Previously we introduced the VPC as your private neighborhood in the cloud. Now let's look at the essential components you need to make it functional: Route Tables and Internet Gateways.

These components control how traffic flows in, out, and around your VPC.

Engagement Message

Can you think of a real-world analogy for how traffic control works in a neighborhood?

First, let's talk about making subnets public or private. A public subnet is one whose traffic is routed to an Internet Gateway, allowing resources within it to access the internet. This is where you would place things like web servers.

Engagement Message

What kind of resource needs to be accessible from the public internet?

A private subnet, on the other hand, does not have a route to the internet. Resources in a private subnet, like a database server, are isolated from the outside world. They can still communicate with other resources in the same VPC, but not with the public internet.

Engagement Message

Why is it a good security practice to keep databases in a private subnet?

So how is traffic directed? Every subnet is associated with a Route Table. A route table is like a GPS for your network traffic. It contains a set of rules, called routes, that determine where network traffic from your subnet is directed.

Engagement Message

What do you think happens if a route table has an incorrect rule?

For a subnet to be public, its route table must have a route pointing to an Internet Gateway. An Internet Gateway is a scalable, redundant, and highly available VPC component that allows communication between your VPC and the internet.

Think of it as the single, secure front gate for your entire private neighborhood.

Engagement Message