Cloud Girl Logs — Week 2: VPC, Security Groups, NACLs & Linux Shell Expansion
Week 2 done. This week felt heavier than week 1 — VPC on the AWS side took the most time, and shell expansion on the Linux side was more interesting than I expected.
AWS Side
VPC — Virtual Private Cloud
VPC is your own private, isolated network inside AWS. Everything you launch — EC2 instances, databases, anything — lives inside a VPC. Think of it as your own data center, but in the cloud.
When you create an AWS account, a default VPC already exists in every region. You can use it, but for real projects you always create a custom one.
Key components:
Subnets — divide your VPC into smaller networks. Public subnet = internet accessible, private subnet = internal only
Internet Gateway — connects your VPC to the internet. Without this, nothing inside your VPC can reach the outside world, no matter how the rest is configured
Route Tables — rules that decide where network traffic goes. Every subnet is associated with a route table, and this is usually the missing piece when something "should be reachable" but isn't
Security Groups
Security groups are stateful firewalls attached at the instance level. Stateful means if inbound traffic is allowed, the response automatically goes out — no separate outbound rule needed.
Key things:
Only allow rules exist, no deny rules
Attached to instances (or other resources), not subnets
Changes take effect immediately
Default security group allows all outbound, blocks all inbound
Inbound rule example:
Type: SSH | Protocol: TCP | Port: 22 | Source: My IP
NACLs — Network Access Control Lists
NACLs operate at the subnet level, not the instance level. Unlike security groups, they're stateless — both inbound AND outbound rules need to be explicitly defined.
They also support deny rules, which security groups don't have.
| Security Group | NACL | |
|---|---|---|
| Level | Instance | Subnet |
| State | Stateful | Stateless |
| Deny rules | No | Yes |
| Rule evaluation | All rules | In order by number |
Rule number order matters in NACLs — lower number gets evaluated first, and once a match is found, evaluation stops there.
IP Addressing in AWS
Private IP — assigned automatically, stays fixed within the VPC even after stop/start
Public IP — assigned on launch if enabled, but changes every time the instance is stopped and started
Elastic IP — a static public IP reserved separately and attached to an instance. Doesn't change. Free while attached to a running instance, costs money when idle — so release it when not in use
CIDR notation controls how many IPs are in a subnet. /24 gives 256 addresses, /16 gives 65,536.
Linux Side
Shell Expansion
Shell expansion is what happens before a command actually runs — the shell processes and transforms parts of the command first. Understanding this makes the terminal feel a lot less mysterious.
Control Operators
These control how multiple commands run together:
command1 ; command2 # run both, regardless of outcome
command1 && command2 # run command2 only if command1 succeeds
command1 || command2 # run command2 only if command1 fails
command & # run command in background
&& shows up constantly in real scripts — install something, then only configure it if the install actually succeeded.
Shell Variables
NAME="Ziya" # define variable
echo $NAME # use variable
export NAME # make it available to child processes
env # see all environment variables
unset NAME # delete variable
Important built-in ones:
$HOME— your home directory$PATH— where the shell looks for commands$USER— current username$PWD— current directory
Shell Embedding (Command Substitution)
Run a command inside another command — the output gets used inline:
echo "Today is $(date)"
echo "You are logged in as $(whoami)"
FILES=$(ls /etc) # store command output in a variable
The $() syntax is preferred over the older backtick style — cleaner and nestable.
For Loops
for i in 1 2 3 4 5;
do
echo "Number $i"
done
Loop through files:
for file in /etc/*.conf;
do
echo "$file"
done
C-style loop:
for ((i=1; i<=5; i++));
do
echo $i
done
Loops matter for automation — creating multiple users, processing files in bulk, anything repetitive.
File Globbing
Globbing is pattern matching for filenames, expanded by the shell before the command runs:
* matches anything
? matches exactly one character
[abc] matches a, b, or c
[a-z] matches any lowercase letter
[!abc] matches anything except a, b, or c
Examples:
ls *.txt # all .txt files
ls file?.log # file1.log, file2.log etc
ls [Rr]eadme* # Readme or readme, anything after
rm temp[0-9].log # temp1.log through temp9.log
What's next?
On my third week, I will be diving deep into:
AWS: Route53, Auto Scaling Group, Target Group, Bastion Host, SSH
Linux: I/O Redirection, Filters in Linux, bundle/find/compress data, Regex, VI Editor
Full notes on GitHub: https://github.com/anousheh-hussain/cloud-devops-notes
