2

I learnt that private IPv4 address space is:

Class A 10.0.0.0 – 10.255.255.255
Class B 172.16.0.0 – 172.31.255.255
Class C 192.168.0.0 – 192.168.255.255

A private IP address is an IP address that cannot be accessed over the Internet and normally protected by firewall.

169.254.0.0 used by Microsoft machines but not assigned by IANA

In the below AWS VPC architecture(from here):

enter image description here

Public subnet is designated with subnet 10.0.0.0/24, but this address is part of private address space(10.0.0.0 – 10.255.255.255).

Why subnet(10.0.0.0/24) is considered as public subnet?

Note: In AWS world, associating a subnet to a public route table makes it a public subnet. Route table entry having outbound traffic to IGW indicates a route table, a public route table

overexchange
  • 15,768
  • 30
  • 152
  • 347

2 Answers2

7

All VPCs in AWS are assigned a CIDR range of IP addresses. In the above example, the VPC has been assigned a CIDR of 10.0.0.0/16.

All resources launched in a VPC (eg EC2 instances, RDS databases, Elastic Network Interfaces) are assigned an IP address within that CIDR range.

Within AWS, a public subnet is one that has a Route Table entry that directs traffic destined for 0.0.0.0/0 to an Internet Gateway. This gives the resources on that VPC the ability to communicate with the Internet. The resources will need to be assigned a Public IP address to be able to communicate with the Internet.

A private subnet is defined as a subnet that does not have a Route Table entry that directs traffic to an Internet Gateway. There is no capability for resources in a private subnet to communicate directly with the Internet, and vice versa.

As shown in your diagram, 10.0.0.0/24 is considered public due to its Route Table entry that points to the Internet Gateway.

The concept of "public/private subnets" is separate to the concept of "public/private IP address ranges".

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
1

The terminology used by AWS here has nothing to do with IANA or the RFC 2918 up ranges. AWS uses public subnets to define a subnet within the VPC that can be exposed to requests from the internet, like a webserver front end.

The private subnet is more isolated from the internet, it can only receive requests from other hosts on the vpc. This reduces the attack surface of hosts that are not meant to accept requests from the internet directly such as with application backends.

You can read a little more here on the AWS public docs

Patrick W
  • 4,603
  • 1
  • 12
  • 26