DTT

How to create a VPC with Public and Private Subnets

Published: December 1, 2025 (Updated: Dec 1, 2025)

Enjoying this content? Subscribe to the Channel!

Master AWS VPC: Quick Guide to Public/Private Subnets and NAT Gateway

Hi there! This is Darren from Darren’s Tech Tutorials.

When building robust, secure infrastructure on Amazon Web Services (AWS), the Virtual Private Cloud (VPC) is your foundation. But simply having a VPC isn’t enough—you need the right network topology to separate your public-facing resources from your sensitive backend systems.

In this quick, practical tutorial, we’re going to walk through the exact steps to create an AWS VPC featuring both Public and Private Subnets, along with a crucial NAT Gateway to give your private instances secure, outbound access to the internet. We’ll leverage the simple VPC Wizard to make this process lightning fast!

Let’s dive into AWS and get started!

Step 1: Allocating an Essential Elastic IP

Before we even launch the VPC Wizard, we need an Elastic IP address. This static IP is required for the NAT Gateway, which allows instances in your Private Subnets to reach the internet (for updates, package downloads, etc.) without exposing them to incoming traffic.

  1. Navigate to VPC: Click on Services and scroll down to find and select VPC.
  2. Access Elastic IPs: In the left-hand navigation pane, scroll down and click on Elastic IPs.
  3. Allocate New Address: Click Allocate a new address.
  4. Confirm the standard settings and click Allocate.

You now have a globally unique, static IP address ready to attach to our new NAT Gateway. Click Close and head back to the VPC Dashboard.

Step 2: Launching the VPC Wizard

AWS provides an excellent wizard for common VPC setups, which saves us the hassle of manually configuring routing tables and internet gateways.

  1. From the VPC Dashboard, click the Launch VPC Wizard button.
  2. Select the VPC Configuration: You will see several options. We need the one that allows both public and private access: VPC with Public and Private Subnets.
  3. Click Select.

Step 3: Configuring Subnets and the NAT Gateway

The wizard now presents you with the configuration screen. While you can customize the CIDR blocks (the IP ranges) for your VPC and subnets, we are going to use the defaults for this tutorial, as they work perfectly well for most initial setups.

  1. Name Your VPC: Provide a descriptive name so you can easily identify it later. We’ll name ours, “Darren’s VPC.”
  2. Review Subnet Ranges: Review the default CIDR ranges for the Public and Private Subnets. (If you are following best practices, these ranges should suit your needs).
  3. Crucial Step: Select the Elastic IP: Scroll down to the Elastic IP Allocation ID section. This is where we link the Elastic IP we created in Step 1 to the new NAT Gateway.
    • Use the dropdown menu and select the Elastic IP address you allocated previously.
  4. Initiate Creation: Once all details are filled out (especially the Elastic IP), click Create VPC.

Step 4: Finalizing the VPC Creation and Verification

The VPC creation process will now begin.

Be patient! Creating the NAT Gateway takes a few minutes, as AWS has to provision and attach all the necessary routing tables and resources to make the private access function correctly.

  1. Wait for Completion: The screen will show the status as it creates the Internet Gateway (IGW), the subnets, and the NAT Gateway.
  2. Success Confirmation: Once complete, you should see a message confirming that your VPC has been successfully created. Click OK.
  3. Verify Subnets: Head back to the left navigation panel and click Subnets. You should now see your new Private Subnet and Public Subnet listed under “Darren’s VPC.”

That’s it! You have successfully deployed a secure, production-ready foundation for your AWS applications.

What’s Next? Launching Your Instances!

With your new network topology in place, you are ready to launch EC2 instances:

  • Public Subnet: Perfect for web servers, load balancers, or jump boxes that need to be directly accessible from the internet.
  • Private Subnet: Ideal for databases, application servers, or caching layers that need to fetch updates from the internet but should never be accessible from the public web.

If you have any questions or run into trouble, please drop a comment below. If I can help, I certainly will!

⚠️ A Word of Warning on Cleanup!

If you were following along with this tutorial purely for practice, please ensure you tear down all resources, especially the NAT Gateway! NAT Gateways incur hourly charges, and if you leave it running, you will be charged, even if you are not running any other instances. You can delete the NAT Gateway in the NAT Gateways section of the VPC console before deleting the VPC itself.

Thanks for watching, and remember to like and subscribe for more friendly, practical tech guides!