<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="3.10.0">Jekyll</generator><link href="/feed.xml" rel="self" type="application/atom+xml" /><link href="/" rel="alternate" type="text/html" /><updated>2026-07-05T11:14:33+03:00</updated><id>/feed.xml</id><title type="html">kiariealexn.github.io</title><author><name>Alex Kiarie</name></author><entry><title type="html">Building a Two-Tier VPC on AWS: Public/Private Subnets, NAT Gateway, and a Bastion Host</title><link href="/networking/cloud/ccna/Building-a-Two-Tier-VPC-on-AWS/" rel="alternate" type="text/html" title="Building a Two-Tier VPC on AWS: Public/Private Subnets, NAT Gateway, and a Bastion Host" /><published>2026-07-04T00:00:00+03:00</published><updated>2026-07-04T00:00:00+03:00</updated><id>/networking/cloud/ccna/Building-a%20-Two-Tier-VPC-on-AWS</id><content type="html" xml:base="/networking/cloud/ccna/Building-a-Two-Tier-VPC-on-AWS/"><![CDATA[<h2 id="why-i-built-this">Why I Built This</h2>

<p>I’m currently working through CCNA Course 3 (ENSA), and a lot of it - subnetting, default routes, NAT - reads fine on paper but doesn’t fully click until you’ve watched it actually move traffic. With $100 in AWS credits sitting unused, I decided to rebuild the classic “public subnet / private subnet” enterprise pattern from scratch in the AWS Console, rather than using a one-click VPC wizard, specifically so I’d have to reason through every routing decision myself.</p>

<p>The result: a small, fully functional two-tier network that mirrors what you’d find behind most production web applications - a public-facing server, a private backend server with zero direct internet exposure, and a bastion-host pattern for reaching it.</p>

<h2 id="the-architecture">The Architecture</h2>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>                Internet
                    |
             [Internet Gateway]
                    |
        ┌───────────┴───────────┐
        │      lab-vpc (10.0.0.0/16)
        │
        │  public-subnet (10.0.1.0/24)
        │  ├── public-server (EC2, public IP)
        │  └── NAT Gateway (Elastic IP)
        │
        │  private-subnet (10.0.2.0/24)
        │  └── private-server (EC2, no public IP)
        │
        └───────────────────────┘
</code></pre></div></div>

<ul>
  <li><strong>public-subnet</strong> routes <code class="language-plaintext highlighter-rouge">0.0.0.0/0</code> → Internet Gateway</li>
  <li><strong>private-subnet</strong> routes <code class="language-plaintext highlighter-rouge">0.0.0.0/0</code> → NAT Gateway (which itself lives in the public subnet)</li>
</ul>

<p>That distinction - NAT Gateway physically sitting in the public subnet while serving the private one - was the first thing that didn’t fully make sense until I’d actually wired it up.</p>

<h2 id="build-steps">Build Steps</h2>

<p><strong>1. VPC and subnetting</strong>
Created a <code class="language-plaintext highlighter-rouge">/16</code> VPC and carved out two <code class="language-plaintext highlighter-rouge">/24</code> subnets in the same AZ - one public, one private. Straightforward CIDR math, but a useful reminder that “public” and “private” in AWS aren’t inherent properties of a subnet - they’re just a consequence of which route table gets attached to them.</p>

<p><strong>2. Internet Gateway + route table</strong>
Attached an IGW to the VPC, then created a route table with a default route (<code class="language-plaintext highlighter-rouge">0.0.0.0/0</code> → IGW) and associated it with the public subnet only. This is the AWS equivalent of a default route pointing at your ISP’s next hop - the private subnet, using a <em>different</em> route table with no such route, is effectively unreachable from and to the internet by default.</p>

<p><strong>3. Public EC2 instance</strong>
Launched an Amazon Linux instance into the public subnet. The security group here is doing the actual firewall work: it allows inbound SSH (port 22) with the source locked to my own IP address rather than <code class="language-plaintext highlighter-rouge">0.0.0.0/0</code> - no reason to expose SSH to the entire internet for a lab box, and connected via PuTTY.</p>

