Public Subnet vs Private Subnet

When architecting a network on a cloud computing provider (Amazon Web Services, in this example), it is best practice to divide resources based on whether they need to be directly accessible from the internet.

To achieve this, we divide subnets into private (for internal resources) and public (for public-facing resources).

What is Public Subnet

A public subnet is a network segment that has direct access to the public internet. EC2 instances in a public subnet usually have a public IP address.

In simple terms, traffic is routed to 0.0.0.0/0 (the internet) via an Internet Gateway in the route table.

0.0.0.0/0 -> Internet Gateway

What is Private Subnet

This is the opposite of a public subnet. A private subnet is a network segment that has no direct access from the public internet. EC2 instances in a private subnet usually do not have a public IP or a route to an Internet Gateway.

However, instances inside a private subnet can still access the internet using a NAT Gateway.