Details on AWS private/public subnets

(written by lawrence krubner, however indented passages are often quotes). You can contact lawrence at: lawrence@krubner.com, or follow me on Twitter.

A note to myself. I’m doing this with Terraform, but of course, one has to know how it will all actually work. Connecting a private subnet to the public world:

Resolution

1. List the Availability Zones that have the instances you want to attach to the load balancer.

2. Create an equal number of public subnets in the same Availability Zones where your private instances exist. To ensure that the load balancer can scale properly, verify that each subnet for the load balancer has a CIDR block with at least a /27 bitmask (for example, 10.0.0.0/27) and has at least 8 free IP addresses. Your load balancer uses these IP addresses to establish connections with the backend instances; for more information, see VPCs and Subnets.

Note: If you have more than one private subnet in the same Availability Zone that contains instances that need to be registered with the load balancer, you only need to create one public subnet. You need only one public subnet per Availability Zone; you can add the private instances in all the private subnets that reside in that particular Availability Zone.

3. From the Amazon EC2 console, create a load balancer and associate the newly created public subnets with it. For instructions, see Step 1: Select a Load Balancer Type and Step 2: Define your Load Balancer.

4. Add the private instances to the load balancer; for instructions, see Step 5: Register EC2 Instances with Your Load Balancer.

Post external references

  1. 1
    https://aws.amazon.com/premiumsupport/knowledge-center/public-load-balancer-private-ec2/
Source