Docs
IaaS
Networking
VPCs

Virtual Private Clouds (VPCs) in Thalassa Cloud

A Virtual Private Cloud (VPC) is an isolated, software-defined network environment that allows users to deploy and manage cloud resources securely. In Thalassa Cloud, VPCs provide private networking, subnet management, routing, and firewalling, ensuring network segmentation and security for workloads.

VPCs enable users to:

  • Segment workloads across different network spaces for better security and isolation.
  • Define custom IP ranges using CIDR blocks.
  • Manage subnets within a region and availability zone.
  • Control traffic flow with customizable routing and security rules.

This guide explains VPC concepts, capabilities, and API interactions in Thalassa Cloud.

VPC Capabilities

Network Isolation

Each VPC is a logically isolated network, meaning resources deployed within it cannot communicate with external networks unless explicitly allowed. This is useful for multi-tier applications, security zoning, and regulatory compliance.

Custom IP Addressing

Users define CIDR ranges for a VPC, controlling the private IP address space. This ensures compatibility with existing on-premise or cloud network architectures.

Subnet Management

A VPC can contain multiple subnets, each within a specific region and availability zone. Subnets allow further segmentation of workloads and define where virtual machines (VMs) and other resources are deployed.

Routing and Internet Connectivity

VPCs can be configured with custom route tables, allowing traffic to flow between subnets, other VPCs, or external networks. Default and custom NAT Gateways or Load Balancers can be used to route outbound and inbound traffic.

Security and Access Control

Network security is enforced through firewall rules, access control lists (ACLs), and security groups to control inbound and outbound traffic at the subnet or instance level.

VPC API

Thalassa Cloud provides a RESTful API to manage VPCs programmatically.

Listing VPCs

Retrieve all VPCs in a project:

GET /api/v1/vpcs

Creating a VPC

To create a VPC, users must specify a name, region, and CIDR block:

{
  "name": "production-network",
  "description": "Primary VPC for production workloads",
  "labels": {"environment": "production"},
  "cloudRegionIdentity": "nl-1",
  "vpcCidrs": ["10.0.0.0/16"],
  "subnets": []
}

This creates a VPC with a 10.0.0.0/16 CIDR range in the nl-1 region.

Updating a VPC

To modify a VPC’s attributes:

PUT /api/v1/vpcs/{identity}

Users can update name, description, labels, CIDR blocks, and route tables.

Deleting a VPC

VPCs can be deleted when no active subnets or resources are associated with them:

DELETE /api/v1/vpcs/{identity}

Subnets in a VPC

A subnet is a smaller network segment within a VPC, allowing users to organize and allocate IP addresses to workloads. Each subnet exists within a specific availability zone, ensuring high availability and redundancy across zones.

Creating a Subnet

Subnets require a CIDR block and must be within an existing VPC and availability zone.

{
  "name": "backend-subnet",
  "description": "Subnet for backend services",
  "vpcIdentity": "vpc-12345",
  "cidr": "10.0.1.0/24",
  "zone": "nl-1a"
}

This creates a subnet inside the production-network VPC with a 10.0.1.0/24 range in zone nl-1a.

Routing and Connectivity

Subnets within the same VPC can communicate by default unless restricted by firewall rules or network policies. Custom route tables can be applied for inter-VPC communication or external access.

Summary

VPCs in Thalassa Cloud enable users to create secure, isolated cloud networks with custom IP ranges, subnets, and routing controls.

Key Takeaways:

  • Isolated private networking for workloads.
  • Custom CIDR blocks and subnets for flexible IP management.
  • Security controls with firewall rules and routing policies.
  • API-driven VPC and subnet management for automation.

By leveraging Thalassa Cloud VPCs, users can build secure and scalable cloud architectures tailored to their workloads.

Subnets