What is a private subnet?
Private Subnet in any VPC has no internet connectivity but is connected with other resources in same VPC.
It is useful for applications that store sensitive information that should not be exposed to world or to an instance that has database in it. In this, other public instance that has internet connectivity can transfer request to this server and share response received from this server to the world.
Let’s see how can we achieve that on AWS
- In AWS, in every region, you will see one default VPC is created.
- With Default VPC You will also get subnets as the same amount of Availability zones that the region has. But all of them come with an Internet gateway attached.
- Let’s make a private subnet
- Go to VPC → Subnets → Create Subnet
- Add Name of your subnet, let me name it “Private_subnet”
- Select VPC (choose the one where your EC2 resides)
- Set Availability zone preference if you have any, otherwise keep it blank
- Add IPv4 CIDR Block Range, it must be unique within your VPC. I have added it as 172.31.128.0/24, as all before that are occupied.
- Let’s Create Private Route in Route table
- Go to VPC → Route tables → Create Route table
- Name it and add VPC that we are working on
- Click on Create Route table
- Go to Edit Route Table and remove the entry with internet gateway and click on save routes.
- Let’s attach this route to newly created subnet
- Click on subnet we just created
- Go to Actions → Edit Route table association → Choose newly created Route table with no Internet gateway attached.
- Click on save.
Our private subnet is ready.