What cloud providers does this skill cover?

This skill provides detailed network architecture review guidance for AWS (VPC, Transit Gateway, Direct Connect), Microsoft Azure (VNet, ExpressRoute, Front Door), and Google Cloud Platform (VPC, Cloud Interconnect, Cloud CDN). It also covers multi-cloud networking patterns and hybrid connectivity scenarios.

Do I need to provide a network diagram?

A diagram is helpful but not required. You can describe your network architecture in text format, including CIDR ranges, subnet layout, connectivity between components, and traffic flow patterns. The skill will ask clarifying questions to build a complete picture of your architecture before reviewing it.

Does this cover Kubernetes networking?

Yes. The skill reviews container networking including CNI plugin selection, service mesh configuration, network policies, ingress controller architecture, and pod-to-pod communication patterns. For deep Kubernetes troubleshooting, pair this with the Kubernetes Troubleshooter skill.

Can this help with network cost optimization?

Absolutely. Network costs are one of the largest and most surprising cloud bills. This skill identifies common cost traps like excessive NAT gateway data processing charges, cross-AZ data transfer fees, unnecessary public IP allocations, and suboptimal endpoint routing. It recommends alternatives that reduce costs while maintaining security.

Network Architecture Reviewer

PRO

Advanced 45 min Verified 4.8/5

Review network architecture for security, performance, and scalability. Covers VPC design, firewall rules, load balancing, DNS, hybrid connectivity, and multi-cloud networking patterns.

Last updated: February 28, 2026

Example Usage

I’m a senior infrastructure engineer at a fintech company. We’re running a payment processing platform on AWS with the following setup: a single VPC in us-east-1 with 3 public subnets hosting ALBs and NAT gateways, 3 private subnets for ECS Fargate services, and 3 isolated subnets for RDS Aurora PostgreSQL. We also have a site-to-site VPN to our on-premises data center for legacy system integration. We’re planning to expand to eu-west-1 for GDPR compliance and need to review our entire network architecture before the expansion. Our traffic is about 50K requests/minute during peak with seasonal spikes of 3x. We need PCI-DSS compliance and are considering adding a WAF layer.

Skill Prompt

Pro Skill

Unlock this skill template and 1226+ more with Pro

This skill works best when copied from findskill.ai — it includes variables and formatting that may not transfer correctly elsewhere.

Build Real AI Skills

Step-by-step courses with quizzes and certificates for your resume

AI Fundamentals

7 lessons · Free

Start Free

Prompt Engineering

7 lessons · Free

Start Free

How to Use This Skill

Copy the skill using the button above

Paste into your AI assistant (Claude, ChatGPT, etc.)

Fill in your inputs below (optional) and copy to include with your prompt

Send and start chatting with your AI

Suggested Customization

Description	Default	Your Value
Description of your current network architecture or diagram	`AWS VPC with public and private subnets across 2 AZs`
Primary cloud provider for the network review	`AWS`
Specific network requirements or constraints	`High availability, low latency, PCI-DSS compliant`
Compliance frameworks that affect network design	`PCI-DSS`
Expected traffic patterns and volumes	`Web application with 10K concurrent users, API traffic, batch data processing`

Overview

The Network Architecture Reviewer skill transforms any AI assistant into a senior network architect who can systematically review your cloud network design. It evaluates VPC/VNet configurations, subnet layouts, firewall rules, load balancing, DNS architecture, hybrid connectivity, and multi-cloud networking for security vulnerabilities, performance bottlenecks, redundancy gaps, scalability limits, and cost waste.

Whether you are designing a greenfield architecture, expanding to new regions, preparing for a compliance audit, or troubleshooting network performance, this skill provides a structured review framework with specific CLI commands, IaC templates, and actionable remediation steps for AWS, Azure, and GCP.

Step 1: Copy the Skill

Click the Copy Skill button above to copy the network architecture reviewer prompt to your clipboard.

Step 2: Open Your AI Assistant

Open Claude, ChatGPT, Gemini, or your preferred AI assistant.

