cloudemu

Networking

VPCs, subnets, security groups, peering — drive with the real SDK

Networking

Emulates virtual network primitives: VPC (AWS, served by the EC2 query handler), VNet (Azure), VPC + Firewalls (GCP).

ProviderServiceSDK-compatDriver
AWSVPC, Subnets, SGs, IGW, RT, NAT, Peering, Flow Logs, ACLs✓ Liveaws.VPC
AzureVirtual Network✓ Liveazure.VNet
GCPVPC, Subnetworks, Firewalls, Routes✓ Livegcp.VPC
import (
    "github.com/aws/aws-sdk-go-v2/service/ec2"
    "github.com/stackshy/cloudemu"
    awsserver "github.com/stackshy/cloudemu/server/aws"
)

cloud := cloudemu.NewAWS()
ts := httptest.NewServer(awsserver.New(awsserver.Drivers{
    EC2: cloud.EC2, VPC: cloud.VPC,
}))

client := ec2.NewFromConfig(cfg, func(o *ec2.Options) {
    o.BaseEndpoint = aws.String(ts.URL)
})

vpc, _ := client.CreateVpc(ctx, &ec2.CreateVpcInput{
    CidrBlock: aws.String("10.0.0.0/16"),
})

client.CreateSubnet(ctx, &ec2.CreateSubnetInput{
    VpcId: vpc.Vpc.VpcId, CidrBlock: aws.String("10.0.1.0/24"),
})

client.CreateSecurityGroup(ctx, &ec2.CreateSecurityGroupInput{
    VpcId: vpc.Vpc.VpcId, GroupName: aws.String("web-sg"),
    Description: aws.String("Web traffic"),
})

Azure (armnetwork.NewVirtualNetworksClient) and GCP (gcpcompute.NewNetworksRESTClient) follow the same endpoint-only-changes pattern — see SDK-Compat Server.

Operations supported via SDK-compat

AWS (via EC2 handler): VPCs, Subnets, Security Groups + ingress/egress rules, Internet Gateways, Route Tables + Routes, NAT Gateways, VPC Peering Connections, Flow Logs, Network ACLs.

Azure VNet: Virtual networks + subnets CRUD via ARM.

GCP: Networks, Subnetworks, Firewalls, Routes via REST with LRO envelopes.

Topology engine — bonus feature

Once your network is built, the topology engine can answer real connectivity questions on top of the same drivers:

import "github.com/stackshy/cloudemu/topology"

topo := topology.New(cloud.EC2, cloud.VPC, cloud.Route53)
result, _ := topo.CanConnect(ctx, topology.ConnectivityQuery{
    SourceInstance: "i-00000001", DestIP: "10.0.2.5", Port: 443, Protocol: "tcp",
})
fmt.Println(result.Allowed, result.BlockedBy)

This walks VPC peering, security groups, route tables, and network ACLs the same way real cloud reachability tools do.

Alternative: Portable Go API

import netdriver "github.com/stackshy/cloudemu/networking/driver"

vpc, _ := aws.VPC.CreateVPC(ctx, netdriver.VPCConfig{CIDRBlock: "10.0.0.0/16"})
subnet, _ := aws.VPC.CreateSubnet(ctx, netdriver.SubnetConfig{
    VPCID: vpc.ID, CIDRBlock: "10.0.1.0/24",
})

Serverless

Functions-as-a-service — drive Lambda / Azure Functions / Cloud Functions with the real SDK

Monitoring

Metrics, alarms, time series — drive with the real CloudWatch / Azure Monitor / Cloud Monitoring SDK

On this page

NetworkingUse the real SDK (recommended)Operations supported via SDK-compatTopology engine — bonus featureAlternative: Portable Go API