0% found this document useful (0 votes)

11 views7 pages

Cidr

The document outlines a standard CIDR block strategy for different environments including Production, Staging, Development, UAT, and Shared Services, with specific CIDR allocations. It also provides subnetting examples for a Production VPC, detailing public, private, and database subnets across availability zones. Additionally, it includes a Terraform configuration for deploying a VPC for microservices, emphasizing modular file structure and necessary resources for setup.

Uploaded by

aws.qa.shirshendu

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as RTF, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

11 views7 pages

Cidr

Uploaded by

aws.qa.shirshendu

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as RTF, PDF, TXT or read online on Scribd

You are on page 1/ 7

🔹 1.

Standard Real-Time CIDR Block Strategy

Environment VPC CIDR Block Notes

Production 10.0.0.0/16 Reserved for mission-critical workloads. Split into /20 or /24 subnets.

Staging 10.1.0.0/16 Near-production-like environment for QA.

Development 10.2.0.0/16 Used by engineers for testing features.

UAT 10.3.0.0/16 User acceptance testing. Often used by clients/business teams.

Shared Services 10.10.0.0/16 Centralized logging, monitoring, CI/CD tools.

🔹 2. Availability Zone Subnetting Example (Within a Production VPC: 10.0.0.0/16)

Subnet Purpose AZ CIDR Block

Public Subnet 1 us-east-1a 10.0.0.0/20

Public Subnet 2 us-east-1b 10.0.16.0/20

Private Subnet 1 us-east-1a 10.0.32.0/20

Private Subnet 2 us-east-1b 10.0.48.0/20

DB Subnet 1 us-east-1a 10.0.64.0/24

DB Subnet 2 us-east-1b 10.0.65.0/24

Reserved for future 10.0.128.0/17

🔹 3. Multi-Account / Multi-VPC Strategy with Peering

VPC Name CIDR Block Comments

Prod-VPC (App Tier) 10.0.0.0/16 Main production app services

Prod-VPC (DB Tier) 10.4.0.0/16 Dedicated DB VPC, peered with App

DevOps VPC 10.8.0.0/16 Jenkins, monitoring, logging

Analytics VPC 10.12.0.0/16 EMR, Glue, Databricks workloads

Sandbox VPC 10.16.0.0/16 Internal experiments and tests

🔹 Tips for CIDR Planning in Production

Avoid overlapping CIDRs across VPCs if you plan to use VPC peering or Transit Gateway.

Use /16 for VPCs if you expect high scalability.

Subnet by /20 or /24, depending on traffic patterns and instance density.

Use different IP ranges for Dev/Staging/Prod to isolate and minimize blast radius.

Consider RFC1918 ranges:

10.0.0.0/8

172.16.0.0/12

192.168.0.0/16

Terraform: VPC for Microservices (Production)

📁 File Structure (Modular)

css

Copy

Edit

terraform/
│

├── main.tf

├── variables.tf

├── outputs.tf

└── vpc/

├── main.tf

├── variables.tf

└── outputs.tf

🔹 terraform/main.tf

hcl

Copy

Edit

provider "aws" {

region = var.aws_region

module "vpc" {

source = "./vpc"

name = "microservices-prod"

cidr = "10.0.0.0/16"

azs = ["us-east-1a", "us-east-1b", "us-east-1c"]

public_subnets = ["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24"]

private_subnets = ["10.0.10.0/24", "10.0.11.0/24", "10.0.12.0/24"]

database_subnets = ["10.0.20.0/24", "10.0.21.0/24", "10.0.22.0/24"]

}
🔹 terraform/variables.tf

hcl

Copy

Edit

variable "aws_region" {

default = "us-east-1"

🔹 vpc/main.tf

hcl

Copy

Edit

resource "aws_vpc" "this" {

cidr_block = var.cidr

enable_dns_support = true

enable_dns_hostnames = true

tags = {

Name = "${var.name}-vpc"

resource "aws_internet_gateway" "igw" {

vpc_id = aws_vpc.this.id

tags = {

Name = "${var.name}-igw"

