Design VPC, IP plan, management, storage, SSO

Q: Design VPC, IP plan, management, storage, SSO

This is a System Design interview question from Amazon for Software Engineer roles. View the full question and solution on PracHub.

Q: How do I approach System Design interview questions?

System Design questions require understanding of core concepts and practice. PracHub provides solutions with explanations to help you master system design interviews.

Question

System Design: Multi‑Layer VPC, IP Planning for 2,000 Servers, Fleet Management, Shared Storage, and SSO

Context

Design a production‑grade, multi‑AZ network and platform foundation in a major public cloud that uses VPC constructs (subnets, route tables, security groups). The environment will host a mixed Linux/Windows fleet (~2,000 servers) and multiple services requiring shared file storage and single sign‑on.

Requirements

Network segmentation and routing
- Segment networks into public, private (application), and management layers.
- Define subnets, route tables, internet/NAT gateways, and inter‑tier routing.
- Enforce security with security groups and (optionally) network ACLs.
CIDR and IP planning for 2,000 servers
- Plan VPC and subnet CIDR blocks across at least 3 Availability Zones.
- Estimate required IPs (include per‑subnet reserved addresses) and future growth.
Centralized fleet management (Linux and Windows)
- Propose tools/processes for configuration management, patching, access control, and inventory.
Shared storage for concurrent access
- Recommend a solution (e.g., NFS/EFS, SMB/FSx variants) and compare performance, consistency, and cost.
Single sign‑on (SSO)
- Design SSO so users authenticate once to access multiple services.
- Include identity provider choice, trust relationships, and token/assertion flows.

Design VPC, IP plan, management, storage, SSO

System Design: Multi‑Layer VPC, IP Planning for 2,000 Servers, Fleet Management, Shared Storage, and SSO

Context

Requirements

Solution (Locked)

Comments (0)