<p><strong>4. NAT Gateway + private route table</strong>
This is the core of the lab. Created a NAT Gateway (with its own Elastic IP) inside the public subnet, then built a second route table for the private subnet pointing <code class="language-plaintext highlighter-rouge">0.0.0.0/0</code> at the NAT Gateway instead of the IGW.</p>

<p><strong>5. Private EC2 instance + bastion access</strong>
Launched a second instance into the private subnet with <strong>no public IP assigned at all</strong>. Its security group only allows inbound SSH from the public subnet’s CIDR range (<code class="language-plaintext highlighter-rouge">10.0.1.0/24</code>) - not from my laptop’s IP, and not from the internet at large. That single rule is what actually enforces the “unreachable except through the bastion” behavior; without it, having no public IP alone wouldn’t be enough of a guarantee inside a more complex network.</p>

<p>Since there’s no public IP, PuTTY on my laptop can’t reach it directly - I had to hop through the public server first, the classic bastion/jump-host pattern:</p>

<ol>
  <li>Loaded <code class="language-plaintext highlighter-rouge">lab-key.ppk</code> into <strong>Pageant</strong> (PuTTY’s SSH agent) on my laptop</li>
  <li>On the PuTTY session config for the <em>public</em> server, enabled <strong>“Allow agent forwarding”</strong> under Connection → SSH → Auth</li>
  <li>Connected to the public server as usual</li>
  <li>From inside that session, ran <code class="language-plaintext highlighter-rouge">ssh ec2-user@&lt;10.0.2.1&gt;</code> - and because Pageant was forwarding my key through the connection, it authenticated without the private key ever having to exist as a file on the public server</li>
</ol>

<p>That last point matters: the private key never touches the bastion’s disk. If the public server were ever compromised, there’s no key sitting on it for an attacker to steal and reuse.</p>

<h2 id="the-payoff-moment">The Payoff Moment</h2>

<p>Running <code class="language-plaintext highlighter-rouge">curl ifconfig.me</code> from each box told the whole story:</p>

<ul>
  <li>From the <strong>public server</strong>: returned the instance’s own public IP</li>
  <li>From the <strong>private server</strong>: returned the <strong>NAT Gateway’s Elastic IP</strong> instead</li>
</ul>

<p>The private instance has full outbound internet access - it could update packages, hit an external API, whatever - but nothing on the internet could have opened a connection <em>to</em> it. That’s the exact pattern behind why databases and internal services sit in private subnets in real deployments: outbound access without inbound exposure.</p>

<h2 id="cost-management">Cost Management</h2>

<p>NAT Gateway is the one resource in this build that actually costs money - roughly $0.045/hour plus data processing, whether or not traffic is flowing - so I tore it down and released its Elastic IP immediately after testing, keeping the whole exercise under $1.</p>

<h2 id="where-this-connects">Where This Connects</h2>

<p>Subnetting and default routing are core CCNA Course material - just expressed here in AWS instead of Packet Tracer. NAT itself is actually Course 3 (ENSA) territory, so this lab ended up previewing a concept slightly ahead of where my coursework currently sits, which was a useful head start. It’s also a reminder that the instincts you build doing audit and controls work - tracing exactly what can access what, and why - mapped directly onto network security design. A security group is, in the end, just an access control matrix.</p>

<p>Next step: automating this build with the AWS CLI or Terraform, so the same topology can be spun up and torn down in seconds instead of clicking through the console.</p>]]></content><author><name>Alex Kiarie</name></author><category term="networking" /><category term="cloud" /><category term="ccna" /><category term="aws" /><category term="vpc" /><category term="nat-gateway" /><category term="networking" /><category term="ccna" /><summary type="html"><![CDATA[Why I Built This]]></summary></entry><entry><title type="html">Building a Depreciation Calculator: A Journey from Finance to Code</title><link href="/projects/finance/web-development/building-depreciation-calculator/" rel="alternate" type="text/html" title="Building a Depreciation Calculator: A Journey from Finance to Code" /><published>2026-01-08T00:00:00+03:00</published><updated>2026-01-08T00:00:00+03:00</updated><id>/projects/finance/web-development/building-depreciation-calculator</id><content type="html" xml:base="/projects/finance/web-development/building-depreciation-calculator/"><![CDATA[<h2 id="building-my-depreciation-calculator-a-journey-from-finance-to-code">Building My Depreciation Calculator: A Journey from Finance to Code</h2>
<h3 id="how-i-combined-my-cpa-studies-with-web-development-to-create-a-practical-portfolio-project">How I combined my CPA studies with web development to create a practical portfolio project.</h3>

