TechOps Examples
Hey — It's Govardhana MK 👋
Welcome to another technical edition.
Every Tuesday – You’ll receive a free edition with a byte-size use case, remote job opportunities, top news, tools, and articles.
Every Thursday and Saturday – You’ll receive a special edition with a deep dive use case, remote job opportunities and articles.
Top engineers at Anthropic and OpenAI say AI now writes 100% of their code.
If you're not using AI, you're spending 40 hours doing what they do in 4.
These 100+ Claude Code hacks fix that and help you ship 10x faster.
Sign up for The Code and get:
100+ Claude Code hacks used by top engineers — free
The Code newsletter — learn the latest AI tools, tips, and skills to code faster with AI in 5 minutes a day
🛠 TOOL OF THE DAY
leonidas - Automated Attack Simulation in the Cloud, complete with detection use cases.
🧠 USE CASE
AWS VPC Network Segmentation Break Down
Creating a VPC with default settings is very convenient, and every cloud engineer has likely gone through that straightforward UI based form filling VPC setup process.
However, the default VPC settings, with no proper network segmentation, can lead to potential security risks and inefficiencies in network design.
Can’t believe? Here’s what a default VPC setting brings in:
Route table includes
0.0.0.0/0to internet gateway, which means unrestricted outbound traffic.Default subnets assign public IPs to instances, which means easy external access to instances.
CIDR block
172.31.0.0/16is predictable, which means attackers can map the network.No private subnets by default, which means sensitive workloads lack isolation.
Internet gateway is pre attached, which means instances are internet accessible by default.
Network ACLs allow broad access, which means limited control over traffic filtering.
Well, this is just a quick snapshot of the devastating impact.
Every cloud engineer should read through and understand the 'Default VPC Components' and 'Default Subnets' guide - this knowledge can make or break your career and the infra you build.
Having said that, here’s what you can do:
You may already understand you shouldn’t use default VPC settings and while defining your VPC adhere to:
Public Subnets:
Use for internet-facing resources like Application Load Balancers (ALBs).
Attach an Internet Gateway for internet connectivity.
Private Subnets:
Use for internal resources like application servers and databases.
Configure NAT Gateway to allow secure outbound internet access for updates and patches.
Restrict database access to only specific Security Groups (e.g., application server SG).
Security Groups Hygiene (to prevent attacks) :
❌ Never allow unrestricted access (e.g., 0.0.0.0/0) except where absolutely required, like ALBs.
✔️ Open only necessary ports, such as port 443 for HTTPS or specific database ports.
✔️ Always create custom rules with least privilege configurations.
✔️ Combine Security Groups with Network ACLs for better control of traffic at the subnet level.
With this network segmentation guidance, you’re less likely to be compromised.
Check out these guides to sharpen your VPC design knowledge:
VPC Security Best Practices
Learn how to secure your VPC using AWS best practices.
Working with Subnets
Detailed guide on configuring and managing VPC subnets effectively.
VPC Routing
Learn how to configure route tables to manage traffic within your VPC.
You may even like:
Looking to promote your company, product, service, or event to 49,000+ Cloud Native Professionals? Let's work together.
