Public and Private Subnets
- AWS creates a default route table for every vpc and all subnets use this as for routing.
- In the enterprise applications, we would have scenarios, where we need some of our workloads to be accessible from internet and some workloads where there is no connectivity from internet.
- We get an internet accessibility via route table which has route to internet gateway.
- If a subnet has a route table which has route to internet gateway i.e public subnet
- If a subnet has a route table which doesnot have route to internet gateway i.e private subnet
- So now lets create two route tables
- public rt should have route to internet gateway
- web1 and web2 subnets should be public and rest should be private
- Now lets associate public route table to web1 and web2
-
lets associate the rest to private route table
-
Now lets create an ec2 instance in private subnet and we will not be able to access to ec2 instance from interent as there is no route
- The only way to access the instances in private subnet is to use other instances in same vpc.
- For maintenace if you want to connect to ec2 in private subnet. Direct connectivity is not possible. We connect to ec2 instance in public subnet and then from there we connect to private ec2 instance (bastion-host)
- Next Challenge: How to give internet access to private subnet ec2 instances in one-direction
