Subnets

A subnet, or subnetwork, is a logical subdivision of an IP network. Within a VPC, you divide your IP address range into smaller segments called subnets. Each subnet must reside entirely within one Availability Zone (AZ), which is a distinct physical location within a cloud provider's region. By creating subnets, you can group resources based on their security and operational needs. The key distinction is between public and private subnets. A 'public subnet' is a subnet that has a route table entry pointing to an Internet Gateway (IGW). This allows resources within the public subnet (like web servers) to be directly accessible from the public internet. They can send and receive traffic from the internet. In contrast, a 'private subnet' does not have a direct route to an Internet Gateway. Resources in a private subnet (like database servers) cannot be reached directly from the internet, providing a significant security enhancement. They can, however, initiate outbound connections to the internet through a Network Address Translation (NAT) Gateway, which resides in a public subnet. This setup allows the database servers to download software updates or patches without exposing them to inbound threats. This public/private subnet architecture is a standard design pattern for building secure and scalable applications in the cloud.