<p>Hello! If you’ve been following my journey, you know I’m transitioning from a background in economics and finance into the world of software development. To bridge these two worlds, I decided to build something that speaks to both: a Depreciation Calculator.
This project wasn’t just about writing code; it was about making the accounting concepts I’m studying for my CPA exam tangible and interactive.
<!--more--></p>

<h2 id="why-a-depreciation-calculator">Why a Depreciation Calculator?</h2>

<p>As a CPA candidate, depreciation methods (Straight-Line, Declining Balance, etc.) are fundamental. As an aspiring developer, I wanted to build a clean, useful web app. This calculator was the perfect fusion as it reinforced my finance knowledge while forcing me to apply new HTML, CSS, and JavaScript skills to solve a real problem.
<!--more--></p>
<h2 id="the-collaboration-learning-with-ai">The Collaboration: Learning with AI</h2>

<p>I didn’t build this alone. As a novice, I collaborated extensively with AI assistants, <code class="language-plaintext highlighter-rouge">Claude</code> and <code class="language-plaintext highlighter-rouge">DeepSeek</code>, to guide the process. They acted as my technical mentors, helping me:</p>

<ul>
  <li>
    <p>Structure the project from scratch.</p>
  </li>
  <li>
    <p>Debug JavaScript logic for accurate financial formulas.</p>
  </li>
  <li>
    <p>Understand Git and GitHub, which was a major initial hurdle.
<!--more--></p>
    <h2 id="the-git-of-it-all-a-newbies-hurdle">The “Git” of It All: A Newbie’s Hurdle</h2>
  </li>
</ul>

<p>Speaking of hurdles, my biggest challenge wasn’t the code—it was version control. As a GitHub novice, I found the process of commits, pushes, and branches confusing. At one point, I even encountered a cryptic error about “Git LFS” that stopped me in my tracks!
With patient guidance, I learned to navigate these waters. Figuring out how to successfully deploy the project to GitHub Pages and see it live on the web for the first time was an incredibly satisfying “aha!” moment. It transformed the project from files on my computer into a real, shareable application.
<!--more--></p>
<h2 id="what-does-it-do">What Does It Do?</h2>

<p>The calculator allows you to input an asset’s cost, salvage value, and useful life. With a click, it generates a year-by-year depreciation schedule using the Straight-Line method (with more methods coming soon!). It presents the data in a clear table and will soon feature charts for visualization. It’s clean, responsive, and, most importantly, accurate to accounting standards.
<!--more--></p>
<h2 id="whats-next">What’s Next?</h2>

<p>This is just Phase 1. I’m currently working on Phase 2, which will add the Declining Balance and Sum-of-the-Years-Digits methods. Future plans include interactive charts and export functionality.
<!--more--></p>
<h2 id="key-takeaway">Key Takeaway</h2>

