什么使子网成为 AWS VPC 中的私有子网?
What makes a subnet into a private subnet in AWS VPC?
我想要两个 public 和两个私有子网。在 Cloudformation 中或一般情况下,它们之间的区别是什么?
见https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html
If a subnet's traffic is routed to an internet gateway, the subnet is known as a public subnet
If a subnet doesn't have a route to the internet gateway, the subnet is known as a private subnet
但是您仍然可以从私有子网建立到互联网的连接 - https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html
The instances in the public subnet can send outbound traffic directly to the Internet, whereas the instances in the private subnet can't. Instead, the instances in the private subnet can access the Internet by using a network address translation (NAT) gateway that resides in the public subnet.
所以在 CloudFormation 中,区别在于给定子网的路由 table 的 routes - https://docs.aws.amazon.com/codebuild/latest/userguide/cloudformation-vpc-template.html
InternetGateway 被设置为 DefaultPublicRoute 的 DestinationCidrBlock: 0.0.0.0/0 的目的地,DefaultPublicRoute 是 PublicRouteTable 的一部分,通过 PublicSubnet1RouteTableAssociation.
NatGateway1 被设置为 DefaultPrivateRoute1 的 DestinationCidrBlock: 0.0.0.0/0 的目的地,DefaultPrivateRoute1 是 PrivateRouteTable 的一部分,通过 PrivateSubnet1RouteTableAssociation.
我想要两个 public 和两个私有子网。在 Cloudformation 中或一般情况下,它们之间的区别是什么?
见https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html
If a subnet's traffic is routed to an internet gateway, the subnet is known as a public subnet
If a subnet doesn't have a route to the internet gateway, the subnet is known as a private subnet
但是您仍然可以从私有子网建立到互联网的连接 - https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html
The instances in the public subnet can send outbound traffic directly to the Internet, whereas the instances in the private subnet can't. Instead, the instances in the private subnet can access the Internet by using a network address translation (NAT) gateway that resides in the public subnet.
所以在 CloudFormation 中,区别在于给定子网的路由 table 的 routes - https://docs.aws.amazon.com/codebuild/latest/userguide/cloudformation-vpc-template.html
InternetGateway 被设置为 DefaultPublicRoute 的 DestinationCidrBlock: 0.0.0.0/0 的目的地,DefaultPublicRoute 是 PublicRouteTable 的一部分,通过 PublicSubnet1RouteTableAssociation.
NatGateway1 被设置为 DefaultPrivateRoute1 的 DestinationCidrBlock: 0.0.0.0/0 的目的地,DefaultPrivateRoute1 是 PrivateRouteTable 的一部分,通过 PrivateSubnet1RouteTableAssociation.