Before Lab 2.1 — Public, Internal and Private Services
25/05/2026About 1 min
Before Lab 2.1 — Public, Internal and Private Services
In Lab 2.1, you will map the exposure of every component in the Day 2 environment.
The core concept is reachability — not every service should be reachable from the public internet.
Four zones of exposure
| Zone | Description | Example |
|---|---|---|
| Public | Reachable from anywhere on the internet | Frontend, public API |
| Semi-public | Reachable from the internet, but restricted | API with IP allowlist or auth |
| Internal | Should only be reachable within the cloud environment | Internal service, microservice |
| Private | Not reachable from the internet at all | Database, secret store |
Cloud services are public by default. Naming a service "internal" or "backend" does not make it private — only explicit configuration does.
The Day 2 starting architecture
The top two components are expected to be public. The bottom two are problems.
Starting Resources
Things have changed, as we now have a number of additional resources, when it's time each one will be explained.

What to look for in Lab 2.1
Lab 2.1 checklist
Lab focus
In Lab 2.1, do not fix anything yet.
Your goal is to observe, document and explain.