>_
Marketplace

aws-vpc-design

Design and implement production-grade VPC architectures

$ Installer

git clone https://github.com/pluginagentmarketplace/custom-plugin-aws /tmp/custom-plugin-aws && cp -r /tmp/custom-plugin-aws/skills/aws-vpc-design ~/.claude/skills/custom-plugin-aws

// tip: Run this command in your terminal to install the skill

SKILL.md
View on GitHub →

name: aws-vpc-design description: Design and implement production-grade VPC architectures sasmp_version: "1.3.0" bonded_agent: 04-aws-networking bond_type: PRIMARY_BOND

AWS VPC Design Skill

Create secure, scalable VPC architectures with proper segmentation.

Quick Reference

AttributeValue
AWS ServiceVPC
ComplexityMedium-High
Est. Time15-30 min
PrerequisitesCIDR planning

Parameters

Required

ParameterTypeDescriptionValidation
vpc_cidrstringVPC CIDR blockValid CIDR /16-/28
availability_zonesintNumber of AZs1-6
regionstringAWS regionValid region

Optional

ParameterTypeDefaultDescription
enable_natbooltrueNAT Gateway for private subnets
enable_vpnboolfalseVPN Gateway
enable_flow_logsbooltrueVPC Flow Logs
subnet_strategystringtieredtiered, flat, or custom

VPC Architecture Pattern

VPC: 10.0.0.0/16
│
├── Public Subnets (Internet-facing)
│   ├── 10.0.1.0/24 (AZ-a) - ALB, NAT Gateway
│   ├── 10.0.2.0/24 (AZ-b) - ALB, NAT Gateway
│   └── 10.0.3.0/24 (AZ-c) - ALB, NAT Gateway
│
├── Private Subnets (Application tier)
│   ├── 10.0.11.0/24 (AZ-a) - EC2, ECS, Lambda
│   ├── 10.0.12.0/24 (AZ-b) - EC2, ECS, Lambda
│   └── 10.0.13.0/24 (AZ-c) - EC2, ECS, Lambda
│
└── Database Subnets (Data tier)
    ├── 10.0.21.0/24 (AZ-a) - RDS, ElastiCache
    ├── 10.0.22.0/24 (AZ-b) - RDS, ElastiCache
    └── 10.0.23.0/24 (AZ-c) - RDS, ElastiCache

Implementation

Create VPC

# Create VPC
VPC_ID=$(aws ec2 create-vpc \
  --cidr-block 10.0.0.0/16 \
  --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=prod-vpc}]' \
  --query 'Vpc.VpcId' --output text)

# Enable DNS
aws ec2 modify-vpc-attribute --vpc-id $VPC_ID --enable-dns-hostnames
aws ec2 modify-vpc-attribute --vpc-id $VPC_ID --enable-dns-support

Create Subnets

# Public subnet
aws ec2 create-subnet \
  --vpc-id $VPC_ID \
  --cidr-block 10.0.1.0/24 \
  --availability-zone us-east-1a \
  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=public-1a}]'

# Private subnet
aws ec2 create-subnet \
  --vpc-id $VPC_ID \
  --cidr-block 10.0.11.0/24 \
  --availability-zone us-east-1a \
  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=private-1a}]'

Internet & NAT Gateway

# Internet Gateway
IGW_ID=$(aws ec2 create-internet-gateway --query 'InternetGateway.InternetGatewayId' --output text)
aws ec2 attach-internet-gateway --internet-gateway-id $IGW_ID --vpc-id $VPC_ID

# NAT Gateway (in public subnet)
EIP_ID=$(aws ec2 allocate-address --domain vpc --query 'AllocationId' --output text)
NAT_ID=$(aws ec2 create-nat-gateway \
  --subnet-id $PUBLIC_SUBNET_ID \
  --allocation-id $EIP_ID \
  --query 'NatGateway.NatGatewayId' --output text)

Route Tables

Public Route Table

# Route to Internet Gateway
aws ec2 create-route \
  --route-table-id $PUBLIC_RT_ID \
  --destination-cidr-block 0.0.0.0/0 \
  --gateway-id $IGW_ID

Private Route Table

# Route to NAT Gateway
aws ec2 create-route \
  --route-table-id $PRIVATE_RT_ID \
  --destination-cidr-block 0.0.0.0/0 \
  --nat-gateway-id $NAT_ID

Troubleshooting

Common Issues

SymptomCauseSolution
No internet (public)Missing IGW routeAdd 0.0.0.0/0 → IGW
No internet (private)Missing NAT routeAdd 0.0.0.0/0 → NAT
Cross-VPC failurePeering route missingAdd peer CIDR route
DNS not resolvingDNS disabledEnable DNS hostnames

Debug Checklist

  • VPC has IGW attached?
  • Public subnets route to IGW?
  • NAT Gateway in public subnet?
  • Private subnets route to NAT?
  • Security groups allow traffic?
  • NACLs not blocking?
  • DNS resolution enabled?

Connectivity Test

# From EC2 in private subnet
curl -I https://aws.amazon.com  # Tests NAT/internet
nslookup amazonaws.com           # Tests DNS
telnet rds-endpoint 3306         # Tests internal

Security Best Practices

  1. Subnet Isolation: Separate public/private/data tiers
  2. Least Privilege NACLs: Explicit allow rules only
  3. VPC Flow Logs: Enable for security analysis
  4. No Public IPs: Private subnets by default
  5. VPC Endpoints: Use for AWS services

Test Template

def test_vpc_creation():
    # Arrange
    cidr = "10.99.0.0/16"

    # Act
    vpc = ec2.create_vpc(CidrBlock=cidr)
    vpc_id = vpc['Vpc']['VpcId']

    # Assert
    assert vpc['Vpc']['CidrBlock'] == cidr
    assert vpc['Vpc']['State'] == 'available'

    # Cleanup
    ec2.delete_vpc(VpcId=vpc_id)

Assets

  • assets/vpc-diagram.yaml - VPC architecture diagram

References

Repository

pluginagentmarketplace
pluginagentmarketplace
Author
pluginagentmarketplace/custom-plugin-aws/skills/aws-vpc-design
1
Stars
0
Forks
Updated1d ago
Added1w ago

Actions

View on GitHubDownload ZIPReport Issue

Related Skills

skill-writer
pytorch/pytorch
95.4k
add-uint-support
pytorch/pytorch
95.4k
skill-creator
openai/codex
54.7k
Command Development
anthropics/claude-code
47.9k
Plugin Structure
anthropics/claude-code
47.9k