Basics of AWS VPC: Understanding Subnets, Route Tables, Internet Gateways, and NAT Gateways

Mayank Patel

  1. Nov 29, 2024
  2. 4 min read

What is AWS VPC?

Amazon Virtual Private Cloud (VPC) is a virtual network allocated to your AWS account. If you are wondering what a virtual network is, it allows communication between computers, servers, or other devices. VPC allows you to start AWS resources like EC2(Server) in your virtual network.

VPC is basically an IP CIDR block that AWS allocates to your AWS account. White creating the AWS VPC, you just need to give inputs to the VPC name and IPv4 CIDR block for example 10.30.0.0/24. There are some advanced configuration options as well but you don't need to worry about them for now.

For example, you have created VPC named dev-vpc with an IP range 10.0.0.0/24

  • VPC Name: dev-vpc
  • IPV4 Range: 10.0.0.0/24

Now, this IP range is allocated to your AWS account and nobody else can have the same IP range.

What is Subnet?

A subnet is a set of IP addresses in your VPC. A subnet must be in a single availability zone. Availability Zones are distinct locations within the AWS Region. For example, one availability zone is ap-south-1: Asia Pacific.

To create a new Subnet, you need to first select the VPC from the VPC dropdown. Second, name your subnet, choose the availability zone and give IPV4 CIDR block. Please note that your IPV4 CIDR block must reside within the IP range of your selected VPC.

Create public subnet

  • Choose VPC: dev-vpc
  • Subnet name: public-subnet-1
  • Availability Zone: ap-south-1
  • IPV4 CIDR Block: 10.0.1.0/24

Create private subnet

  • Choose VPC: dev-vpc
  • Subnet name: private-subnet-1
  • Availability Zone: ap-south-1
  • IPV4 CIDR Block: 10.0.2.0/24

Once you create the subnet, resources within this subnet are not able to connect to the internet or route outbound traffic yet. There are 2 types of subnects.

  1. Public subnet
  2. Private subnet

Difference between the public subnet and private subnet

If we talk in simple language, instances in the public subnet can send traffic to the outside world whereas instances in the private subnet can't.

Now you must be wondering how we define/identify public and private subnets. To understand it better, let's come back to the subnet we created named public-subnet-1. I have named it "public" but it is not public yet.

To understand between the public subnet and private subnet, let's understand the Route table, Internet gateway, and NAT gateway

Route Table: It is used to do routing decisions. It contains existing routes to CIDR blocks outside of the ranges in your VPC. For example, it controls routing to Internet gateways, NAT gateways

Internet Gateway: It is a component that allows communication between VPC and internet. If your VPC doesn't have an internet gateway, resources within your VPC can't be accessed from the internet. For example, a website deployed to one of your EC2 servers.

NAT Gateway: A Network Address Translation (NAT) allows instances in your private subnet to connect to outside services like Databases but restricts external services to connecting to these instances.

One key thing to note while creating NAT Gateway is that "You must create NAT gateway in a public subnet so that other resources within the same VPC can communicate internally"

You just need to give a name to the route table and create. Once the route table is created, you can select that route table, and add routes to it. For example:

RTB-Public: A route table with a target to Internet gateway is a public route table.

RTB-Private: A route table with a target to NAT gateway is a private route table.

Now, let's come to the difference between public and private subnets.

A subnet which is connected to Public route table is Public subnet since the resources under that subnet can route outbound traffic to internet and outside services can also connect to these instances.
A subnet which is connected to Private route table is Private subnet since the resources under that subnet can route outbound traffic to internet but outside services can't connect to these instances.

Create an Internet Gateway named "igw-dev".

Create the NAT Gateway named "nat-dev" under one of the public subnets.

Choose route table RTB-Public, select Routes tab, and select Add Route. Under the Target, select the internet gateway named "igw-dev"

Choose route table RTB-Private, select Routes tab, and select Add Route. Under the Target, select the NAT gateway named "nat-dev"

Now, both public and private route tables are ready. We can assign subnets to these route tables.

  • Select route table RTB-Public again. Select the "Subnet associations" tab and click "Edit subnet associations". There check "public-subnet-1" and click "Save associations"
  • Select route table RTB-Private again. Select the "Subnet associations" tab and click "Edit subnet associations". There check "private-subnet-1" and click "Save associations"

Now, you have successfully created VPC, Subnets (Public & Private), Internet gateway, NAT gateway, Route tables and associations between Route table to Subnets.

It is important to use security groups and network access control lists(ACLs) to control inbound and outbound traffic to your resources. This can help increase the security of your VPC by only allowing the necessary traffic to reach your resources while blocking all other traffic.

