AWScloud~30 mins

Public vs private subnets in AWS - Hands-On Comparison

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Create a VPC with Public and Private Subnets in AWS

📋 What You'll Learn

💡 Why This Matters

🌍 Real World

This setup is common for web applications where web servers need internet access but databases should be protected in private subnets.

💼 Career

Understanding public vs private subnets and routing is essential for cloud architects and network engineers working with AWS networking.

Progress0 / 4 steps

Create the VPC and Subnets

Create a VPC called my_vpc with CIDR block "10.0.0.0/16". Then create two subnets: a public subnet called public_subnet with CIDR block "10.0.1.0/24" and a private subnet called private_subnet with CIDR block "10.0.2.0/24". Use the AWS CloudFormation resource types AWS::EC2::VPC and AWS::EC2::Subnet.

AWS

# Your code here to create my_vpc, public_subnet, and private_subnet

Need a hint?

Use AWS::EC2::VPC to create the VPC and AWS::EC2::Subnet to create each subnet. Remember to link subnets to the VPC using VpcId.

Create and Attach the Internet Gateway

Create an internet gateway called internet_gateway using AWS::EC2::InternetGateway. Then attach it to the VPC my_vpc using AWS::EC2::VPCGatewayAttachment.

AWS

Resources:
  my_vpc:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: "10.0.0.0/16"
      Tags:
        - Key: Name
          Value: my_vpc
  public_subnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref my_vpc
      CidrBlock: "10.0.1.0/24"
      Tags:
        - Key: Name
          Value: public_subnet
  private_subnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref my_vpc
      CidrBlock: "10.0.2.0/24"
      Tags:
        - Key: Name
          Value: private_subnet

# Your code here to create internet_gateway and attach it to my_vpc

Need a hint?

Use AWS::EC2::InternetGateway to create the internet gateway and AWS::EC2::VPCGatewayAttachment to attach it to the VPC.

Create Route Tables and Routes

Create a public route table called public_route_table for my_vpc using AWS::EC2::RouteTable. Add a route called public_route that sends all traffic (0.0.0.0/0) to the internet_gateway. Also create a private route table called private_route_table for my_vpc without any internet route.

AWS

Resources:
  my_vpc:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: "10.0.0.0/16"
      Tags:
        - Key: Name
          Value: my_vpc
  public_subnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref my_vpc
      CidrBlock: "10.0.1.0/24"
      Tags:
        - Key: Name
          Value: public_subnet
  private_subnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref my_vpc
      CidrBlock: "10.0.2.0/24"
      Tags:
        - Key: Name
          Value: private_subnet
  internet_gateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: internet_gateway
  attach_igw:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref my_vpc
      InternetGatewayId: !Ref internet_gateway

# Your code here to create public_route_table, public_route, and private_route_table

Need a hint?

Create two route tables. The public one needs a route to the internet gateway for all traffic. The private one has no routes to the internet.

Associate Subnets with Route Tables

Associate the public_subnet with the public_route_table using AWS::EC2::SubnetRouteTableAssociation called public_subnet_assoc. Also associate the private_subnet with the private_route_table using AWS::EC2::SubnetRouteTableAssociation called private_subnet_assoc.

AWS

Resources:
  my_vpc:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: "10.0.0.0/16"
      Tags:
        - Key: Name
          Value: my_vpc
  public_subnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref my_vpc
      CidrBlock: "10.0.1.0/24"
      Tags:
        - Key: Name
          Value: public_subnet
  private_subnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref my_vpc
      CidrBlock: "10.0.2.0/24"
      Tags:
        - Key: Name
          Value: private_subnet
  internet_gateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: internet_gateway
  attach_igw:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref my_vpc
      InternetGatewayId: !Ref internet_gateway
  public_route_table:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref my_vpc
      Tags:
        - Key: Name
          Value: public_route_table
  public_route:
    Type: AWS::EC2::Route
    DependsOn: attach_igw
    Properties:
      RouteTableId: !Ref public_route_table
      DestinationCidrBlock: "0.0.0.0/0"
      GatewayId: !Ref internet_gateway
  private_route_table:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref my_vpc
      Tags:
        - Key: Name
          Value: private_route_table

# Your code here to associate public_subnet with public_route_table and private_subnet with private_route_table

Need a hint?

Use AWS::EC2::SubnetRouteTableAssociation to link each subnet to its route table.