Cloud Networking & Storage — Cloud Certifications

The startup that got a $47,000 bill

A developer at a startup spun up a test database on AWS. He chose the wrong storage class — provisioned IOPS SSD instead of general purpose. He forgot about it. Three weeks later, the AWS bill arrived: $47,000. For a test database nobody was using.

Cloud storage is cheap. Cloud storage you do not understand is very, very expensive.

This module is the "save yourself from a surprise bill" guide. You will learn how cloud networking and storage actually work — what the options are, when to use each one, and how to avoid the mistakes that cost real money.

100+storage and networking services across AWS, Azure, and GCP combined

30%of cloud spend is wasted on underused or misconfigured resources (Flexera, 2024)

11 9sS3 durability — your data has a higher chance of being hit by a meteor

Cloud networking: your private internet

When you deploy an application in the cloud, it needs a network — just like your home needs Wi-Fi. But in the cloud, you build the network yourself.

Virtual Private Cloud (VPC)

A VPC is your own private section of the cloud. Think of it as renting a floor in an office building — you share the building with other tenants, but your floor is completely private. You control who gets in, where the walls go, and how rooms connect.

Concept	What it is	Analogy
VPC	Your isolated network in the cloud	Your private floor in the building
Subnet	A section of your VPC	A room on your floor
Public subnet	A subnet accessible from the internet	A room with a window facing the street
Private subnet	A subnet NOT accessible from the internet	An interior room with no windows
Route table	Rules for where traffic goes	Hallway signs pointing to rooms
Internet Gateway	Connects your VPC to the internet	The front door of the building
NAT Gateway	Lets private subnets access the internet without being accessible from it	A one-way mirror — you can see out, nobody can see in

Step 1: Create a VPC with a CIDR block (your address range, e.g., 10.0.0.0/16 = 65,536 addresses)

Step 2: Create subnets — public ones for web servers, private ones for databases

Step 3: Attach an Internet Gateway for public internet access

Step 4: Configure route tables so traffic flows correctly

Step 5: Set up security groups (firewall rules per instance) and NACLs (firewall rules per subnet)

There Are No Dumb Questions

Why would I put anything in a private subnet?

Databases, internal APIs, and backend services should never be directly accessible from the internet. A private subnet means attackers cannot reach them even if they know the IP address. Your web server in the public subnet talks to the database in the private subnet — but the internet cannot.

What is a CIDR block?

It is a way of defining IP address ranges. 10.0.0.0/16 means "all addresses starting with 10.0" — that gives you 65,536 addresses. 10.0.1.0/24 means "all addresses starting with 10.0.1" — that gives you 256 addresses. The smaller the number after the slash, the bigger the network.

⚡

Design a VPC

25 XP

You are deploying a web application with a frontend, an API server, and a database. Design the network: 1. How many subnets do you need? Which are public, which are private? 2. Where does the frontend go? The API? The database? 3. What connects the frontend to the internet? 4. How does the API talk to the database if they are in different subnets? 5. Can the database access the internet? Should it?

Load balancers and CDNs

Load balancers distribute incoming traffic across multiple servers. If one server is overloaded or crashes, the load balancer sends traffic to the others. Like a restaurant host seating guests at different tables instead of cramming everyone at table 1.

CDNs (Content Delivery Networks) cache your content at edge locations around the world. A user in Tokyo gets your website from a server in Tokyo, not from Virginia. Faster load times, lower bandwidth costs.

Service	AWS	Azure	GCP
Load balancer	ALB / NLB	Azure Load Balancer	Cloud Load Balancing
CDN	CloudFront	Azure CDN	Cloud CDN
DNS	Route 53	Azure DNS	Cloud DNS

Cloud storage: where your data lives

Cloud storage comes in three flavors. Choosing the wrong one is how you get a $47,000 bill.

Object storage (S3 / Blob / GCS)

What it is: Store any file — images, videos, backups, logs — as objects in buckets. No folder hierarchy (it is faked with prefixes). Unlimited capacity.

When to use it: Static assets, backups, data lakes, website hosting, media files.

Key feature: Storage classes for cost optimization:

Storage class (AWS)	Use case	Cost per GB/month
S3 Standard	Frequently accessed data	~$0.023
S3 Infrequent Access	Data accessed less than once/month	~$0.0125
S3 Glacier	Long-term archive (retrieval takes hours)	~$0.004
S3 Glacier Deep Archive	Compliance archives (retrieval takes 12+ hours)	~$0.00099

🔑S3 durability

S3 is designed for 99.999999999% durability (eleven 9s). That means if you stored 10 million objects, you could expect to lose one every 10,000 years. Your data is safer in S3 than in a bank vault.

