DEV Community

Hyelngtil Isaac
Hyelngtil Isaac

Posted on • Edited on • Originally published at hyelngtil.awstech

Networking Series 3: Creating a Private Subnet

#aws #awschallenge #security #networking

Introducing Today's Project!

What is Amazon VPC?
Amazon VPC lets you build a private network in the cloud, control traffic flow, and securely connect AWS resources giving full flexibility, isolation, and integration with other services.

How I used Amazon VPC in this project
I used Amazon VPC to build a secure cloud network with public and private subnets, route tables, and ACLs isolating traffic and controlling access across internal and external resources.

One thing I didn't expect in this project
One thing I didn't expect in this project was how much Iʼd rely on customizing network component like creating a new network ACL to ensure truly secure subnet isolation.
This project took me about 30 minutes to complete

Private vs Public Subnets

The difference between public and private subnets is that public subnets are connected to the internet via an internet gateway, while private subnets aren't. Public host resources that need internet access; private ones are for internal-facing apps.

Having private subnets are useful because they protect internal AWS resources from public exposure, enforce stricter traffic rules, and support secure networking within your VPC.

My private and public subnets cannot have the same route table if it connects to an internet gateway private subnets must stay isolated from the internet for better security and traffic control

A dedicated route table

By default, my private subnet is associated with a route table that excludes internet gateway routes, keeping internal resources isolated and secure within the VPCʼs private network space.

I had to set up a new route table because private subnets need a separate table to stay isolated and protect internal AWS resources.

My private subnet's dedicated route table only has one inbound and one outbound rule that allows internal VPC traffic resources to communicate privately without accessing the internet.

A new network ACL

By default, my private subnet is associated with a private Network ACL (NACL) created during the project.

I set up a dedicated network ACL for my private subnet because it lets me apply strict traffic rules tailored to my internal resources, improving security and isolating traffic from public subnets.

My new network ACL has two simple rules allow inbound traffic from internal IPs (10.0.0.0/16) and allow outbound traffic to the same range for secure, private subnet communication.

🤝Next in the series builds on this, which is "Launching VPC Resources"

Top comments (0)