Tuesday, May 17, 2022
Home OPERATION The difference between public and private subnets in Amazon VPC

The difference between public and private subnets in Amazon VPC


Subnets, public and private subnets, these are all networking issues. Therefore, network basics are required to understand the difference between public and private subnets. Network concepts may seem a little complicated at first. Don’t be afraid! I will explain the necessary ones, starting from general to specific.

What is AWS?

Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. It offers over 200 fully-featured services from data centers globally. These data centers and the servers are connected over cables, forming a giant physical network. AWS also virtualizes the storage and computing capacities of the physical servers. That makes it possible to serve the enormous power more efficiently. So users can immediately access thousands of high process instances and tens of terabytes of storage.

what is amazon vpc

What is a VPC?

The virtualization creates the need for a virtual network, which connects virtual machines and devices, no matter their location, using softwares. And this brings us to the virtual private cloud. A Virtual Private Cloud (VPC) is a virtual network dedicated to your AWS account. It is a private area logically isolated from other virtual networks in the AWS Cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC.

What does CIDR Block means?

When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block; for example, This is the primary CIDR block for your VPC. Here, defines 65536 IPv4 addresses in your VPC. Using these IPv4 addresses, you can create your resources within the VPC. They can communicate with each other and connect to the internet as needed. However, you are restricted with the addresses in that range.

What is a subnet?

what are subnets

A subnet, or subnetwork, is a network inside a network. In other words, it is a subnet(work) under Virtual Private Cloud (VPC). A subnet means a range of IP addresses in your Amazon VPC. You can launch AWS resources into a specific subnet, such as EC2 instances. When you create a subnet, you specify the IPv4 CIDR block for the subnet, a subset of the VPC CIDR block. If we compare the IPv4 range that we defined for VPC to a cake, the subnet is a slice. It is possible to cut pieces of different sizes, a sub-CIDR block, or a range of IPv4 addresses.

What is a Public subnet?

A public subnet is a subnet that is associated with a route table that has a route to an Internet gateway. This gateway connects the subnet(work) to the Internet and to other AWS services. Thus, the resources in that subnet able to communicate with the Internet. 

What is a Private subnet?

private subnet is a subnet that is associated with a route table that doesn’t have a route to an internet gateway. Resources in a private subnet cannot communicate directly with the Internet, and vice versa. 

What is the difference between public and private subnets?

the difference between public and private subnets
The diffrerence between public and private subnets

Let’s get to the point: The difference between public and private subnets. The instances in the public subnet can send outbound traffic directly to the Internet with the help of Internet Gateway, whereas the instances in the private subnet can’t because we are not attaching Internet Gateway to the Private Subnets.

Instead, the instances in the private subnet can access the Internet by using a Network Address Translation (NAT) gateway that resides in the public subnet.

Instances or resources living in the Private Subnet will be safer than Public Subnet because any traffic initiated from the internet can not reach directly to the endpoints in Private Subnet, but can reach in Public Subnet. Of course, we have many security measures and tools to prevent unwanted traffic like Security Groups, NACL, AWS WAF on top of existing VPC,Subnets and Routing Table to shape the traffic. But those are other posts topics.

TL;DR or Summary

The private cloud defined in your AWS account is called Virtual Private Cloud (VPC). VPC is a private network where your resources, such as the EC2 instance, are located. These resources need IPv4 addresses to communicate with each other and the Internet. You define a specific range of IPv4 when creating your VPC at the very beginning. It is also possible to create subnet(work) by dividing these addresses into narrower ranges, called a subnet. A subnet connected to the Internet is called a public subnet, and a non-connected subnet is called a private subnet. Simply put, how they can access to the Internet is the difference between public and private subnets.

Please feel free to ask if you get confused!


Mustafa Gonen
DevOps engineer, helps companies to balance their needs throughout the software development life cycle, from coding and deployment to maintenance and updates by automation. He believes the beauty of diversity. Working in DevOps culture and being a part of this harmony makes him highly motivated and satisfied.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Popular

How to remove old and unused Docker Images?

Intro Do you have time in a project where you have been working for quite a long time,...

What is the difference between CMD and ENTRYPOINT in a Dockerfile?

Intro Unlike virtual machines, containers are not meant to host an operating system. Containers are just intended to...

How to containerize a Python Flask app?

Intro Today, developers want to develop, ship, and run applications faster. Docker enables them to build, test, and...

How to pass environment variables to Docker containers?

Intro In application development, it is best practice to separate services from configurations. The Twelve-factor app methodology recommends...

Recent Comments