}
resource "aws_subnet" "public" {

for_each = toset(var.public_subnets)

vpc_id = aws_vpc.this.id

cidr_block = each.value

availability_zone = element(var.azs, index(var.public_subnets, each.value))

map_public_ip_on_launch = true

tags = {

Name = "${var.name}-public-${each.key}"

resource "aws_subnet" "private" {

for_each = toset(var.private_subnets)

vpc_id = aws_vpc.this.id

cidr_block = each.value

availability_zone = element(var.azs, index(var.private_subnets, each.value))

tags = {

Name = "${var.name}-private-${each.key}"

resource "aws_subnet" "database" {

for_each = toset(var.database_subnets)

vpc_id = aws_vpc.this.id

cidr_block = each.value
availability_zone = element(var.azs, index(var.database_subnets, each.value))

tags = {

Name = "${var.name}-db-${each.key}"

🔹 vpc/variables.tf

hcl

Copy

Edit

variable "name" {}

variable "cidr" {}

variable "azs" {

type = list(string)

variable "public_subnets" {

type = list(string)

variable "private_subnets" {

type = list(string)

variable "database_subnets" {

type = list(string)

🔹 vpc/outputs.tf

hcl

Copy
Edit

output "vpc_id" {

value = aws_vpc.this.id

output "public_subnet_ids" {

value = [for s in aws_subnet.public : s.id]

output "private_subnet_ids" {

value = [for s in aws_subnet.private : s.id]

output "db_subnet_ids" {

value = [for s in aws_subnet.database : s.id]

🚀 Next Steps

Add Route Tables for public and private subnets.

Add NAT Gateway to allow outbound internet access from private subnets.

Add Security Groups for ECS, ALB, DB, etc.

Use terraform apply to deploy after initializing.

