VPC on Chen Kai Bloghttps://www.chenk.top/en/tags/vpc/Recent content in VPC on Chen Kai BlogHugoenThu, 30 Apr 2026 09:00:00 +0000Alibaba Cloud Full Stack (3): VPC, SLB, and the Network Layerhttps://www.chenk.top/en/aliyun-fullstack/03-vpc-networking/Thu, 30 Apr 2026 09:00:00 +0000https://www.chenk.top/en/aliyun-fullstack/03-vpc-networking/<p>Every outage I have debugged in the cloud ultimately traced back to networking. Bad CIDR planning that ran out of IPs six months in. Missing routes that silently dropped traffic between tiers. Security groups that were either wide open (hello, port 22 to <code>0.0.0.0/0</code>) or so locked down that health checks failed and the load balancer kept draining healthy instances. Getting the network layer right is the single most important thing you can do before deploying anything else, and it is the single most painful thing to fix retroactively because changing a VPC CIDR means recreating everything inside it.</p>Terraform for AI Agents (3): A Reusable VPC and Security Baselinehttps://www.chenk.top/en/terraform-agents/03-vpc-and-security-baseline/Mon, 16 Mar 2026 09:00:00 +0000https://www.chenk.top/en/terraform-agents/03-vpc-and-security-baseline/<p>This article builds the single most copied piece of Terraform in my agent projects: a <code>vpc-baseline</code> module that gives every later component (ECS, RDS, OpenSearch, ACK) a sane place to land. It&rsquo;s about 200 lines of HCL all-in. Worth typing once, refer to it forever.</p> <p>By the end you&rsquo;ll have:</p> <ul> <li>A VPC across three availability zones in one region</li> <li>Six vSwitches (one public + one private per zone) with non-overlapping CIDRs</li> <li>A NAT Gateway with EIP for private-subnet outbound to LLM APIs</li> <li>Three security groups stacked by tier (ALB → agent runtime → memory)</li> <li>Three KMS customer master keys, one per data domain (memory, secrets, logs)</li> <li>A clean module interface: <code>name + CIDR + zones</code> in, IDs out</li> <li>Drift detection in CI, semver-pinned module references, and a per-line cost model</li> </ul> <hr> <h2 id="the-mental-model" class="heading-anchor">The mental model<a href="#the-mental-model" class="heading-link" aria-label="Permalink to this section" title="Copy link to this section">#</a> </h2><p>Before code, the picture:</p>Cloud Computing (5): Cloud Network Architecture and SDNhttps://www.chenk.top/en/cloud-computing/networking-sdn/Tue, 18 Apr 2023 09:00:00 +0000https://www.chenk.top/en/cloud-computing/networking-sdn/<p><figure class="article-figure"> <img src="https://blog-pic-ck.oss-cn-beijing.aliyuncs.com/posts/en/cloud-computing/networking-sdn/illustration_1.png" alt="Cloud Computing (5): Cloud Network Architecture and SDN — Chapter overview" loading="lazy" decoding="async" class="content-image"> </figure> </p> <p>A cloud platform is essentially a network with attached computers. The compute layer scales by adding servers; the storage layer scales by adding disks; the <em>network</em> layer integrates these into a single, coherent system. Get the network right, and the rest of the stack feels effortless. Get it wrong — a missing route, a 5-tuple mismatch in a security group, or an under-provisioned load balancer — and the whole platform goes dark.</p>