One tip for using AWS subnets is to use different subnets for different types of resources and different levels of trust. For example, you can use one subnet for public-facing resources such as a web server, and another subnet for private resources such as a database.

About Author
Mayank Patel

See What Our Clients Say

Mindgap

Incentius has been a fantastic partner for us. Their strong expertise in technology helped deliver some complex solutions for our customers within challenging timelines. Specific call out to Sujeet and his team who developed custom sales analytics dashboards in SFDC for a SoCal based healthcare diagnostics client of ours. Their professionalism, expertise, and flexibility to adjust to client needs were greatly appreciated. MindGap is excited to continue to work with Incentius and add value to our customers.

Samik Banerjee

Founder & CEO

World at Work

Having worked so closely for half a year on our website project, I wanted to thank Incentius for all your fantastic work and efforts that helped us deliver a truly valuable experience to our WorldatWork members. I am in awe of the skills, passion, patience, and above all, the ownership that you brought to this project every day! I do not say this lightly, but we would not have been able to deliver a flawless product, but for you. I am sure you'll help many organizations and projects as your skills and professionalism are truly amazing.

Shantanu Bayaskar

Senior Project Manager

Gogla

It was a pleasure working with Incentius to build a data collection platform for the off-grid solar sector in India. It is rare to find a team with a combination of good understanding of business as well as great technological know-how. Incentius team has this perfect combination, especially their technical expertise is much appreciated. We had a fantastic time working with their expert team, especially with Amit.

Viraj gada

Gogla

Humblx

Choosing Incentius to work with is one of the decisions we are extremely happy with. It's been a pleasure working with their team. They have been tremendously helpful and efficient through the intense development cycle that we went through recently. The team at Incentius is truly agile and open to a discussion in regards to making tweaks and adding features that may add value to the overall solution. We found them willing to go the extra mile for us and it felt like working with someone who rooted for us to win.

Samir Dayal Singh

CEO Humblx

Transportation & Logistics Consulting Organization

Incentius is very flexible and accommodating to our specific needs as an organization. In a world where approaches and strategies are constantly changing, it is invaluable to have an outsourcer who is able to adjust quickly to shifts in the business environment.

Transportation & Logistics Consulting Organization

Consultant

Mudraksh & McShaw

Incentius was instrumental in bringing the visualization aspect into our investment and trading business. They helped us organize our trading algorithms processing framework, review our backtests and analyze results in an efficient, visual manner.

Priyank Dutt Dwivedi

Mudraksh & McShaw Advisory

Leading Healthcare Consulting Organization

The Incentius resource was highly motivated and developed a complex forecasting model with minimal supervision. He was thorough with quality checks and kept on top of multiple changes.

Leading Healthcare Consulting Organization

Sr. Principal

US Fortune 100 Telecommunications Company

The Incentius resource was highly motivated and developed a complex forecasting model with minimal supervision. He was thorough with quality checks and kept on top of multiple changes.

Incentive Compensation

Sr. Director

Most Read
Scaling Data Analytics with ClickHouse

In the modern data-driven world, businesses are generating vast amounts of data every second, ranging from web traffic, IoT device telemetry, to transaction logs. Handling this data efficiently and extracting meaningful insights from it is crucial. Traditional databases, often designed for transactional workloads, struggle to manage this sheer volume and complexity of analytical queries.

Kartik Puri

  1. Nov 07, 2024
  2. 4 min read
From Pandas to ClickHouse: The Evolution of Our Data Analytics Journey

At Incentius, data has always been at the heart of what we do. We’ve built our business around providing insightful, data-driven solutions to our clients. Over the years, as we scaled our operations, our reliance on tools like Pandas helped us manage and analyze data effectively—until it didn’t.

The turning point came when our data grew faster than our infrastructure could handle. What was once a seamless process started showing cracks. It became clear that the tool we had relied on so heavily for data manipulation—Pandas—was struggling to keep pace. And that’s when the idea of shifting to ClickHouse began to take root.

But this wasn’t just about switching from one tool to another; it was the story of a fundamental transformation in how we approached data analytics at scale.

Chetan Patel

  1. Oct 28, 2024
  2. 4 min read
Designing Beyond Aesthetics: How UI Shapes the User Experience in Enterprise Solutions

UI design in enterprise solutions goes beyond aesthetics, focusing on enhancing usability and user satisfaction. By emphasizing clarity, visual hierarchy, feedback, and consistency, UI improves efficiency and productivity, allowing users to navigate complex tasks seamlessly.

Mandeep Kaur

  1. Oct 23, 2024
  2. 4 min read
How We Transformed the B2B Marketplace: From Struggle to Success

We recently undertook a comprehensive transformation of the B2B marketplace to address some pressing challenges

Mayank Patel

  1. Jul 29, 2024
  2. 4 min read