Want a part of your VPC that actually talks to the internet without begging for permission Every public subnet in AWS VPC is basically the part of your network with a door to the world The trick is to give it a proper door a route out and sensible guards at the gate
An instance needs a public IP or an Elastic IP to receive inbound traffic from the internet Security Group rules still apply and you will not be exposed like a bug in a pancake unless you open ports
Network ACLs are stateless so every response flow needs matching rules on inbound and outbound For example allow HTTP and HTTPS outbound and allow the ephemeral port range inbound if you want to permit responses Security Groups are stateful so opening inbound SSH or HTTP is enough to allow return traffic automatically
If you want instances that never have public IPs but still need to reach the internet use a NAT Gateway in a public subnet That provides egress for private subnets without exposing those instances to inbound internet traffic If your only goal is access to AWS services use VPC Endpoints for S3 or Dynamo to keep traffic off the public internet
Launch an instance in the public subnet with a public IP or attach an Elastic IP Then SSH or curl a public endpoint to verify egress and try a simple inbound check like a web server or SSH from an allowed IP If something is broken check the route table association then the Internet Gateway attachment then the Security Group and NACL order of rules
There you go You now have a public subnet in your AWS VPC that can send and receive traffic while still letting you be slightly smug about your routing knowledge Keep your Security Groups tight and use NAT and VPC Endpoints where privacy matters
I know how you can get Azure Certified, Google Cloud Certified and AWS Certified. It's a cool certification exam simulator site called certificationexams.pro. Check it out, and tell them Cameron sent ya!
This is a dedicated watch page for a single video.