Block storage (EBS / Managed Disks)

What it is: Virtual hard drives that attach to virtual machines. Fast, consistent performance. Fixed size — you pay for the capacity you provision, not what you use.

When to use it: Operating system drives, databases, applications that need low-latency disk access.

The $47,000 mistake: Provisioned IOPS SSD (io1/io2) costs 10-50x more than general purpose (gp3). Only use provisioned IOPS for mission-critical databases that need guaranteed performance.

File storage (EFS / Azure Files / Filestore)

What it is: Shared file systems that multiple servers can access simultaneously. Like a shared network drive.

When to use it: Applications where multiple servers need to read/write the same files (content management, shared configurations).

⚡

Pick the right storage

25 XP

For each scenario, choose the best storage type and class: 1. 10 million product images for an e-commerce site 2. A PostgreSQL database for your main application 3. 5 years of financial records you must keep for compliance but rarely access 4. Log files that three different servers need to write to simultaneously 5. A machine learning training dataset of 500GB that you access weekly

Cost optimization: do not be the $47,000 guy

Right-size instances: Most cloud VMs run at 10-20% CPU utilization. Downsize them. Use monitoring tools to check actual usage.

Use reserved instances: If you know you will need a server for 1-3 years, reserved pricing saves 30-72% over on-demand.

Lifecycle policies: Automatically move old S3 objects to cheaper storage classes. After 30 days to Infrequent Access, after 90 days to Glacier.

Set billing alerts: ALWAYS set a budget alert. "Email me when spending exceeds $100/month." This prevents surprises.

Delete unused resources: Unattached EBS volumes, idle load balancers, orphaned snapshots — they all cost money silently.

⚠️The silent killers

The most expensive cloud mistakes are not the big services — they are the small ones you forget about. An unattached EBS volume costs $0.10/GB/month. A forgotten NAT Gateway costs $0.045/hour ($32/month). An idle Elastic IP costs $0.005/hour. Individually small. Collectively devastating.

⚡

Optimize this cloud bill

50 XP

Your company's monthly cloud bill is $8,500. Here is the breakdown: - EC2 instances: $4,200 (10 instances, all on-demand, avg 15% CPU utilization) - EBS storage: $1,800 (includes 500GB of provisioned IOPS SSD for a test database) - S3 storage: $600 (2TB of logs in Standard, never accessed after 7 days) - Data transfer: $900 (serving images from us-east-1 to users worldwide) - Other: $1,000 (3 idle load balancers, 5 unattached EBS volumes) Write a cost optimization plan. For each line item, suggest a specific change and estimate the savings.

Key takeaways

A VPC is your private network in the cloud — public subnets face the internet, private subnets do not
Security groups and NACLs are your cloud firewalls — control what traffic goes where
Object storage (S3) is for files, block storage (EBS) is for disks, file storage (EFS) is for sharing
S3 storage classes save money: Standard for frequent access, Glacier for archives
Load balancers distribute traffic, CDNs speed up delivery worldwide
Set billing alerts, right-size instances, delete unused resources — 30% of cloud spend is waste
The $47,000 bill happened because nobody understood storage types. Now you do.

Knowledge Check

1.What is the purpose of putting a database in a private subnet?

2.You have 2TB of log files in S3 Standard that are never accessed after 7 days. What should you do?

3.What is a NAT Gateway used for?

4.Why is 30% of cloud spending considered waste?

The startup that got a $47,000 bill

Cloud storage is cheap. Cloud storage you do not understand is very, very expensive.

100+storage and networking services across AWS, Azure, and GCP combined

30%of cloud spend is wasted on underused or misconfigured resources (Flexera, 2024)

11 9sS3 durability — your data has a higher chance of being hit by a meteor

Cloud networking: your private internet

When you deploy an application in the cloud, it needs a network — just like your home needs Wi-Fi. But in the cloud, you build the network yourself.

Virtual Private Cloud (VPC)

Concept	What it is	Analogy
VPC	Your isolated network in the cloud	Your private floor in the building
Subnet	A section of your VPC	A room on your floor
Public subnet	A subnet accessible from the internet	A room with a window facing the street
Private subnet	A subnet NOT accessible from the internet	An interior room with no windows
Route table	Rules for where traffic goes	Hallway signs pointing to rooms
Internet Gateway	Connects your VPC to the internet	The front door of the building
NAT Gateway	Lets private subnets access the internet without being accessible from it	A one-way mirror — you can see out, nobody can see in

Step 1: Create a VPC with a CIDR block (your address range, e.g., 10.0.0.0/16 = 65,536 addresses)

Step 2: Create subnets — public ones for web servers, private ones for databases

Step 3: Attach an Internet Gateway for public internet access

Step 4: Configure route tables so traffic flows correctly

Step 5: Set up security groups (firewall rules per instance) and NACLs (firewall rules per subnet)

There Are No Dumb Questions

Why would I put anything in a private subnet?

