Subnets, public and private subnets, these are all networking issues. Therefore, network basics are required to understand the difference between public and private subnets. Network concepts may seem a little complicated at first. Don’t be afraid! I will explain the necessary ones, starting from general to specific.
What is AWS?
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. It offers over 200 fully-featured services from data centers globally. These data centers and the servers are connected over cables, forming a giant physical network. AWS also virtualizes the storage and computing capacities of the physical servers. That makes it possible to serve the enormous power more efficiently. So users can immediately access thousands of high process instances and tens of terabytes of storage.
What is a VPC?
The virtualization creates the need for a virtual network, which connects virtual machines and devices, no matter their location, using softwares. And this brings us to the virtual private cloud. A Virtual Private Cloud (VPC) is a virtual network dedicated to your AWS account. It is a private area logically isolated from other virtual networks in the AWS Cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC.
What does CIDR Block means?
When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16. This is the primary CIDR block for your VPC. Here, 10.0.0.0/16 defines 65536 IPv4 addresses in your VPC. Using these IPv4 addresses, you can create your resources within the VPC. They can communicate with each other and connect to the internet as needed. However, you are restricted with the addresses in that range.
What is a subnet?
A subnet, or subnetwork, is a network inside a network. In other words, it is a subnet(work) under Virtual Private Cloud (VPC). A subnet means a range of IP addresses in your Amazon VPC. You can launch AWS resources into a specific subnet, such as EC2 instances. When you create a subnet, you specify the IPv4 CIDR block for the subnet, a subset of the VPC CIDR block. If we compare the IPv4 range that we defined for VPC to a cake, the subnet is a slice. It is possible to cut pieces of different sizes, a sub-CIDR block, or a range of IPv4 addresses.
What is a Public subnet?
A public subnet is a subnet that is associated with a route table that has a route to an Internet gateway. This gateway connects the subnet(work) to the Internet and to other AWS services. Thus, the resources in that subnet able to communicate with the Internet.
What is a Private subnet?
A private subnet is a subnet that is associated with a route table that doesn’t have a route to an internet gateway. Resources in a private subnet cannot communicate directly with the Internet, and vice versa.
What is the difference between public and private subnets?
Let’s get to the point: The difference between public and private subnets. The instances in the public subnet can send outbound traffic directly to the Internet with the help of Internet Gateway, whereas the instances in the private subnet can’t because we are not attaching Internet Gateway to the Private Subnets.
Instead, the instances in the private subnet can access the Internet by using a Network Address Translation (NAT) gateway that resides in the public subnet.
Instances or resources living in the Private Subnet will be safer than Public Subnet because any traffic initiated from the internet can not reach directly to the endpoints in Private Subnet, but can reach in Public Subnet. Of course, we have many security measures and tools to prevent unwanted traffic like Security Groups, NACL, AWS WAF on top of existing VPC,Subnets and Routing Table to shape the traffic. But those are other posts topics.
TL;DR or Summary
The private cloud defined in your AWS account is called Virtual Private Cloud (VPC). VPC is a private network where your resources, such as the EC2 instance, are located. These resources need IPv4 addresses to communicate with each other and the Internet. You define a specific range of IPv4 when creating your VPC at the very beginning. It is also possible to create subnet(work) by dividing these addresses into narrower ranges, called a subnet. A subnet connected to the Internet is called a public subnet, and a non-connected subnet is called a private subnet. Simply put, how they can access to the Internet is the difference between public and private subnets.
Please feel free to ask if you get confused!