feat(vpc): first use case draft

Author: RoRoJ

network/vpc/reference-content/use-case-basic.mdx

@@ -27,11 +27,11 @@ The architecture diagram below shows the infrastructure for this use-case.
 
 This is a basic infrastructure to leverage VPC isolation:
 
-- Instances are hosting the application without having their own public/flexible IP addresses.
-- Managed Database is accessed by the Instances over the Private Network only, with no exposure to the public internet.
-- Load Balancer distributes user traffic to the Instances over the Private Network
-- Administrators can access the Instances via the Public Gateway
-- External services are accessed by the Instances via the Public Gateway
+- [Instances](/compute/instances/concepts/#instance) are hosting the application without having their own [public/flexible IP addresses](/compute/instances/concepts/#flexible-ip).
+- [Managed Database](/managed-databases/postgresql-and-mysql/concepts/#managed-database) is accessed by the Instances over the Private Network only, with no exposure to the public internet.
+- [Load Balancer](/network/load-balancer/concepts/) distributes user traffic to the Instances over the Private Network.
+- Administrators can access the Instances via the [Public Gateway](/network/public-gateways/concepts/#public-gateway).
+- External services are accessed by the Instances via the Public Gateway.
 
 ## Detail
 
@@ -55,6 +55,10 @@ External services like Transactional Email, Serverless, and NATS, Queues, Topics
 
 The Public Gateway, with its public IP address, allows controlled access between the public internet and the VPC. Features such as SSH bastion allow selected administrators with the correct credentials to connect to resources within the VPC, and static NAT and/or advertisement of a default route provides the ability to direct traffic through the gateway to and from the resources within.
 
+### Cost control
+
+Creating Scaleway resources without their own public IP addresses saves money, as these addresses are a billed resource, while the creation, configuration and assignment of IP addresses from a Private Network is free of charge. 
+
 ## Applications
 
 This kind of infrastructure is appropriate for many applications, including but not limited to:
@@ -64,9 +68,29 @@ This kind of infrastructure is appropriate for many applications, including but
 
 ## Tutorial
 
-Follow the steps below to create this infrastructure using the Scaleway console:
-
-
+Follow the steps below to create this infrastructure using the [Scaleway console](https://console.scaleway.com/organization):
+
+1. [Create a VPC](/network/vpc/how-to/create-vpc/) (or use the [default VPC](/network/vpc/how-to/create-vpc/#how-to-identify-your-default-vpcs) pre-created for each Scaleway Project in the appropriate [region](/network/vpc/concepts/#region-and-availability-zone)).
+2. [Create a Private Network](/network/vpc/how-to/create-private-network/) inside the VPC. You can either let Scaleway create the network with an auto-generate subnet, which will provide the private IP addresses for attached resources, or specify a self-defined subnet.
+3. [Create a Public Gateway](/network/public-gateways/how-to/create-a-public-gateway/) (TODO should it advertize the default route?) and [attach it to the Private Network](/network/public-gateways/how-to/configure-a-public-gateway/#how-to-attach-a-public-gateway-to-a-private-network).
+4. [Set up SSH bastion](/network/public-gateways/how-to/use-ssh-bastion/) on the Public Gateway, to allow administrator access.
+5. [Create a Managed Database](/managed-databases/postgresql-and-mysql/how-to/create-a-database/)
+6. [Detach the Managed Database's public endpoint](/managed-databases/postgresql-and-mysql/how-to/remove-public-endpoint/) [QUESTION - NECESSARY?] and [attach it to the Private Network](/managed-databases/postgresql-and-mysql/how-to/connect-database-private-network/) you created in step 2.
+7. Create and configure external services as required, e.g. [Object Storage](/storage/object/quickstart/), [Transactional Email](/managed-services/transactional-email/quickstart/) and [Secret Manager](/identity-and-access-management/secret-manager/quickstart/).
+8. [Create your Instances](/compute/instances/how-to/create-an-instance/), using the configuration best-suited to your application. Do not assign public IPv4 or IPv6 addresses to the Instances. Add Block Storage volumes as required (or you can create and attach these [later](/storage/block/quickstart/).)
+    <Message type="tip">
+    If you are creating several Instances with the exact same configuration running the exact same template, consider creating just one Instance, configuring and installing it to communicate with the other resources inside and outside the VPC as required, then [creating an image](/compute/instances/how-to/create-a-backup/) of this Instance and creating the remaining Instances [using this image](/compute/instances/how-to/create-a-backup/#how-to-create-or-restore-an-instance-from-an-image).
+    </Message>
+9. [Attach each Instance to the Private Network](/compute/instances/how-to/use-private-networks/#how-to-attach-instances-to-an-existing-private-network) you created at step 2. Either let Scaleway automatically choose an IP from the Private Network's subnet for each Instance, or used [reserved IPs](s/network/ipam/how-to/reserve-ip/) to specify the IP for each Instance on the network.
+10. [Create a Load Balancer](/network/load-balancer/how-to/create-load-balancer/), ensuring you assign a public (flexible) IP address. Do not yet create the frontends and backends.
+11. [Attach the Load Balancer to the Private Network](/network/load-balancer/how-to/use-with-private-network/#how-to-attach-a-private-network-to-your-load-balancer). As before, you can use an auto-selected IP, or a specific reserved IP from the subnet.
+12. [Create a frontend and backend for the Load Balancer](/network/load-balancer/how-to/create-frontends-backends/). Choose the most appropriate configuration for your purpose and application, following advice and tips in the linked documentation. When configuring the Load Balancer's backend servers, enter the private IP addresses of the Instances on the Private Network.
+13. [Create your domain](/network/domains-and-dns/how-to/register-internal-domain/) and [add a DNS record](/network/domains-and-dns/how-to/manage-dns-records/#how-to-add-dns-records) (e.g. an A record) to point it to the public IP of your Load Balancer. While instructions show how to do this with Scaleway's **Domains and DNS** product, you can also use an external domain and configure it with another provider.
 
 ## Terraform
 
+A Terraform template for this architecture is provided in full on our [Terraform Scaleway Provider pages](TODO-LINK). Terraform allows you to create Infrastructure as Code (IaC) to build, configure and manage your infrastructure with configuration files, rather than with the Scaleway console. The following snippet shows an extract of the configuration file:
+
+```
+SNIPPET
+```