<p>This project taught me that the best way to learn is to build. It connected abstract coding syntax to a concrete outcome I care about. It also showed me the value of asking for help, whether from AI or the broader developer community.
Try the calculator for yourself and see the code:
<a href="https://kiariealexn.github.io/depreciation-calculator/">Live Depreciation Calculator</a>
View the Code on <a href="https://github.com/kiariealexn/depreciation-calculator">GitHub</a>
<!--more-->
—
I’d love to hear your thoughts or feedback. What concepts from your field would you like to see turned into an app?</p>]]></content><author><name>Alex Kiarie</name></author><category term="projects" /><category term="finance" /><category term="web-development" /><category term="web-development" /><category term="accounting" /><category term="portfolio" /><category term="CPA" /><category term="learning-in-public" /><summary type="html"><![CDATA[How I combined my accounting knowledge with web development skills to build a professional depreciation calculator - my second portfolio project.]]></summary></entry><entry><title type="html">Building at the Intersection of Finance &amp;amp; Technology</title><link href="/career/personal/first-post/" rel="alternate" type="text/html" title="Building at the Intersection of Finance &amp;amp; Technology" /><published>2025-12-23T00:00:00+03:00</published><updated>2025-12-23T00:00:00+03:00</updated><id>/career/personal/first-post</id><content type="html" xml:base="/career/personal/first-post/"><![CDATA[<p>If you’d told me a few years ago that I’d be writing code and building websites, I probably would have laughed. I was neck-deep in economics textbooks, CPA study materials, and financial audits. Yet here I am, with a portfolio site and a growing passion for software development. So, what changed?
Welcome to my blog. I’m Alex Kiarie, someone who sees the structured logic of finance and the dynamic innovation of technology not as separate worlds, but as two essential sides of modern problem-solving.
<!--more--></p>

<h2 id="the-economics-graduate-who-loved-tech">The Economics Graduate Who Loved Tech</h2>
<p>I graduated from the Technical University of Kenya with a degree in Economics. On paper, I was headed for a career in finance - and for a while, that’s exactly where I went. I worked on internal audits at the Kenya Revenue Authority, dove into CPA certifications, and even spent time in sales at JTL KE.
But there was always something else pulling at me: <code class="language-plaintext highlighter-rouge">technology</code>.
My path hasn’t been a linear switch from one field to another. Instead, it’s been a parallel build: deepening my expertise in accounting and financial systems through my CPA studies, while simultaneously expanding my technical toolkit with certifications in AWS Cloud, CCNA networking, and Ethical Hacking. This blog is where these tracks converge. It’s a space for exploring how core principles from one discipline can inform and elevate practical builds in the other.
<!--more--></p>

<p>You can expect content focused on applied knowledge—turning theory into tools. This means translating financial concepts into clean, functional software, breaking down the architecture of fintech solutions, and sharing the hands-on journey of building with purpose.
A perfect example of this intersection in action is a project I’ve just deployed: a professional <a href="https://kiariealexn.github.io/depreciation-calculator/">Depreciation Calculator</a>.  <br />
<!--more--></p>

<h2 id="-why-this-convergence-matters">🎯 Why This Convergence Matters</h2>
<p>The future of finance is unequivocally tech-enabled. Whether in fintech, automated accounting, or advanced data analysis, the professionals who will lead are those fluent in both the language of business logic and the language of technical implementation.
I’m committed to building projects that bridge this gap—creating tools that solve real financial and operational challenges with modern, accessible technology.
<!--more--></p>

<h2 id="whats-next">What’s Next?</h2>
<p>My plan is simple: build things, break things, learn from both. I’m documenting my journey here - the wins, the struggles, the “why won’t this code work” moments at 2 AM.
I’m particularly interested in exploring:</p>
<ul>
  <li>Web development fundamentals</li>
  <li>Cloud technologies (building on my AWS knowledge)</li>
  <li>Cybersecurity principles in software design</li>
  <li>How finance and fintech intersect with development.</li>
</ul>

<p>This blog will document that journey—the process, the hurdles, and the insights.</p>

<p>If you’re a finance professional curious about technology, a developer interested in the “why” behind fintech, or on a similar path of synthesis, I invite you to follow along. Let’s connect and build something insightful.
<!--more-->
 -<code class="language-plaintext highlighter-rouge"> Alex </code></p>]]></content><author><name>Alex Kiarie</name></author><category term="career" /><category term="personal" /><category term="fintech" /><category term="cpa" /><category term="web-development" /><category term="accounting" /><category term="journey" /><summary type="html"><![CDATA[Building at the Intersection of Finance & Technology]]></summary></entry></feed>