Hello, and welcome to this lecture. Where I want to discuss the differences between public and private subnets, and how they are defined. Now we have seen what a subnet looks like, I want to talk to you about both public and private subnets. In a nutshell, public subnets have direct access to the Internet, whereas your private instances do not.

So what makes a subnet public? There are essentially 2 components required to make any one of your subnets classed as a public subnet. Firstly, you need to create and attach an Internet gateway to your VPC. This Internet gateway is a managed service, controlled, configured, and maintained by AWS. It scales horizontally automatically, and is classified as a highly valuable component of your VPC infrastructure.

Once your Internet gateway is attached to your VPC, you have a gateway to the Internet. However, at this point, your instances have no idea how to get out to the Internet. As a result, you need to add a default route to the route table associated with your subnet. The route could have a destination value of 0.0. 0. 0/0, and the target value will be set as your Internet gateway ID.

The destination value of 0.0.0.0/0 essentially says for any destinations not already known to the route table, then use this route, which points to the target of the Internet gateway. With an Internet gateway attached, and a route in place, the subnet is now considered to be a public subnet.

There are, however, additional elements required before your instances within that public subnet can access the outside world. Any instance that you're required to communicate with external resources on the Internet and beyond, will require a public IP address. Also, you'll need to ensure that your public subnet NACL is not restricting or blocking expected ingress and egress traffic.

For example, if you are using http, and the NACL denied all traffic going over port 80, then you would run into problems very quickly. So to quickly recap, to enable the instances to communicate with the Internet, the following conditions must be true. The VPC must have an Internet gateway attached. The subnet must have a route, for example, 0.0.0.0/0, with a target of the attached Internet gateway. The instances must have a public IP address assigned. And the associated NACL must allow ingress and egress traffic. Before moving on from this section, I just want to revisit a point I made about the public IP address allocation for the instances.

Depending on the IP addressing behavior of the subnet, these can either be automatically assigned to new instances launched within the subnet, or you must manually choose to have a public IP address for your instance. By default, all subnets have the automatic assigned of public IP addresses turned off.

Even when a subnet is considered a public subnet. The assignment remains as a manual process for instances. To modify the subnet IP addressing behavior from within the management console, you must first select the subnet within the VPC service, select subnet actions, then select Modify Auto Assign IP Settings.

Select the Tick box to enable auto assign public IPV4 addresses, and then click Save. The subnet will then automatically assign a public IP address to any instances that are launched within that subnet. Do be aware that for each instance created, you can overrule this decision. As you can see, although the default is Enable, it's possible to select Disable for the instance.

Any public IP address assigned by this method is not directly associated to your AWS account. Instead it's taken from a pull of addresses owned by AWS, and when the instance is no longer required, the IP address is released back into the AWS pull. You can't request the same public IP address if you need to use it again.

If you acquire this functionality of being able to reuse, and reassign a public IP address, then you would need to use an elastic IP address, an EIP. Using an EIP is another option we have to give instances public IP addresses. So far, we have looked at VPC CIDR Block Ranges, and subnetting of these blocks into smaller side blocks for subnets, Subnet IP reservation addresses, why you would want and need to subnet your VPC, Public and private subnets within your VPC and subnet IP addressing behavior. However, does any of this change if you have multiple VPCs? What considerations need to be made if you are looking to peer multiple VPCs together?

In the next lecture, we will take a look at VPC peering subnet considerations.