[WIP] Cloud Network Subnetting Best Practice

Almost all public clouds that we know today have a basic network configuration containing VPCs and Subnets to host and logically group our cloud workloads, these components are the most vital components for our workloads to communicate intra/inter workloads

In this blog post, I will try to show you how we should design and configure our network configuration especially for VPC and Subnetting to keep our workload isolated and secure in network perspective

Isolating workloads on a public vs private basis

We have to isolate our private workloads into an isolated network that is only accessible via other resources in our workload because we don't want them to be exposed to the internet, and for publicly accessible resources that are meant to be accessible via the internet should be placed in public network isolation, we name this network isolation as a subnet group

For example, we have a simple web application workload containing one Load Balancer and one compute cluster (auto-scaling group), each client from another network/internet uses the Load Balancer address to access the API served in the compute cluster, in this case, we don't want any client to be able to access our compute in our compute cluster directly via internet, that's why we need to isolate them into private network, and for Load Balancer, we put them into public network isolation

Example of simple network isolation
Example of simple network isolation