For the purposes of learning, I'm trying to setup a public/private VPC in AWS without using the wizard, and I'm trying to determine how AWS decides if a subnet is private/public.
For argument sake, let's say I have in my vpc 1 ig, 2 routing tables, 2 elbs, 4 instances, 4 subnets, and 2 availability zones.
[
ig,
routepub,
routepriv (default),
elbpub,
elbpriv,
{ az1: [
subnet1pub: { range: "10.0.0.0/25", instances: [ instance1pub ] },
subnet1priv: { range: "10.0.1.0/25", instances: [ instance1priv ] }
] },
{ az2: [
subnet2pub: { range: "10.0.0.128/25", instances: [ instance2pub ] },
subnet2priv: { range: "10.0.1.128/25", instances: [ instance2priv ] }
] }
]
I have traffic coming from the greater internet to elbpub which then balances across my availability zones to instance1pub and instance2pub. I have some internal application (say a database or something such) on instance1priv and instance2priv which only instance1pub and instance2pub can access, and traffic to these is balanced via elbpriv.
When I try to set this up, I am told that I must attach my Internet-Facing ELB to a public subnet. So, how does AWS decide if a subnet is public or private?
And more specifically, I understand that private means it must go through a NAT and public means it goes through the IG, but how do I set up and/or link up my route tables/security groups to reflect this so that it lets me get public traffic into my public elb?
