aws-cloudformation-vpc

# AWS CloudFormation VPC Infrastructure ## Overview Build a VPC foundation with CloudFormation that stays readable, reusable, and safe to evolve. Provides a clear subnet and routing model with predictable connectivity for public and private workloads, plus outputs that downstream stacks can consume without duplicating network logic. Use the `references/` files for larger templates and extended service combinations. ## When to Use - Creating a new VPC stack for an application or shared platform - Adding public and private subnets across one or more Availability Zones - Wiring internet access, NAT egress, or private endpoints - Exporting VPC, subnet, route table, and security-group-adjacent identifiers for other stacks - Preparing reusable infrastructure for ECS, EKS, Lambda, EC2, or RDS stacks ## Instructions ### 1. Start with the address plan Before writing resources, define: - VPC CIDR range - Number of Availability Zones - Public, private, and isolated subnet ranges - Which workloads need internet ingress, NAT egress, or only private AWS service access This prevents route-table sprawl and painful subnet replacement later. ### 2. Build the core network resources in layers Create the stack in this order: 1. VPC and subnets 2. Internet Gateway for public ingress and egress 3. NAT gateways if private subnets need outbound internet access 4. Route tables and subnet associations 5. Optional VPC endpoints for private access to AWS services Keep each layer easy to inspe...