Simple way of determining subnet type for ec2 instance

1 minute read

Amazon AWS has awesome service VPC which allows you to create virtual networks with complex configurations. VPC is a crucial part of your cloud infrastructure and what is more important most of configurations are hard to change. That’s why it is essential to prepare it right from the beginning and the reason why I decided to prepare this diagram.

Here’s the simple way of determining what kind of subnet you need for your instance. Final step is a subnet type that should be used. More information below.

aws-vpc-subnetting

Additional notes:

  • Keep It Simple - create additional network only when it’s REALLY required, otherwise use security groups and NACL rules to isolate traffic
  • All subnet types should be provisioned in all availability zones to enable high availability, diagram shows only types that should be create in all AZs
  • By default you should choose to put your instances in private network
  • Use public only when it’s really necessary - xLB (Classic or Application load balancers) provides you more security features and flexibility including SSL traffic termination with auto-renewd certificates
  • Use NAT gateways for private subnets with internet access, as they are services more reliable than your own provisioned NAT instances

Don’t struggle no more - keep it simple and secure. Remember - less is more :-)

I’ve put this diagram to this github project so you can contribute if you’d like.

Categories:

Updated:

Leave a Comment