The VPC network design is based on experience, best practices, and the Standardized Architecture for PCI DSS on AWS VPC. These posts are helpful and contain some good VPC network suggestions:
The BoltOps VPC Network design is based on some of those suggestions, and we can customize it to fit the specific needs of customers.
Here is a diagram of an example VPC Network design:
We recommend setting up private and public subnets to allow for better security controls at the network level. A bastion host is created to provide a single access and audit point. The VPC design should contain a minimum of 2 AZs ensure high availability.
One VPC design will not work for all customers, and we can customize the VPC to fit your needs. For example, some customers require the network entirely to be private and only allow access from their own physical data center into the AWS Cloud Network. Other may want to have MFA for SSH access. We are happy to customize the network design to meet your needs and make it a perfect fit.
VPC Network design contains a lot of pieces, and it's hard to achieve a consistent implementation across multiple AZs when setting it up manually. This video tutorial provides an introduction to the manual steps required to set up a simple VPC network:
BoltOps codifies the VPC setup whenever possible to ensure that the foundation laid down is a reliable and consistent starting point.