Networking
Simfra simulates AWS networking using Docker. Each VPC becomes a Docker bridge network, the Docker host represents the public internet, and services are either publicly accessible (ports published to the host) or VPC-only (reachable only from containers on the same network).
When SIMFRA_DOCKER=true, creating a VPC in Simfra creates a corresponding Docker bridge network. Containers launched by services like RDS, ELBv2, Lambda, and ECS are attached to their VPC's Docker network, giving them layer-3 connectivity to other containers in the same VPC - just like EC2 instances in a real AWS VPC.
How It Maps
| AWS Concept | Simfra Implementation |
|---|---|
| VPC | Docker bridge network (simfra-vpc-{accountID}-{region}-{vpcID}) |
| Public internet | Docker host (127.0.0.1) |
| Internet-facing resource | Container with host port published |
| Private resource | Container on VPC network only, no host ports |
| VPC DNS (CIDR+2) | DNS container at CIDR+2 on each VPC network |
| Route53 hosted zones | Resolved by per-account DNS container |
| Service DNS names | Registered automatically (ALB, RDS, ElastiCache, etc.) |
Pages
- VPC Isolation - how VPC network isolation works and which services are public vs. private
- Accessing Public Services - reach internet-facing resources from your host
- Accessing Private Services - reach VPC-only resources via port forwarding, embedded browser, or CloudShell
- CA Trust Setup - import the Simfra root CA for HTTPS trust
- Host DNS Setup - optional DNS configuration for resolving
*.simfra.devfrom your host - DNS Resolution - how DNS works inside Simfra containers