Professional Documents
Culture Documents
AWS Create Private Subnets and NAT Gateway
AWS Create Private Subnets and NAT Gateway
AWS Create Private Subnets and NAT Gateway
private subnet and some in public and since you have already deployed some resources in
the default public subnet you wish make the subnet private without reinstalling any of those
services. Please correct me if my understanding is incorrect. With regards to your
requirement, let me first confirm the definition of a public and private subnet. A subnet is
considered a public subnet if, and only if, it has a default route to the IGW. If there is a
default route pointing anywhere else the subnet is then considered private. The reasoning
behind this definition is that the public IPs of the instances, even if using EIPs, reside on the
IGW where the inbound NAT translation happens. Without a return route to the IGW any
internet initiated traffic cannot return to the original sender with the relevant identifiable
IP/Port information and so connectivity using the instances’ public IP is no longer possible.
It’s important to take note however, that packets that are sent to the public IP of an instance
in a private subnet will still reach the instance, but as the return traffic will not go to the IGW
the connection attempt will always timeout from the perspective of the initiator. More on this
below under section 2c. Hence you have two option to achieve this task.
1.Deploy a new subnets in the same VPC and make it private and then deploy new services.
This is straight forward and involves overlapping steps on the second case.