Docs

Behavior & Limits

Guarantees, limits, and platform notes for Alien Network.

Guarantees

Generated infrastructure resource. Network is generated from StackSettings.network when required. It is not declared directly in alien.ts.

Frozen lifecycle. Network is infrastructure. It is owned by setup/admin configuration, not by live application code.

BYO means no ownership transfer. In BYO modes, Alien references and validates existing network infrastructure. It does not create or delete the VPC/VNet.

Network type is immutable. Changing from one mode to another, such as create to byo-vpc-aws, is rejected as an invalid update.

Limits

LimitValueNotes
Direct alien.ts builderNoneConfigure through deployment stack settings.
Default created CIDR/16Generated from stack/network ID when cidr is omitted.
AWS created subnets/20 per subnetPublic and private ranges are carved from the VPC CIDR.
Azure created subnetsCIDR split into public/private halvesThe controller derives public and private subnet CIDRs from the selected VNet CIDR.
Update mode changesNot allowedReplace the deployment network instead.
BYO egressCustomer-managedAlien does not create NAT/proxy/VPN resources in BYO modes.

Platform Notes

AWS

  • create creates a VPC, subnets, route tables, Internet Gateway, NAT Gateway, and security group.
  • If cidr is omitted, Alien searches for an available /16, preferring 100.64.0.0/10, then 172.16.0.0/12, then 10.0.0.0/8.
  • use-default discovers the account default VPC and public subnets.
  • byo-vpc-aws stores the provided VPC, subnet, and security group references.

GCP

  • create creates a custom VPC network, regional subnetwork, Cloud Router, Cloud NAT, and firewall rule.
  • If cidr is omitted, Alien generates a deterministic /16 in the 100.64.0.0/10 range.
  • use-default uses the project's default network and regional subnet.
  • byo-vpc-gcp stores the provided network, subnet, and region references.

Azure

  • Azure has no provider default VNet. use-default creates VNet infrastructure rather than attaching to a cloud default.
  • create creates a VNet, public and private subnets, NAT Gateway, Public IP, and Network Security Group.
  • If cidr is omitted, Alien generates a deterministic /16 in the 100.64.0.0/10 range.
  • byo-vnet-azure stores the provided VNet resource ID and subnet names.

Kubernetes / On-Prem

Network is provided by the cluster operator. Alien does not create VPC/VNet infrastructure for Kubernetes deployments.

Local

Local deployments use local host/container networking. No cloud network resource is created.

Design Decisions

Network is configured outside alien.ts. The same application code can be deployed into different customer network topologies without changing the stack manifest.

create is the production default. It gives Alien ownership of the network it needs to create, update, and delete. BYO modes are for customers with existing network controls.

BYO modes keep responsibility with the customer. Alien does not silently add NAT, routing, firewall, or peering rules to a customer-managed network.

API Reference

StackSettings.network modes and fields for Alien Network.

Pricing

Cost model for Alien Network resources.

On this page

GuaranteesLimitsPlatform NotesAWSGCPAzureKubernetes / On-PremDesign Decisions