|
| 1 | +# Zonal HPC Network Architecture |
| 2 | + |
| 3 | +This sample CloudFormation template demonstrates a multi-zone network architecture for HPC workloads following NIST 800-223 guidelines. |
| 4 | + |
| 5 | +> **⚠️ Important**: This is a sample template intended for learning and development purposes. Additional security controls, monitoring, and operational considerations would be needed for production use. |
| 6 | +
|
| 7 | +The template demonstrates how to create a VPC with dedicated subnets for compute, access, management, and storage workloads. It showcases automatic detection of HPC-compatible AZs, configurable internet access patterns, and optional deployment of backup AZs. |
| 8 | + |
| 9 | +## Usage |
| 10 | + |
| 11 | +Download the [assets/network-cfn.yaml](assets/network-cfn.yaml) file and upload it to the [AWS CloudFormation console](https://console.aws.amazon.com/cloudformation). Then, proceed with creating a stack. |
| 12 | + |
| 13 | +The template is is pre-configured with sensible defaults. |
| 14 | + |
| 15 | +For networking, the IP ranges are: |
| 16 | +- VPC CIDR: 10.0.0.0/16 |
| 17 | +- Compute: 10.0.0.0/21 (larger allocation for compute resources) |
| 18 | +- Access: 10.0.8.0/24 |
| 19 | +- Management: 10.0.9.0/24 |
| 20 | +- Storage: 10.0.10.0/24 |
| 21 | +- Transit: 10.0.11.0/24 (when transit mode is enabled) |
| 22 | + |
| 23 | +For external connectivitly, it defaults to direct internet acess via the "access" subnets. It can also implement the transit VPC pattern, or configure no internet connectivity. |
| 24 | + |
| 25 | +For redundancy, it defaults to creating backup subnets in another AZ. |
| 26 | + |
| 27 | +On the topic of AZs, by default the template attempts to select the AZ that has HPC* instances. If you are using a region without HPC instances or you wish to manually specify the AZ, you can provide a value for `AvailabilityZoneID`. The backup AZ is also automatically selected, unless you specify it with `AvailabilityZoneBackupID`. |
| 28 | + |
| 29 | +## Importing into other CloudFormation Stacks |
| 30 | + |
| 31 | +The template export key network identifiers, so you can use them in other stacks: |
| 32 | + |
| 33 | +- VPC ID |
| 34 | +- Primary subnet IDs (Compute, Access, Management, Storage, Transit) |
| 35 | +- Backup subnet IDs (when enabled) |
| 36 | + |
| 37 | +All outputs include export names following the convention: `${AWS::StackName}-[ResourceType]Id` |
| 38 | + |
| 39 | +## Cost Estimate |
| 40 | + |
| 41 | +* VPC and Subnets - No Charge |
| 42 | +* Internet Gateway - No charge, but you pay a small amount for traffic passing out of the VPC. |
| 43 | +* NAT Gateway - There is a region-specific hourly cost for the NAT gatway, plus a charge for data sent through the gateway. |
| 44 | + |
| 45 | +See [AWS VPC pricing](https://aws.amazon.com/vpc/pricing/) for details. |
| 46 | + |
| 47 | +## Production considerations |
| 48 | + |
| 49 | +This sample template provides a starting point for understanding HPC networking on AWS while following security best practices. For production use, you would need to consider: |
| 50 | +- Security group configurations |
| 51 | +- Network ACL rules |
| 52 | +- Monitoring and logging |
| 53 | +- Backup and recovery procedures |
| 54 | +- Cost optimization |
| 55 | +- Compliance requirements beyond basic network zoning |
| 56 | +- Resource tagging strategy |
| 57 | +- Encryption requirements |
| 58 | + |
| 59 | +## Cleaning Up |
| 60 | + |
| 61 | +When you are done using this networking configuration, you can delete it by navigating to the AWS CloudFormation console and deleting the relevant stack. If you have enabled termination protection, you will need to disable it first. |
0 commit comments