What is a Subnet in AWS? Public vs Private Subnets Explained (2026)

-

Learn what a subnet in AWS is and how public and private subnets work. Complete beginner-friendly guide with architecture, routing, and real-world examples.

Introduction

A subnet in AWS is a smaller network inside a Virtual Private Cloud (VPC) that helps you organize and secure your cloud resources.

If you don’t understand subnets, you don’t understand AWS networking.

In this guide, you’ll learn:

  • What a subnet is
  • Types of subnets
  • How routing works
  • Real-world architecture
  • Common mistakes beginners make

What is a Subnet in AWS?

A subnet (short for subnetwork) is a division of a VPC’s IP address range into smaller segments.

In Amazon Web Services, subnets allow you to:

  • Organize resources
  • Control network traffic
  • Apply security boundaries

TL/DR

A subnet is a logical partition of a VPC where you place your AWS resources like EC2 instances.

Why Subnets Are Important

Without subnets:

  • All resources are in one flat network
  • No proper isolation
  • Security risks increase

With subnets:

  • You separate public and private resources
  • Control access using routing
  • Build secure architectures

Types of Subnets in AWS

There are two main types of subnets:

1. Public Subnet

A public subnet is a subnet that has access to the internet.

Key Features:

  • Connected to Internet Gateway
  • Can have public IP addresses
  • Accessible from outside

Used For:

  • Web servers
  • Load balancers
  • Bastion hosts

2. Private Subnet

A private subnet does NOT have direct internet access.

Key Features:

  • No route to Internet Gateway
  • No public IP
  • More secure

Used For:

  • Databases
  • Backend servers
  • Internal services

How Public and Private Subnets Work

The difference between public and private subnets is not the subnet itself—it’s the route table configuration.

Public Subnet Routing:

0.0.0.0/0 → Internet Gateway

This means:

  • Traffic can go to the internet

Private Subnet Routing:

0.0.0.0/0 → NAT Gateway (optional)

This means:

  • Outbound internet allowed
  • No inbound access

Real-World Architecture Example

In a production setup:

Public Subnet:

  • Load Balancer
  • Bastion Host

Private Subnet:

  • Application Servers
  • Database

Why?

  • Public layer handles incoming traffic
  • Private layer protects sensitive data

This is a standard architecture used in most cloud systems.

Subnet CIDR Block Explained

Each subnet gets a portion of the VPC’s IP range.

Example:

VPC:

10.0.0.0/16

Subnets:

10.0.1.0/24 (Public)
10.0.2.0/24 (Private)

This helps:

  • Organize IP allocation
  • Avoid conflicts
  • Scale efficiently

Best Practices for Subnets

  • Use at least 2 subnets across different Availability Zones
  • Keep databases in private subnets
  • Do not assign public IP unnecessarily
  • Use NAT Gateway for outbound access
  • Design CIDR blocks carefully

Common Mistakes Beginners Make 

  • Thinking subnet type is automatic
  • Not configuring route tables
  • Putting databases in public subnet 
  • Using default VPC without planning

How Subnets Relate to Other AWS Components

Subnets work together with:

  • VPC → main network
  • Route Tables → control traffic
  • Internet Gateway → public access
  • NAT Gateway → private outbound access
  • Security Groups → instance-level security

Understanding this relationship is key to mastering AWS networking.

Conclusion

Subnets are the building blocks of AWS networking in Amazon Web Services.

If you understand:

  • Public vs Private subnets
  • Routing logic
  • Real-world architecture

You are already ahead of most beginners in cloud computing.

Anup Das
As, India

Location: Guwahati, Assam 781021, India

Comments

Post a Comment

Popular posts from this blog

Secure AWS VPC Setup with Bastion Host (Step-by-Step Guide for Beginners) | 2026

-
Image
Learn how to build a secure AWS VPC with Bastion Host step-by-step. Beginner-friendly AWS networking project with real-world architecture and security best practices. Tags: Learn how to build a secure AWS VPC with Bastion Host step-by-step. Hands-on guide with real-world architecture, security best practices, and AWS tips. Introduction In modern cloud environments, security and controlled access are non-negotiable. One of the most widely used patterns in production AWS architectures is the bastion host (jump server) setup — a secure gateway that enables access to private resources without exposing them to the internet. A secure AWS VPC with a Bastion Host allows controlled SSH access to private instances without exposing them to the internet. In this hands-on guide, you will build a production-style AWS network architecture used by real companies to secure cloud environments. If you're preparing for AWS Cloud roles , this project demonstrates strong skills in networking, securi...
Read more

How AWS VPC Works: A Deep-Dive Guide to Virtual Private Cloud (Architecture, Security & Best Practices)

-
Image
A complete, in-depth guide to AWS VPC covering architecture, subnets, routing, security, and real-world design patterns. Learn how to build secure, scalable cloud networks. Introduction Amazon Virtual Private Cloud (VPC) is the foundation of networking in Amazon Web Services. It allows you to design a logically isolated network in the cloud where you control IP addressing, routing, and security. If you are aiming for cloud engineering roles, understanding VPC deeply is non-negotiable. This guide goes beyond basics and explains how VPC actually works in real-world architectures. What is a VPC? A Virtual Private Cloud (VPC) is a private, isolated section of the AWS cloud where you can launch resources like EC2 instances, databases, and load balancers. Think of it as: Your own data center network But fully virtual And controlled via software Key characteristics: Fully customizable IP range (CIDR) Logical isolation from other networks Integrated security layers High scalability Core Compon...
Read more

Advantages of Cloud Computing: Why Businesses Are Moving to the Cloud in 2026

-
Image
Discover the key advantages of cloud computing including scalability, cost savings, security, and global access. A complete guide for beginners and professionals. Introduction Cloud computing has transformed how modern systems are built, deployed, and scaled. Instead of owning and managing physical servers, organizations now rely on platforms like Amazon Web Services , Microsoft Azure , and Google Cloud Platform to run their infrastructure. The shift is not just a trend—it’s a fundamental change in how technology is consumed. This guide explains the real advantages of cloud computing with depth, clarity, and real-world context.
Read more