Terraform Part-3 @HydITHubGateway
No ratings yet
Terraform Part-3 @HydITHubGateway
9 pages
Lab Terraform Day3 1
No ratings yet
Lab Terraform Day3 1
8 pages
Terraform
No ratings yet
Terraform
12 pages
Deploy Two Tier Architecture in AWS
No ratings yet
Deploy Two Tier Architecture in AWS
21 pages
Devops Project
No ratings yet
Devops Project
4 pages
SimpleTimeService POC Guide
No ratings yet
SimpleTimeService POC Guide
19 pages
Data Source and Remote State
No ratings yet
Data Source and Remote State
3 pages
Terraform Commands & AWS Setup Guide
No ratings yet
Terraform Commands & AWS Setup Guide
7 pages
Docker and AWS VPC Setup Guide
No ratings yet
Docker and AWS VPC Setup Guide
54 pages
Terraform Script
No ratings yet
Terraform Script
8 pages
Main TF
No ratings yet
Main TF
6 pages
Build Ec2 VPC 1734880913
No ratings yet
Build Ec2 VPC 1734880913
20 pages
Terraform Cheat Sheet
No ratings yet
Terraform Cheat Sheet
2 pages
3 Tier VPC
No ratings yet
3 Tier VPC
15 pages
AWS Project Terraform
No ratings yet
AWS Project Terraform
21 pages
Devops Project
No ratings yet
Devops Project
21 pages
!ref:: - : - :::::::::: - :::::::::: !ref: !ref:::::::: !ref
No ratings yet
!ref:: - : - :::::::::: - :::::::::: !ref: !ref:::::::: !ref
5 pages
CloudFormation Notes
No ratings yet
CloudFormation Notes
8 pages
Infrastructure As Code (IaC) With Terraform
No ratings yet
Infrastructure As Code (IaC) With Terraform
16 pages
Create EC2 Instance with Terraform
No ratings yet
Create EC2 Instance with Terraform
5 pages
Mini Project
No ratings yet
Mini Project
9 pages
Terraform
No ratings yet
Terraform
101 pages
Essential Cloud Networking Topics
No ratings yet
Essential Cloud Networking Topics
3 pages
Lab 3 Terraform
No ratings yet
Lab 3 Terraform
5 pages
EKS Cluster Setup
No ratings yet
EKS Cluster Setup
31 pages
AWSTerraform Three Tier Arch
No ratings yet
AWSTerraform Three Tier Arch
43 pages
Day 15 - 31-Aug-2021 - VPC
No ratings yet
Day 15 - 31-Aug-2021 - VPC
2 pages
VPC and s3
No ratings yet
VPC and s3
4 pages
VPC Notes
No ratings yet
VPC Notes
11 pages
Deploy A Two Node Kubernetes Cluster On AWS 1726859898
No ratings yet
Deploy A Two Node Kubernetes Cluster On AWS 1726859898
21 pages
Terraform Instructor Day3 1
No ratings yet
Terraform Instructor Day3 1
7 pages
Core Architecture Slides Student Hand Out April 20191559592462009
No ratings yet
Core Architecture Slides Student Hand Out April 20191559592462009
125 pages
VPC Peering
No ratings yet
VPC Peering
17 pages
5 Aws VPC
No ratings yet
5 Aws VPC
8 pages
Terraform Projects - DevOps Shack
No ratings yet
Terraform Projects - DevOps Shack
48 pages
Terraform To Attach A Security Group To An EC2 Instance
No ratings yet
Terraform To Attach A Security Group To An EC2 Instance
1 page
Extra Networking Lab 1 Multi-VPC Account Architecture
No ratings yet
Extra Networking Lab 1 Multi-VPC Account Architecture
26 pages
VPC Setup Guide for Cloud Users
No ratings yet
VPC Setup Guide for Cloud Users
10 pages
AWS VPC Guide for DevOps Pros
No ratings yet
AWS VPC Guide for DevOps Pros
19 pages
VPC and IP Address Guide
No ratings yet
VPC and IP Address Guide
10 pages
Subnet 2
No ratings yet
Subnet 2
5 pages
AWS Networking Basics Guide
No ratings yet
AWS Networking Basics Guide
60 pages
NW5-Testing VPC Connectivity
No ratings yet
NW5-Testing VPC Connectivity
55 pages
AcademyCloudArchitecting Module 06-1
No ratings yet
AcademyCloudArchitecting Module 06-1
53 pages
Module 2 - Networking On AWS - Animated
No ratings yet
Module 2 - Networking On AWS - Animated
36 pages
AWS EC2 Setup with Terraform
No ratings yet
AWS EC2 Setup with Terraform
2 pages
Terraform Part-2 @HydITHubGateway
No ratings yet
Terraform Part-2 @HydITHubGateway
6 pages
DevOps Project
No ratings yet
DevOps Project
24 pages
FANG CI - CD DevSecOps Best Practices
No ratings yet
FANG CI - CD DevSecOps Best Practices
1 page
Intro To The Data Block
No ratings yet
Intro To The Data Block
5 pages
Example - VPC With Servers in Private Subnets and NAT
No ratings yet
Example - VPC With Servers in Private Subnets and NAT
4 pages
Terraform Code
No ratings yet
Terraform Code
2 pages
Terraform Practise Updates
No ratings yet
Terraform Practise Updates
28 pages
Subnet 1
No ratings yet
Subnet 1
3 pages
Terraform KodeKloud
No ratings yet
Terraform KodeKloud
230 pages
Organization Management PDF
No ratings yet
Organization Management PDF
25 pages
5f62ffb2a561e Mukul Agarwal
No ratings yet
5f62ffb2a561e Mukul Agarwal
2 pages
4 Assembly Language Program Example
No ratings yet
4 Assembly Language Program Example
13 pages
Practices C#
No ratings yet
Practices C#
4 pages
Asap 8
100% (1)
Asap 8
47 pages
Luis Fernando Trueba (CV)
No ratings yet
Luis Fernando Trueba (CV)
1 page
Log
No ratings yet
Log
205 pages
Cover Page: Template For The Unisys Innovation Program Student Technical Contest-Preliminary Project Plan and Abstract
No ratings yet
Cover Page: Template For The Unisys Innovation Program Student Technical Contest-Preliminary Project Plan and Abstract
3 pages
Az 900
No ratings yet
Az 900
7 pages
Configuring IPTables For Snort Inline
No ratings yet
Configuring IPTables For Snort Inline
10 pages
Assignment-2 Program
No ratings yet
Assignment-2 Program
5 pages
Principles of Concurrency
No ratings yet
Principles of Concurrency
7 pages
62 Menu Bar Apps That Will Take Your Mac To The Next Level
No ratings yet
62 Menu Bar Apps That Will Take Your Mac To The Next Level
1 page
Log
No ratings yet
Log
331 pages
Syllabus:: Unit-3: Classes, Inheritance, Exceptions, Packages and Interfaces
No ratings yet
Syllabus:: Unit-3: Classes, Inheritance, Exceptions, Packages and Interfaces
56 pages
x86 Cpu Virtualization
No ratings yet
x86 Cpu Virtualization
22 pages
Data Structures Exam CSE 2103 2016
No ratings yet
Data Structures Exam CSE 2103 2016
2 pages
It3501 Full Stack Web Development
100% (1)
It3501 Full Stack Web Development
4 pages
Software Engineering - OOSE MCA2005 - Bridge Course COs POs - Syllabus Mapping
No ratings yet
Software Engineering - OOSE MCA2005 - Bridge Course COs POs - Syllabus Mapping
95 pages
Apache VS16 Binaries and Modules Download
No ratings yet
Apache VS16 Binaries and Modules Download
2 pages
An Operating Systems Course: With Projects in Java
No ratings yet
An Operating Systems Course: With Projects in Java
3 pages
Ariska Dian Musali: Personal Data
No ratings yet
Ariska Dian Musali: Personal Data
4 pages
TCPDump Guide for Network Admins
No ratings yet
TCPDump Guide for Network Admins
3 pages
CGI Programming: Python3 Advanced #7
No ratings yet
CGI Programming: Python3 Advanced #7
12 pages
Quiz2-Model Answer B Python
No ratings yet
Quiz2-Model Answer B Python
2 pages
Jatin Choudhary Devops HashedIn Resume (Update)
No ratings yet
Jatin Choudhary Devops HashedIn Resume (Update)
1 page
C C++ Interview Questions Answers
No ratings yet
C C++ Interview Questions Answers
14 pages
SC Lab Record
No ratings yet
SC Lab Record
82 pages
Documento 55
No ratings yet
Documento 55
3 pages
Mpi Openmp Examples
No ratings yet
Mpi Openmp Examples
27 pages

