Understanding the distinction between “private” and “public” subnets in Amazon VPC requires an understanding of how IP routing and network address translation (NAT) works in general, and how they are specifically implemented in VPC. The core differentiation between a public and private subnet in VPC is defined by what that subnet’s default route is, in the VPC routing tables.. This configuration, dictates the validity of using, or not using, public IP addresses on instances on that particular subnet. Each subnet has exactly one default route, which can be only one of two things: The VPC’s “Internet Gateway” object, in the case of a “public” subnet An EC2 instance, performing the “NAT instance” role, in the case of a “private” subnet....
Continue reading...