AWS subnet

A subnet is an address space that further divides the VPC. A subnet is always created in one AZ, and it is not possible to create a subnet that spans multiple AZs.


VPC default security group
The VPC automatically uses the default security group. If you do not specify another security group when launching an instance, each EC2 instance launced in VPC is automatically associated with the security group named “launch-wizard-xx”. For example, the security group name of the first EC2 instance to launch is “launch-wizard-1”.

Protocol: all
Port: all
Range: Allow all outgoing IPv4 traffic

AWS direct connect

AWS direct connect is a cloud service solution that simplifies building a dedicated network connection from premises to AWS. You can use AWS Direct Connect to establish a private connection between AWS and your data center, office, or colocation environment. This often reduced the cost of the network, improved bandwidth throughput, and provided customers with a more consistent network experience than Internet-based connections.

AWS direct connect allows you to establish a dedicated network connection between your network and one of the AWS Direct Connect locations. You can divide this delicated connection into multiple virtual interfaces using the industry standard 802.1q VLAN. In this way, public resources can be accessed using the same connection, using public IP address space, and private resources (for example, within Amazon Virtual Private Cloud).The Amazon EC2 instance running on can be accessed using private IP space, so you can separate the network between public and private environment. Virtual interfaces can be configured at any time as your needs change.

VPC NAT gateway

You can use Network Address Translation(NAT) gateways to allow instances from your private subnet to connect to the Internet and other AWS services, but not from the Internet to initiate connections with these instances.

It is “public subnet” that is set so that (communication to the default gateway) flows to the internet gateway in Route tables is “private subnet”.

Since flows to igw-xxxxxx (Internet gateway), subnet for which this route table is set is a public subnet.