A subnet is a range of IP addresses in your VPC and these range of IP addresses within VPC could be further designed in terms of public and private subnet.
As you know when you create one or more subnets within your VPC, all subnets are considered as private subnets. To make a subnet as public, you need to create an internet gateway (igw) and then need to attach the igw to your VPC. Once the igw is associated with your VPC, then you need to edit your route table [main or custom] to route 0.0.0.0/0 through that internet gateway. At the end, you need associate your subnet which you want to make it public with this route table to consider it as public subnet.
The difference between public and private subnet are as follows
- A public subnet routes 0.0.0.0/0 through an internet gateway (igw). EC2 instances within public subnet could connect to internet through instance public IP. The instances in the public subnet could send outbound traffic to internet. However, all incoming request to your instance is blocked by your public subnet.
- The instance within private subnet could not connect to internet. However, the instances could communicate with other instances within the VPC CIDR. AWS provides an option to allow the instance within private subnet to connect to internet through Network Address Translation (NAT) instance or NAT gateway. The traffic in private subnet is routed through NAT in the public subnet.You could also restrict the route to 0.0.0.0/0 to make it as a private subnet with no internet access in or out from it.
Please comment below if you have any question related to this article.