Question 1

What's the difference between a private subnet and a public subnet?

Accepted Answer

A public subnet is designed so resources can be reached from the internet (typically by having a route to an Internet Gateway and using public IPs). A private subnet is designed so resources are not directly reachable from the internet (no direct inbound path). Private subnets can still reach the internet for updates or external APIs, but usually only through controlled egress like NAT, a firewall, or a proxy.

Question 2

When should I use a private subnet?

Accepted Answer

Use a private subnet for resources that should not accept direct inbound internet traffic, such as databases, internal APIs, message brokers, caches, and application servers that only need to be reached by other services inside your network. A common pattern is: load balancer and web tier in public subnets; app tier and database tier in private subnets.

Question 3

How much does a private subnet cost?

Accepted Answer

The subnet itself typically has no direct hourly cost in most clouds. Costs usually come from the components you add to make private subnets usable: NAT gateways/NAT services (hourly + data processing), firewalls (hourly + throughput), load balancers, VPN/Direct Connect/ExpressRoute/Interconnect, and data transfer charges. The biggest cost driver is often outbound internet traffic through NAT or firewall appliances.

Private Subnet

Definition

Real-World Example

Related Terms

Cloud Provider Equivalencies

Explore More Cloud Computing Terms