Amazon Web Services
Compute
- AWS EC2
- EC2 Instance Types
- EC2 Pricing Models
- EC2 Auto Scaling
- Elastic Load Balancing-ELB
- AWS Lambda β Serverless Computing
- Amazon Lightsail
- AWS Elastic Beanstalk
- AWS Fargate
- Amazon ECS (Elastic Container Service)
- Amazon EKS (Elastic Kubernetes Service)
Storage
- S3 vs. EBS vs. EFS
- Amazon S3 (Simple Storage Service)
- Amazon S3 Storage Classes
- Amazon EBS (Elastic Block Store)
- Amazon EFS (Elastic File System)
- AWS Storage Gateway
- AWS Snowball
- Amazon FSx
- AWS Backup
Database Services
- Amazon RDS
- Amazon Aurora
- Amazon DynamoDB
- Amazon ElastiCache
- Amazon Redshift
- AWS Database Migration Service (DMS)
- Amazon Neptune
- Amazon DocumentD
Networking and Content Delivery
- Amazon VPC
- Subnets
- Internet Gateway
- AWS Direct Connect
- AWS Route 53
- AWS CloudFront
- AWS Transit Gateway
- Elastic IP Addresses
DynamoDB
- DynamoDB Global Table vs Regular DynamoDB Table
- DynamoDB Streams
- Athena query data to DynamoDB
- Athena Query Results with DynamoDB
- PySpark DataFrame to DynamoDB
Redshift
Lambda
Glue
Lambda
Security
π AWS Subnets β Public and Private Subnets within a VPC
In cloud networking, you need a way to divide your network logically so that different parts of your application can be isolated and secured.
This is where AWS Subnets come in.
A subnet (short for subnetwork) is a portion of your Amazon VPC (Virtual Private Cloud) where you can group resources based on security and accessibility needs.
- Public Subnet: Direct access to the internet (through an Internet Gateway). Typically used for web servers, load balancers, bastion hosts.
- Private Subnet: No direct internet access. Used for databases, application servers, internal APIs. Outbound access (if needed) is through a NAT Gateway.
Think of a VPC as your house, and subnets as the rooms inside. Some rooms (like the living room) are public, while others (like the bedroom) are private.
βοΈ Key Features of AWS Subnets
- Segmentation β Split your network into smaller parts for better control.
- Security β Control inbound/outbound traffic with security groups and NACLs.
- High Availability β Subnets span a single Availability Zone, so you should create multiple for redundancy.
- Scalability β Deploy thousands of resources across multiple subnets.
- Flexibility β Assign public or private IPs depending on subnet type.
ποΈ Common Use Cases
Use Case | Description |
---|---|
Public Subnet | Hosting web applications accessible from the internet. |
Private Subnet | Running databases and backend services hidden from the public. |
Hybrid Networking | On-premise resources can connect securely into private subnets. |
Multi-Tier Architectures | Web tier (public), application tier (private), database tier (private). |
Secure Analytics Workloads | Keep sensitive analytics or ML workloads in private subnets. |
π οΈ Programs (Python β boto3)
β 1: Create a Public Subnet
import boto3
ec2 = boto3.client('ec2')
# Create a new VPCvpc = ec2.create_vpc(CidrBlock='10.0.0.0/16')vpc_id = vpc['Vpc']['VpcId']
# Create a subnet (public)public_subnet = ec2.create_subnet( VpcId=vpc_id, CidrBlock='10.0.1.0/24', AvailabilityZone='us-east-1a')print("Created Public Subnet:", public_subnet['Subnet']['SubnetId'])
# Create and attach an Internet Gatewayigw = ec2.create_internet_gateway()ec2.attach_internet_gateway(InternetGatewayId=igw['InternetGateway']['InternetGatewayId'], VpcId=vpc_id)
Use Case: This subnet is for public-facing resources like EC2 web servers.
β 2: Create a Private Subnet with NAT Gateway
# Create a private subnetprivate_subnet = ec2.create_subnet( VpcId=vpc_id, CidrBlock='10.0.2.0/24', AvailabilityZone='us-east-1a')print("Created Private Subnet:", private_subnet['Subnet']['SubnetId'])
# Allocate Elastic IP for NAT Gatewayeip = ec2.allocate_address(Domain='vpc')
# Create NAT Gateway in the public subnetnat_gw = ec2.create_nat_gateway( SubnetId=public_subnet['Subnet']['SubnetId'], AllocationId=eip['AllocationId'])print("Created NAT Gateway in Public Subnet")
Use Case: This subnet is for databases and backend services that need outbound internet but remain hidden from public access.
β 3: Launch Instances in Public vs Private Subnets
# Launch instance in Public Subnetec2.run_instances( ImageId='ami-0c55b159cbfafe1f0', InstanceType='t2.micro', MaxCount=1, MinCount=1, SubnetId=public_subnet['Subnet']['SubnetId'], NetworkInterfaces=[{'AssociatePublicIpAddress': True, 'DeviceIndex': 0}])
# Launch instance in Private Subnetec2.run_instances( ImageId='ami-0c55b159cbfafe1f0', InstanceType='t2.micro', MaxCount=1, MinCount=1, SubnetId=private_subnet['Subnet']['SubnetId'], NetworkInterfaces=[{'AssociatePublicIpAddress': False, 'DeviceIndex': 0}])
print("Instances launched in both Public and Private Subnets")
Use Case: Demonstrates how different workloads can be separated inside public/private subnets.
π§ How to Remember AWS Subnets for Exams & Interviews
-
Acronym βPUBβ vs βPRIβ
- PUB: Public, User-facing, Browser-accessible.
- PRI: Private, Restricted, Internal-only.
-
Memory Trick: Think of subnets like hotel rooms. Some rooms (public ones) open directly to the lobby (internet). Others (private ones) require a hallway (NAT Gateway) to exit.
-
Exam Hot Points:
- Difference between public vs private subnets.
- NAT Gateway vs Internet Gateway usage.
- Why subnets must reside in a single Availability Zone.
- Designing multi-tier architectures with proper subnet placement.
π― Why It Is Important to Learn AWS Subnets
- Foundation of AWS Networking β Every EC2, RDS, or Lambda (in VPC) runs inside a subnet.
- Security & Compliance β Keeping sensitive resources in private subnets reduces risk.
- Scalable Architectures β Multi-tier apps rely heavily on subnet segmentation.
- Cloud Exam Relevance β Heavily tested in AWS Solutions Architect Associate, SysOps, and Networking Specialty.
- Real-World Usage β Without subnet knowledge, you cannot design secure VPC topologies.
π Best Practices
- Create at least one public and one private subnet in each Availability Zone.
- Use NAT Gateways for outbound internet access from private subnets.
- Apply network ACLs and security groups for layered security.
- Avoid putting databases in public subnets.
- Enable VPC Flow Logs to monitor traffic.
π Conclusion
AWS Subnets form the building blocks of VPC networking. By dividing your VPC into public and private zones, you gain control, security, and flexibility.
For exam prep and interviews:
- Public Subnet = Internet-facing.
- Private Subnet = Internal-only.
- Use NAT Gateway for private outbound internet.
Mastering subnets ensures you can design, secure, and scale applications in AWS.