Critical guidance for working in Jemena's shared VPC networking model where core-network account (234268347951) owns VPCs, subnets, NAT gateways, Transit Gateway, and VPC endpoints shared to app-datahub accounts via AWS RAM. Prevents common mistakes like attempting to create/modify networking resources, investigating NAT gateways, or modifying security groups owned by Cloud team. Covers Databricks Private Link architecture (Backend vs Frontend), 3 DNS workarounds (AD forwarder flipping, endpoint conflicts, Zscaler CNAME), RDS metastore firewall requirements, and troubleshooting workspace access issues. Use when working with AWS networking, VPCs, subnets, security groups, Private Link, Route 53, DNS, or debugging connectivity issues in app-datahub-prod (339712836516) or app-datahub-nonprod (851725449831) accounts.