An AWS subnet is a set of IP addresses, routing rules, and network access control lists (ACLs) that can be applied to a collection of virtual machines.  The subnet groups the virtual machines together and controls their access to anything outside of the group.

Notably, an AWS subnet lives in a single availability zone (AZ).  Therefore in all of our VPCs there will be two or more subnets for each purpose, each in a different AZ.

In the standard OptimalBI pattern we have:

  1. Public subnet (with the bastion and ELBs)
  2. Private apps subnet (with most EC2)
  3. Public apps subnet (where applications that demand a lot of internet access go until we figure out how to put them in private apps)
  4. Private DB subnet (with RDS and Redshift)