Explain VPC vs Subnet vs Security Group.

Example

For a web app:

• VPC: 10.0.0.0/16
• Public Subnet: ALB (load balancer)
• Private Subnets: EC2 + RDS
• Security Group: Allow ALB → EC2 (443), EC2 → RDS (3306)

Want to master these concepts for interviews?

Explore:

• Grokking System Design Fundamentals
• Grokking the Coding Interview
• Mock Interviews with ex-FAANG engineers

Why Is It Important

Clear separation improves security, scalability, and cost control. These are core questions in system design and cloud interviews.

Interview Tips

• Define VPC → Subnet → SG in order.
• Mention stateful SGs vs stateless NACLs.
• Walk through an end-to-end request path.

Trade-offs

• More subnets and SGs = granular control but harder management.
• Simpler setups = easier but risk exposure or IP exhaustion.

Pitfalls

• Allowing 0.0.0.0/0 for SSH/RDP.
• Leaving egress wide open.
• Forgetting route tables/NAT for private subnets.