Wednesday, May 15, 2013

AWS VPC public and private subnets

What is the difference between a private and public subnet? I asked myself this after I was looking for a field in the ec2-describe-subnets command, AWS console, and ElasticWolf, and could not find anything to indicated whether a subnet was private or public...

Public and private subnets are more or less the same thing.  The routing table will decide whether a subnet is public or private. A subnet with a default route to the Internet Gateway, and instances using Elastic IPs, is considered as public. If you remove the Internet Gateway, you now have a private subnet.
This means that instances in a private subnet are invisible to the outside world and don't have access to the outside world (i.e internet).  Therefore, instances in private subnets need to make use of a NAT instance. The NAT instance will basically accept all traffic coming from the private instances and send it out to the Internet Gateway. That would theoretically add some latency.

Back to my original question: So, if an IGW is associated with your subnet it is a public subnet.

1 comment: