Day 22 of 100 Days

Day 22 of 100 Days of AWS Public vs. Private Subnets.

Welcome to Day 22! Our VPC is our fenced-in property in the cloud, which we have constructed. At this point, we have to partition that property into rational parts to use it in various ways (i.e. a public facing part and a secure part). These areas are referred to as Subnets.

---

The Question

You are launching an EC2 instance that must be directly reachable from the internet (e.g., to host a public website). In which type of subnet must you place this instance?

---

The Correct Answer

The correct answer is (A) A Public Subnet.

Why It Is Right: The Path of a Subnet to the Internet.

This is one of the major concepts: the type of subnet (public or private) is not a setting of the subnet. It is wholly characterized by its Route Table.

Subnet: This is a sub-range of the IP addresses of your VPC. It resides within a single Availability Zone and on which you start resources such as EC2 instances.

Internet Gateway (IGW): This is explained as the front door of your VPC which allows it to be connected to the public internet.

Route Table: This is a collection of instructions on where the network traffic under your subnet should go.

A subnet is a Public Subnet, when the Route Table that is associated with the subnet contains a route (a "rule"), which directs the internet-bound traffic (0.0.0.0/0) to the Internet Gateway.

This implies that any resource within that subnet which has a public IP address is accessible to the internet, and it can also source out to the internet. This is precisely what a publicly accessible webserver requires.

A Comparison: The Office Building 🏢.

VPC: All your office building.

Internet Gateway (IGW): The front and the main lobby to the street.

Public Subnet: The ground floor reception. It leads directly to the main lobby (the IGW) thus having visitors in the street walk straight in.

Private Subnet: The safe R&D laboratory on the 10 th floor. It does not have a direct access to the main lobby. One has to take the internal paths of the building to reach there.

Discussions of the Wrong Alternatives.

(B) A Private Subnet: The route table of a private subnet is missing the route to the Internet Gateway. The resources in this case (such as databases or in-house applications) are not accessible to internet and are not available directly.

(C) A VPN only Subnet: A VPN only Subnet is a form of private subnet whereby the route table will route the traffic over to a Virtual Private Gateway (VGW) to make a VPN connection back to a corporate office, rather than the public internet.

(D) Any Subnet will work: This is not true. The placement of any web server on a private subnet would render the web server inaccessible by the internet.

keywords

• Public Subnet vs Private Subnet
• Amazon VPC Subnets
• AWS Networking
• VPC Route Table
• Internet Gateway (IGW)
• Network Isolation
• NAT Gateway
• AWS Subnetting
• VPC Design
• Network Security
• Cloud Networking
• Public IP Address
• "what is the difference between a public and private subnet in aws"
• "how to make a subnet public in vpc"
• "route table for a private subnet"
• "aws vpc subnetting best practices"
• "connect private subnet to internet"