VPC design:
- Subnets: Divide VPC into segments. Public (internet-accessible) and private
- CIDR planning: Size appropriately. Hard to change later
- Availability Zones: Spread subnets across AZs for resilience
Connectivity:
- NAT Gateway: Allows private subnets to reach internet
- VPC Peering: Connect VPCs directly
- Transit Gateway: Hub for connecting multiple VPCs
Security layers (AWS):
Security Groups (instance level)
NACLs (subnet level)
WAF (application level)
GCP uses Firewall Rules and Cloud Armor for similar functions.