System Design

Architecture labs for networking, Kubernetes, and event-driven systems.

System Design

Architecture labs for networking, Kubernetes, and event-driven systems.

Network Admin: AWS Topology Lab

Explore how edge security, regional services, and multi-AZ VPC layers connect. Click a node or subnet to learn its role, scope, and interactions.

External

Global

Regional

VPC

Edge to database traffic

AWS Cloud

Managed boundary

Boundary

Global Services

Edge layer

Boundary

Regional Services

Region scope

Boundary

VPC

Regional boundary

VPC

AZ-a

Availability Zone

Boundary

AZ-b

Availability Zone

Boundary

Public Entry Subnet

AZ-a

Subnet

NACL

Public Entry Subnet

AZ-b

Subnet

NACL

Private Compute Subnet

AZ-a

Subnet

NACL

Private Compute Subnet

AZ-b

Subnet

NACL

Private Database Subnet

AZ-a

Subnet

NACL

Private Database Subnet

AZ-b

Subnet

NACL

Route 53 (Public Zone)

Global

Service

Public DNS hosted zone for internet-facing records.

Interactions

Answers external DNS queries with latency or geolocation routing.

Points to the CloudFront distribution as the primary entry point.

Notes

Public hosted zones are resolvable from the internet.

Common config: weighted/latency routing plus health checks for failover.

Best practice: enable DNSSEC and restrict zone changes with IAM.

Network Admin: AWS Topology Lab

Explore how edge security, regional services, and multi-AZ VPC layers connect. Click a node or subnet to learn its role, scope, and interactions.

External

Global

Regional

VPC

Edge to database traffic

AWS Cloud

Managed boundary

Boundary

Global Services

Edge layer

Boundary

Regional Services

Region scope

Boundary

VPC

Regional boundary

VPC

AZ-a

Availability Zone

Boundary

AZ-b

Availability Zone

Boundary

Public Entry Subnet

AZ-a

Subnet

NACL

Public Entry Subnet

AZ-b

Subnet

NACL

Private Compute Subnet

AZ-a

Subnet

NACL

Private Compute Subnet

AZ-b

Subnet

NACL

Private Database Subnet

AZ-a

Subnet

NACL

Private Database Subnet

AZ-b

Subnet

NACL

Route 53 (Public Zone)

Global

Service

Public DNS hosted zone for internet-facing records.

Interactions

Answers external DNS queries with latency or geolocation routing.

Points to the CloudFront distribution as the primary entry point.

Notes

Public hosted zones are resolvable from the internet.

Common config: weighted/latency routing plus health checks for failover.

Best practice: enable DNSSEC and restrict zone changes with IAM.