How a request actually travels through a cloud network — and everything around that journey: the VPC it lives in, the security groups that gate it, the load balancer that distributes it, the DNS that named it, the endpoints and gateways connecting worlds, and the logs that record it all. Every lesson has live diagrams you can poke — fire packets, break rules, watch things fail, then fix them.
Lessons 1–4 are the core request path; 5–9 widen out to the full landscape.
CIDR blocks, subnets, availability zones, route tables, and what actually makes a subnet "public." Includes a live CIDR sizer and a routable packet you can strand.
Build your own inbound rules, fire test packets at an instance, and see statefulness in action — then meet the NACL, the stateless cousin at the subnet edge.
Listeners, rules, target groups, and health checks. Route requests by path, take a target down, and watch the balancer quietly heal around it.
Trace one HTTPS request hop by hop through everything you've built, then debug three realistically broken setups. Capstone of the core path.
Step through the resolution chase from browser to authoritative zone, learn the records that matter (ALIAS!), and drive a routing-policy simulator: weighted, latency, and health-checked failover.
Wire up a peering connection route by route, crash into the transitivity wall, fix it with a Transit Gateway hub, and see why CIDR overlaps are forbidden. Plus VPN vs Direct Connect.
Call S3 and Secrets Manager without touching the internet — gateway vs interface endpoints, the NAT bill you stop paying, and how PrivateLink delivers entire SaaS products through a keyhole.
Play the cache hit/miss game across an ocean, trace exactly where TLS terminates (and where traffic runs cleartext), and block a SQL injection the security group never could.
Learn to read VPC Flow Logs, then solve three incidents by finding the one log line that explains each — including the case where the clue is a line that isn't there.
Terminology is AWS-flavored (VPC, SG, ALB), but the ideas map 1:1 to Azure (VNet, NSG, Application Gateway) and GCP (VPC, firewall rules, HTTP LB).