- Amazon VPC - Home
- What is Amazon VPC?
- Amazon VPC - Components
- Creating Your First VPC
- Public vs Private Subnets
- Amazon VPC - Security Groups
- Network Access Control Lists
- Amazon VPC - Flow Logs
- Amazon VPC - Endpoints
- Amazon VPC - Peering
Amazon VPC Useful Resources
Public vs Private Subnets
Subnets are subdivisions within a VPC that allow you to organize and manage your resources. In simple words, Subnets allow you to divide your VPC into smaller networks. While creating your custom VPC, it is one of the important steps to configure subnets.
In a broader sense, we can divide subnets into two categories, namely, Private Subnets and Public Subnets. To use Amazon VPC, you must have a clear understanding of these subnets.
Difference Between Public and Private Subnets
The following table highlights the differences between Public and Private Subnets −
| Feature | Public Subnet | Private Subnet |
|---|---|---|
| Internet Access | It is directly connected to the Internet using an Internet Gateway. | There is no direct Internet access to the resources of private subnets. Only private connections (e.g., VPN, NAT Gateway) are allowed. |
| Network Access | The instances, like Amazon EC2, in a public subnet can be accessed from the Internet. | The instances in a private subnet cannot be accessed directly from the Internet. |
| Security | The instances in public subnets are more exposed to external traffic. Thats why it requires some strict security measures like firewalls and security groups. | It is more secure than public subnets because it is not directly exposed to the Internet. The traffic is controlled through private connections like VPN, NAT Gateway, etc. |
| Use of Internet Gateway | The instance in the public subnets requires an Internet Gateway to allow communication with the Internet. | It does not use an Internet Gateway. It uses a NAT Gateway or VPN for outbound Internet access. |
| Outbound Traffic | It provides direct Internet access for outgoing traffic. For example, for software updates or communication with APIs. | The outbound traffic in a private subnet is routed through a NAT Gateway or VPN for accessing the Internet. |
| Inbound Traffic | Public subnet can receive inbound traffic from the Internet. | Private subnet does not allow any inbound traffic from the Internet. It is only accessible through a private connection. |
Use Cases of Public Subnets
Public Subnets are ideal for −
- Hosting web servers
- Public-facing applications
- Any other resources that need direct Internet access
Use Cases of Private Subnets
Private Subnets are ideal for −
- Hosting databases
- Backend servers
- Sensitive data or applications that do not need direct Internet access
Advertisements