Step 3: Paste and Describe Your Architecture

Paste the skill and then describe your network architecture. Include:

{{architecture_description}} - Your VPC/VNet layout, CIDR ranges, and subnet tiers
{{cloud_provider}} - Your primary cloud provider (AWS, Azure, GCP)
{{network_requirements}} - Availability, latency, compliance requirements
{{compliance_needs}} - PCI-DSS, HIPAA, SOC 2, FedRAMP, or other frameworks
{{traffic_patterns}} - Expected traffic volumes and patterns

Example Output

NETWORK ARCHITECTURE REVIEW REPORT
====================================
Organization: Acme Fintech
Date: 2026-02-23
Scope: AWS us-east-1, us-west-2 (Production)
Frameworks: PCI-DSS 4.0, SOC 2

EXECUTIVE SUMMARY
-----------------
Total findings: 14
Critical: 2 | High: 4 | Medium: 5 | Low: 3

CRITICAL FINDINGS:
1. [SEC] RDS Aurora cluster is publicly accessible (port 5432 open to 0.0.0.0/0)
2. [SEC] Single NAT Gateway serves all 3 AZs (single point of failure)

HIGH FINDINGS:
3. [PERF] No VPC endpoints for S3/ECR — NAT Gateway processing 2TB/month ($90/mo waste)
4. [REL] No multi-region failover configured despite 99.99% SLA requirement
5. [SEC] No WAF in front of public-facing ALB
6. [SEC] Outbound security groups allow all traffic to 0.0.0.0/0

RECOMMENDED ARCHITECTURE:
┌─────────────────────────────┐
│        CloudFront + WAF     │
└──────────┬──────────────────┘
           │
┌──────────┴──────────────────┐
│    ALB (3 AZs, internal)    │
└──────────┬──────────────────┘
           │
┌──────────┴──────────────────┐
│  ECS Fargate (Private Tier) │
│  3 AZs, Security Group: app │
└──────────┬──────────────────┘
           │
┌──────────┴──────────────────┐
│  Aurora PostgreSQL (Isolated)│
│  3 AZs, No internet access  │
└─────────────────────────────┘

Customization Tips

Single cloud focus: Specify your cloud provider to get provider-specific commands and services
Compliance-driven review: Mention your compliance framework (PCI-DSS, HIPAA) for targeted checks
Cost optimization focus: Ask specifically about cost optimization to get detailed savings calculations
Architecture diagram review: Paste ASCII diagrams, Terraform code, or describe your topology for targeted feedback

Best Practices

Run this review before deploying to production or expanding to new regions
Combine with the Cloud Security Auditor skill for a comprehensive security assessment
Re-run the review quarterly or after major architecture changes
Use the provided CLI commands to validate findings in your actual environment
Share the review report with your team for collaborative remediation planning

Cloud Security Auditor - Comprehensive cloud security audit with CIS benchmarks
AWS IAM Policy Writer - Generate least-privilege IAM policies
Kubernetes Troubleshooter - Diagnose cluster and networking issues
SSL/TLS Configuration Advisor - Configure TLS correctly across your infrastructure

Research Sources

This skill was built using research from these authoritative sources:

AWS VPC Documentation Official AWS documentation for Virtual Private Cloud design including subnets, route tables, gateways, peering, and Transit Gateway architecture
Azure Virtual Network Documentation Microsoft Azure networking fundamentals covering VNets, subnets, NSGs, Azure Firewall, ExpressRoute, and hub-spoke topologies
NIST SP 800-41 Rev. 1: Guidelines on Firewalls and Firewall Policy Federal guidelines on firewall technologies, firewall policy design, and network traffic filtering best practices
Google Cloud VPC Documentation GCP Virtual Private Cloud architecture including shared VPC, VPC peering, Cloud NAT, and Private Google Access
NIST SP 800-53 Rev. 5: Security and Privacy Controls (SC Family) System and Communications Protection controls including network segmentation, boundary protection, and cryptographic protections for data in transit