sawrus/areas/software/platform/skills/networking
areas/software/platform/skills/networking/SKILL.md
# Skill: Cloud Networking ## When to load When designing VPC topology, configuring security groups, setting up NAT, or reviewing network architecture. ## VPC Design (3-tier) ``` VPC (10.0.0.0/16) ├── Public subnets (10.0.1.0/24, 10.0.2.0/24) ← ALB, NAT Gateway ├── Private subnets (10.0.10.0/24, 10.0.11.0/24) ← App servers, K8s nodes └── Isolated subnets (10.0.20.0/24, 10.0.21.0/24) ← RDS, ElastiCache ``` ## Security Group Rules (Default-Deny) ```hcl # App tier: only accepts traffic from
$ install --global
skillsauthnpx skillsauth add sawrus/agent-guides areas/software/platform/skills/networkingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 4:32 AM47.8s1 file scanned
SKILL.md
Skill: Cloud Networking
When to load
When designing VPC topology, configuring security groups, setting up NAT, or reviewing network architecture.
VPC Design (3-tier)
VPC (10.0.0.0/16)
├── Public subnets (10.0.1.0/24, 10.0.2.0/24) ← ALB, NAT Gateway
├── Private subnets (10.0.10.0/24, 10.0.11.0/24) ← App servers, K8s nodes
└── Isolated subnets (10.0.20.0/24, 10.0.21.0/24) ← RDS, ElastiCache
Security Group Rules (Default-Deny)
# App tier: only accepts traffic from ALB security group
resource "aws_security_group_rule" "app_from_alb" {
type = "ingress"
from_port = 8080
to_port = 8080
protocol = "tcp"
source_security_group_id = aws_security_group.alb.id
security_group_id = aws_security_group.app.id
}
# DB tier: only accepts traffic from app security group
resource "aws_security_group_rule" "db_from_app" {
type = "ingress"
from_port = 5432
to_port = 5432
protocol = "tcp"
source_security_group_id = aws_security_group.app.id
security_group_id = aws_security_group.db.id
}
Cost Optimization
- Use VPC Endpoints for S3/DynamoDB to avoid NAT Gateway costs
- NAT Gateway: one per AZ in production (not one shared)
- Transit Gateway for multi-VPC connectivity (cheaper than VPC peering at scale)
Related Skills
sawrus/qa_expert
testing
VerifiedTrustedCommunity
QA Expert for writing E2E tests, test scenarios, test plans, and ensuring test coverage quality.
12SKILL.mdUpdated Apr 18, 2026
sawrus/design_expert
development
VerifiedTrustedCommunity
Expert UI/UX design intelligence for creating distinctive, high-craft, and mobile-first interfaces. Focuses on premium aesthetics, touch-first ergonomics, and Flutter performance.
12SKILL.mdUpdated Apr 18, 2026
sawrus/code_review_expert
development
VerifiedTrustedCommunity
Code Review Expert for static analysis, security auditing, architecture review, and ensuring code quality standards.
12SKILL.mdUpdated Apr 18, 2026
sawrus/babysit-pr
development
VerifiedTrustedCommunity
Babysit a GitHub pull request after creation by continuously polling review comments, CI checks/workflow runs, and mergeability state until the PR is merged/closed or user help is required. Diagnose failures, retry likely flaky failures up to 3 times, auto-fix/push branch-related issues when appropriate, and keep watching open PRs so fresh review feedback is surfaced promptly. Use when the user asks Codex to monitor a PR, watch CI, handle review comments, or keep an eye on failures and feedback on an open PR.
12SKILL.mdUpdated Apr 18, 2026