, it points them toward the internet gateway.

  • For internal traffic, it keeps them within the city.

Without it, data just sits there confused, like a lost tourist.

VPN: The Private Tunnel

A VPN (Virtual Private Network) is like digging a private tunnel between your AWS city and your office. Instead of using public highways, your employees travel underground, hidden and secure.

Why it matters: Without a VPN, admins may connect over the open internet to manage systems, which is like leaving a master key under the doormat.

Route 53: The City’s Address Book

Remembering raw IPs is hard. Instead, you use names. Route 53 is like the city’s directory, translating “myapp.com” into the actual street address (IP) of the server where your app lives.

CloudFront: The Delivery Service

Imagine you run a bakery in your city. People from other cities want your croissants. Instead of everyone driving all the way to your bakery, you set up delivery points closer to them. That’s CloudFront (CDN), it caches and delivers content from locations nearest the user for speed.

CIDR: How Big Is Your City?

CIDR blocks define how big your city is, or how many houses (IP addresses) you can fit.

  • Example: 10.0.0.0/16 = about 65,000 possible addresses (big city).

  • Example: 10.0.0.0/28 = only 16 addresses (tiny street).

Why it matters: If you pick a small block for your VPC and suddenly your population grows, you run out of room. Expanding later is messy, like trying to squeeze skyscrapers into a tiny village.

Bringing It All Together

Let’s say you launch a simple to-do app:

  • Your VPC is the city.

  • One public subnet hosts the app’s web server.

  • One private subnet stores the database (kept away from the public).

  • An Internet Gateway lets users access the web server.

  • A Route Table makes sure data knows where to go.

  • Route 53 maps “todoapp.com” to your web server.

  • CloudFront makes sure people worldwide load your app quickly.

  • A VPN securely connects your office to AWS for admin tasks.

Now imagine if you skipped these steps:

  • No private subnet → your database is open to the internet.

  • No route table rules → your app can’t reach the database.

  • No CloudFront → global users complain your app is slow.

  • Wrong CIDR choice → your city runs out of addresses before it even grows.

Designing AWS networking isn’t just about “making it work.” It’s about making it secure, scalable, and resilient from the start.

Questions You Should Be Asking Yourself in AWS Networking

  1. Subnets & Security

    • What are the real security implications of putting an application server in a public subnet?

    • Can I put all applications in private subnets and simply use a public-facing load balancer to handle internet traffic?

  2. CIDR & Scaling

    • Is it always advisable to start with a /16 CIDR block “just in case” I need more IPs later?

    • What happens if two VPCs I want to connect (via peering or Transit Gateway) have overlapping CIDRs?

  3. Traffic Flow & Resilience

    • How does traffic flow change if I introduce a VPN or Direct Connect into my setup and what’s my fallback if that connection fails?

    • When using CloudFront + Route 53, how do I make sure global users get routed efficiently without creating latency or DNS confusion?

  4. Operational Concerns

    • What’s the risk of exposing my database with a public IP “for convenience”?

    • How do I enforce least-privilege networking so that my private subnets are truly private?

#networking#aws#vpc#subnet#vpn
28 views

Comments

Join the discussion

No comments yet. Be the first to comment.

AWS Cloud Essentials

Part 1 of 4

This series breaks down AWS from the ground up—simple, practical, and thought-provoking. Follow as I learn to design cloud systems that don’t just work, but survive failure.

Up next

Exploring the Possibility of Running Apps Server-Free

How AWS Solutions Like Lambda and Fargate Remove the Burden of Server Management.

More from this blog

Racheal Kuranchie's blog

5 posts