Cidr

Uploaded by

Cidr

Uploaded by

🔹 1.

Standard Real-Time CIDR Block Strategy

Environment VPC CIDR Block Notes

Staging 10.1.0.0/16 Near-production-like environment for QA.

Development 10.2.0.0/16 Used by engineers for testing features.

UAT 10.3.0.0/16 User acceptance testing. Often used by clients/business teams.

Shared Services 10.10.0.0/16 Centralized logging, monitoring, CI/CD tools.

🔹 2. Availability Zone Subnetting Example (Within a Production VPC: 10.0.0.0/16)

Subnet Purpose AZ CIDR Block

Public Subnet 1 us-east-1a 10.0.0.0/20

Public Subnet 2 us-east-1b 10.0.16.0/20

Private Subnet 1 us-east-1a 10.0.32.0/20

Private Subnet 2 us-east-1b 10.0.48.0/20

DB Subnet 1 us-east-1a 10.0.64.0/24

DB Subnet 2 us-east-1b 10.0.65.0/24

Reserved for future 10.0.128.0/17

🔹 3. Multi-Account / Multi-VPC Strategy with Peering

VPC Name CIDR Block Comments

Prod-VPC (App Tier) 10.0.0.0/16 Main production app services

Prod-VPC (DB Tier) 10.4.0.0/16 Dedicated DB VPC, peered with App

DevOps VPC 10.8.0.0/16 Jenkins, monitoring, logging

Analytics VPC 10.12.0.0/16 EMR, Glue, Databricks workloads

Sandbox VPC 10.16.0.0/16 Internal experiments and tests

Use /16 for VPCs if you expect high scalability.

Subnet by /20 or /24, depending on traffic patterns and instance density.

Consider RFC1918 ranges:

Terraform: VPC for Microservices (Production)

📁 File Structure (Modular)

azs = ["us-east-1a", "us-east-1b", "us-east-1c"]

public_subnets = ["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24"]

private_subnets = ["10.0.10.0/24", "10.0.11.0/24", "10.0.12.0/24"]

database_subnets = ["10.0.20.0/24", "10.0.21.0/24", "10.0.22.0/24"]

resource "aws_vpc" "this" {

resource "aws_internet_gateway" "igw" {

availability_zone = element(var.azs, index(var.public_subnets, each.value))

resource "aws_subnet" "private" {

availability_zone = element(var.azs, index(var.private_subnets, each.value))

resource "aws_subnet" "database" {

value = [for s in aws_subnet.public : s.id]

value = [for s in aws_subnet.private : s.id]

value = [for s in aws_subnet.database : s.id]

Add Route Tables for public and private subnets.

Add Security Groups for ECS, ALB, DB, etc.

Use terraform apply to deploy after initializing.

You might also like