I'm setting up my first VPC with AWS VPC wizard and i'm having some troubles understand what type of instances should I put in a public subnet, and what type of instances in a private subnet.
It does make sense to me to put all the RDS instances in private, but assuming I have an EC2 instance (holding WordPress site for example), should I put it in a private subnet? or maybe it should be private, have a load balancer in front of it in the public subnet, and incase it needs S3 content he should call the NAT?
What's the best practices, or decisions making pros and cons for deciding this ?
Best Answer
From the Amazon VPC documentation:
Based on the above, you will need to create both private and public subnets - I would typically create one private and one public per Availability Zone.
You'll also need to create and configure a NAT instance and assign this as an internet gateway for your VPC.
Your ELB instances will need to be connected to your public subnets, and should be able to balance connections to instances in private subnets.
Your EC2 instances (in your example, WordPress) will be launched in one of your private subnets. Note that should should ideally have more than one instance in each AZ that your ELBs are configured for.
If you only plan to have one server on the ELB, or launch all of your EC2 instances within the same AZ, you will only need to configure your ELB for the public subnet within that AZ.