There is always been a confusion on public vs private subnets, what is the difference between them and when to use them. Before we get to know about this, lets just define/understand what a subnet actually means.
Everyone must have heard about network. A network is a range of Ip addresses within it. For a modular network architecture we sub-group the Ip’s within them and form small sub-networks called subnets.
Cookie cutter right!!!
Public Subnet
The servers within this sub network will have access to the internet (external Ip’s).
Private Subnet
The servers within this sub network will not have access to the internet (external Ip’s). For them to access the internet, they have to go through NAT gateway.
NAT – Network address translation resides in public subnet. So, whenever the servers in the private network tries to access internet, they go through the NAT which is in the public subnet. As the name suggests, NAT masks the Ip of the servers in the private subnet when it hits the internet.
When to use What?
Now that we understood what a public and private subnet offer us with, it’s time we know when to use what. In the best case scenario, all your servers which run the application code and the database servers should be in the private subnet. Load Balancers, NAT servers should be in the private subnet.
Take away
No one can determine which subnet to use. It’s solely on the use case. One thing to remember here is that, try using the private subnet as much as you can and of-course, you can’t avoid public subnet, but limit it’s usage.