Databases, internal APIs, and backend services should never be directly accessible from the internet. A private subnet means attackers cannot reach them even if they know the IP address. Your web server in the public subnet talks to the database in the private subnet — but the internet cannot.

What is a CIDR block?

It is a way of defining IP address ranges. 10.0.0.0/16 means "all addresses starting with 10.0" — that gives you 65,536 addresses. 10.0.1.0/24 means "all addresses starting with 10.0.1" — that gives you 256 addresses. The smaller the number after the slash, the bigger the network.

⚡

Design a VPC

25 XP

Load balancers and CDNs

Service	AWS	Azure	GCP
Load balancer	ALB / NLB	Azure Load Balancer	Cloud Load Balancing
CDN	CloudFront	Azure CDN	Cloud CDN
DNS	Route 53	Azure DNS	Cloud DNS

Cloud storage: where your data lives

Cloud storage comes in three flavors. Choosing the wrong one is how you get a $47,000 bill.

Object storage (S3 / Blob / GCS)

What it is: Store any file — images, videos, backups, logs — as objects in buckets. No folder hierarchy (it is faked with prefixes). Unlimited capacity.

When to use it: Static assets, backups, data lakes, website hosting, media files.

Key feature: Storage classes for cost optimization:

Storage class (AWS)	Use case	Cost per GB/month
S3 Standard	Frequently accessed data	~$0.023
S3 Infrequent Access	Data accessed less than once/month	~$0.0125
S3 Glacier	Long-term archive (retrieval takes hours)	~$0.004
S3 Glacier Deep Archive	Compliance archives (retrieval takes 12+ hours)	~$0.00099

🔑S3 durability

S3 is designed for 99.999999999% durability (eleven 9s). That means if you stored 10 million objects, you could expect to lose one every 10,000 years. Your data is safer in S3 than in a bank vault.

Block storage (EBS / Managed Disks)

What it is: Virtual hard drives that attach to virtual machines. Fast, consistent performance. Fixed size — you pay for the capacity you provision, not what you use.

When to use it: Operating system drives, databases, applications that need low-latency disk access.

The $47,000 mistake: Provisioned IOPS SSD (io1/io2) costs 10-50x more than general purpose (gp3). Only use provisioned IOPS for mission-critical databases that need guaranteed performance.

File storage (EFS / Azure Files / Filestore)

What it is: Shared file systems that multiple servers can access simultaneously. Like a shared network drive.

When to use it: Applications where multiple servers need to read/write the same files (content management, shared configurations).

⚡

Pick the right storage

25 XP

Cost optimization: do not be the $47,000 guy

Right-size instances: Most cloud VMs run at 10-20% CPU utilization. Downsize them. Use monitoring tools to check actual usage.

Use reserved instances: If you know you will need a server for 1-3 years, reserved pricing saves 30-72% over on-demand.

Lifecycle policies: Automatically move old S3 objects to cheaper storage classes. After 30 days to Infrequent Access, after 90 days to Glacier.

Set billing alerts: ALWAYS set a budget alert. "Email me when spending exceeds $100/month." This prevents surprises.

Delete unused resources: Unattached EBS volumes, idle load balancers, orphaned snapshots — they all cost money silently.

⚠️The silent killers

⚡

Optimize this cloud bill

50 XP

Key takeaways

A VPC is your private network in the cloud — public subnets face the internet, private subnets do not
Security groups and NACLs are your cloud firewalls — control what traffic goes where
Object storage (S3) is for files, block storage (EBS) is for disks, file storage (EFS) is for sharing
S3 storage classes save money: Standard for frequent access, Glacier for archives
Load balancers distribute traffic, CDNs speed up delivery worldwide
Set billing alerts, right-size instances, delete unused resources — 30% of cloud spend is waste
The $47,000 bill happened because nobody understood storage types. Now you do.

Knowledge Check

1.What is the purpose of putting a database in a private subnet?

2.You have 2TB of log files in S3 Standard that are never accessed after 7 days. What should you do?

3.What is a NAT Gateway used for?

4.Why is 30% of cloud spending considered waste?