AWS VPC Networking Fundamentals
Explain the difference between public and private subnets in AWS VPC. How do instances in private subnets access the internet?
Explain the difference between public and private subnets in AWS VPC. How do instances in private subnets access the internet?
Public subnets have a route to an Internet Gateway (IGW), allowing direct internet access for instances with public IPs. Private subnets route internet-bound traffic through a NAT Gateway in a public subnet, enabling outbound-only access. This architecture protects backend services while allowing them to fetch updates and reach external APIs.
VPC subnet design is fundamental to AWS security architecture. The public/private split follows the principle of least exposure - only resources that need direct internet access (load balancers, bastion hosts) go in public subnets, while application servers and databases stay in private subnets.
Terraform VPC with public/private subnets
Verify subnet routing
- Placing databases in public subnets for convenience
- Forgetting to create a NAT Gateway, leaving private instances without internet access
- Not using multiple availability zones for NAT Gateway redundancy
- What is the cost implication of using NAT Gateways vs NAT Instances?
- How do VPC Endpoints reduce the need for NAT Gateway traffic?
- What is the difference between a Security Group and a Network ACL?
Also worth your time on this topic
AWS VPC with Terraform
Build a complete AWS VPC infrastructure using Terraform with public/private subnets, NAT gateway, and security groups.
120 minutes
AWS Security Checklist
Essential security configuration checklist for AWS cloud environments.
45-60 minutes
Cloud IAM Basics
What is IAM in cloud computing? Explain the concepts of users, roles, and policies.
junior