How AWS VPC Works Introduction. I'll provide a basic introduction to the mysterious VPC world. I'll explain terms using various diagrams. We'll also build a simple VPC network out manually to help understand VPCs. Answers to questions (close your eyes and watch the video first if you don't want to know the answers yet): Why should we create route tables vs using the main route table? A: Every time you create new subnet it uses your "main" route table. So if added a IGW route to the main route table in an effort to allow traffic out. This violates a security best practice which is that newly created subnets by default should be private. Is the NAT gateway is associated with the public subnet or private subnet? A: The NAT gateway should be on the public subnet so it has access to the internet to do its thing. If it's on the private subnet it won't work. What makes a subnet public? A: You simply associate the subnet with a (public) route table that has an IGW route. What network component is a security group associated with? A: The only network component that a security group is associated with is the entire VPC. Security groups are not associated with any other network components. They are associated with other types of AWS resources like EC2 instances, ELBs, RDS DBs, etc. Google Slides: https://docs.google.com/presentation/d/1GsCSmBdk14FmxIuEihlXGNjPIDFZo5w5H_Pgt_QGNgY/edit#slide=id.g26831c255f_0_0 LinkedIn: https://linkedin.com/in/tongueroo Twitter: https://twitter.com/tongueroo Need DevOps help or support? https://boltops.com